Fake site warning down very often

  • Resolved delaitec

    (@delaitec)


    4 years, 6 months ago

    Jetpack is sending numerous emails that my sites are down, but they are not.

    The last one I received now, reports that the site is 1 hour down. but this is not true. the website is accessible.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor James Huff

    (@macmanx)

    When Jetpack Monitor checks your site, we ping your site’s homepage (via a HTTP HEAD request) every five minutes.

    We tentatively mark your site as down if the HTTP response code is 400 or greater, which indicates either a permissions error or a fatal code error is prohibiting your site from appearing to visitors, or we see more than 3 300-series redirects, suggesting a redirect loop, or if your site fails to respond within 20 seconds.

    Once it is tentatively marked down, we then spin up two separate servers in geographically different locations from a third-party vendor to ensure the problem is not isolated to our network or the location of our primary datacenter.

    If all three checks fail, we mark the site as down and notify you. We’ll continue to check the site and once we have agreement it is back online, we’ll send you the all-clear notice.

    Thread Starter delaitec

    (@delaitec)

    Hi James.

    Thanks for the feedback, it helped a lot.

    I contacted my hosting and they informed me that the server’s “mod_security” was blocking Jetpack queries.

    Here is the code he sent me:
    [Wed Aug 19 15:13:48.616655 2020] [:error] [pid 701836:tid 140147265337088] [client 192.254.207.43:53888] [client 192.254.207.43] ModSecurity: Access denied with code 406 (phase 1). RBL lookup of 43.207.254.192.wprbl.websitewelcome.com succeeded at REMOTE_ADDR. [file "/opt/mod_security/hg_rules.conf"] [line "171"] [id "900410"] [msg "Wordpress and Joomla Brute RBL: wprbl.websitewelcome.com"] [hostname "webmail.delai.org"] [uri "/wp-login.php"] [unique_id "Xz1r3Bl3elwEkH@T70HJsgAAAhA"]

    From what I saw the domain “wprbl.websitewelcome.com” belongs to the jetpack.
    Are there any other domains or ips that I belong to so I can whitelist them and avoid this error in the future?

    I saw that some ips that had this name in the domain analysis, and I suspected that it was he who was taking down my site along with others that I didn’t recognize.

    Thread Starter delaitec

    (@delaitec)

    Another question, the person who attended me at hostgator said that the server blocked the jetpack due to the large amount of checks.

    Is it possible to increase the interval from 5 to 10 minutes?

    If there is only one site in a cpanel. I believe that there is no problem, 5 minutes is a reasonable time for a site, but when we have more than one site on the same cpanel using the jetpack this can really seem suspicious to the server, I believe that is what happened to me.

    One possible approach would be to increase the verification time only while the website is online. as soon as the fall is detected, checks to see if it has returned would be done in the normal 5 minute interval.

    Plugin Support KokkieH

    (@kokkieh)

    wprbl.websitewelcome.com has nothing to do with us. From what I can find that URL is associated with ModSecurity itself.

    You can find all the IPs Jetpack currently uses here:

    https://jetpack.com/support/hosting-faq/

    You shouldn’t need to whitelist Jetpack IPs as far as I know, though, so you might want to double check this with Hostgator.

    It is not possible to configure per site how often these checks happen, but if you’re with Hostgator this also shouldn’t be a problem. They host many sites using Jetpack in their servers, so they should be familiar with how Jetpack requests to the server works.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Fake site warning down very often’ is closed to new replies.