Users getting a timeout error after succesfully visiting site

  • Resolved outofnowhere

    (@outofnowhere)


    3 years, 1 month ago

    Actually, this is happening to all the sites on my host server, I believe.

    I have had multiple site admins tell me they were working on the site and either a) in the middle of it, they couldn’t see the site and got a timeout error, or b) the worked on their site, stepped away for a few hours or days and when they went back they got the timeout error. I’m am not sure if this is happening to only site admins or people visiting the sites. I have had one report of it happening to a site visitor.

    It’s been happening for weeks and I was thinking it was a problem with my server’s security settings. Now I’m wondering if it could be anything related to Wordfence.

    Today, I replicated the issue and found this when I did a search for the IP in ConfigServer Security & Firewall
    csf.deny: 71.131.69.84 # blocked due to wordpress attack – Mon Oct 25 19:40:09 2021

    I’ve not been able to find that notation (# blocked due to wordpress attack) anywhere online related to any server software or plugin.

    What is weird is in the regular logs for ConfigServer Security & Firewall (and even in Modsecurity) there is no record of this IP being blocked. It only shows up with I look up the specific IP.

    I’ve had my server admins look for what is writing this entry into the log, but they have come up blank. I need to rule out Wordfence.

    Does wordfence write ANYTHING to the host server that would cause a block at the server level?

    I found an old thread here I thought might be related but it was closed for comments.
    https://www.ads-software.com/support/topic/wordfence-causing-sites-to-throw-504-errors/

    I followed the instructions in the very last post. I created the test.php. It returned this:
    bool(false)

    Can you see how desperate I am? I’m following instructions on a post older than two years.

    Thanks for your help.
    Mary Beth

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @outofnowhere,

    Wordfence is an endpoint firewall so runs when a request is made on the front-end of your website, but does require communication from your web server to our servers and back for updates etc. The IP mentioned in your log message hasn’t appeared on our blocklists and isn’t one of the IPs we use to communicate with your site.

    You can check whether Wordfence ever picked this IP up itself by looking at your Wordfence > Live Traffic page. There you can select “Show Advanced Filters” and select IP = 71.131.69.84 across the 3 input boxes.

    To see if your site has been blocking itself and causing the timeout errors, look up your public facing IP address at: https://www.whatsmyip.org/ and visit Wordfence > Dashboard > Global Options > General Wordfence Options > How does Wordfence get IPs. If your current IP doesn’t match what the site is reporting, cycle through the options until the values match your public IP address. Make sure to click SAVE CHANGES if you alter this.

    One final check could be to see if any communication checks are failing rather than “OK” on the Wordfence > Tools > Diagnostics page under “Connectivity”. Something failing here could still point to a server-level communication issue but would help us diagnose it.

    However if your site is detecting IPs properly and Wordfence didn’t pick up the IP from your logs, then the block you saw and possible timeouts may be due to the other firewall(s) at server level which would probably be best tackled by reaching out to the ConfigServer or your hosting support channels.

    Let me know what you find out!

    Peter.

    Thread Starter outofnowhere

    (@outofnowhere)

    Hi Peter,

    Thank you so much for taking the time to respond so thoroughly.

    As it turns out, I had asked my server admins to write a script to block attacks on xmlrpc, in which an IP would be blocked after so many requests within a certain time period. Unfortunately, they wrote the script to include requests for wp-login (no problem) AND admin-ajax. When a website admin worked on a site, they quickly met the criteria for an IP-block based on the number of requests to admin-ajax, and their IPs were blocked from accessing the site and host server.

    Although I didn’t believe Wordfence could have been the problem, I just had to rule it out.

    Your response was not wasted, however. Although the problem has been resolved, I still followed the instructions on ALL of your instructions and I learned much more about Wordfence that will be very helpful in the future.

    With gratitude, Mary Beth

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Users getting a timeout error after succesfully visiting site’ is closed to new replies.