Server crash when plugin is enabled

  • Resolved Metal_13

    (@metal_13)


    1 year, 1 month ago

    Hi, my server keeps freezing when the plugin is on. i keep getting these errors in my plesk log.
    these are the 3 new things in my server before getting this problem. my server keeps getting hacked so i had to add them.
    -added cloudflare (no caching)
    -i have plesk WAF turned on (owasp)
    -and i also have     disable_functions in PHP
    disable_functions: exec, passthru, system, shell_exec, popen, curl_exec, curl_multi_exec, parse_ini_file, show_source, system


    2023-10-19 09:23:48 Error 127.0.0.1 [client 127.0.0.1] ModSecurity: Warning. Pattern match “(?i:(?:[\\”‘](?:\\\\s*?(?:is\\\\s*?(?:[\\\\d.]+\\\\s*?\\\\W.*?[\\"']|\\\\d.+[\\”‘]?\\\\w)|\\\\d\\\\s*?(?:--|#))|(?:\\\\W+[\\\\w+-]+\\\\s*?=\\\\s*?\\\\d\\\\W+|\\\\|?[\\\\w-]{3,}[^\\\\w\\\\s.,]+)[\\"']|[\\\\%&<>^=]+\\\\d\\\\s*?(?:between|like|x?or|and|div|=))|(?i:n?and|x?x?or|div|like|between|not| …” at ARGS:f8d239a5d9d5f8cdf4fb255b0864722ea60dc29feb26eb87d78fbc60c5cdfb63. [file “/etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/REQUEST-942-APPLICATION-ATTACK-SQLI.conf”] [line “877”] [id “942340”] [msg “Detects basic SQL authentication bypass attempts 3/3”] [data “Matched Data: \\x22managed_clearance\\x22:\\x22 found within ARGS:f8d239a5d9d5f8cdf4fb255b0864722ea60dc29feb26eb87d78fbc60c5cdfb63: b3ece70d80c3e4fa1b0c9f1a168d1aa2|{\\x22managed_clearance\\x22:\\x22ni\\x22}”] [severity “CRITICAL”] [ver “OWASP_CRS/3.3.5”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-sqli”] [tag “OWASP_CRS”] [tag “capec/1000/152/248/66”] [tag “PCI/6.5.2”] [tag “paranoia-level/2”] [hostname “*******.org”] [uri “/”] [unique_id “ZTD1pIxi4IPmFIqSoqFYVAAAAAQ”], referer: https://”*******.org/ Apache error

    this second error (upstream error) get spammed a lot, up to 20 within seconds. then server freezes until i disable the plugin.


    2023-10-19 09:23:48 Error 2001:4454:514:2300:c1f:21ce:825f:65ae 251814#0: *148913 upstream timed out (110: Connection timed out) while reading response header from upstream nginx error

    I tried removing disable_functions but still the same.

    sadly i cant disable WAF and cloudflare because my site is still under attack every random hour

    EDIT: i also added “output_buffering = 4096” in PHP Additional configuration directives

    • This topic was modified 1 year, 1 month ago by Metal_13.
    • This topic was modified 1 year, 1 month ago by Metal_13.
    • This topic was modified 1 year, 1 month ago by Metal_13.
    • This topic was modified 1 year, 1 month ago by Metal_13.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Kyle Gilman

    (@kylegilman)

    I use Cloudflare (including caching) on my own sites, and that’s never caused any problems for me. Disabling those PHP functions would completely prevent you from executing FFMPEG, but I’m pretty sure I have error-checking enabled that wouldn’t cause those sorts of errors. The error is generated by mod_security, which is part of Plesk’s WAF. It looks like you’re using the OWASP ruleset, which is restrictive enough that it’s known to disable some parts of WordPress. https://docs.plesk.com/en-US/obsidian/administrator-guide/server-administration/web-application-firewall-modsecurity.73383/

    I’m not sure if I can do anything to prevent OWASP from breaking Videopack, but my first guess would be that an FFMPEG encode command is triggering the error. It could be as simple as just loading the encode queue from the database. If you can clear your encode queue that would be a good first troubleshooting step. Since you can’t activate the plugin, you can delete the kgvid_video_embed_queue field in the wp_options table.

    Thread Starter Metal_13

    (@metal_13)

    Hi, thanks for the response.
    I just tried turning plesk WAF off, cleared disable_functions, and deleted kgvid_video_embed_queue.
    but its still freezing my site. the only thing left is cloudflare, but i dont want to expose my ip to the hacker. do you have any other ideas why this is happening?

    https://ibb.co/PNSJs4C
    https://ibb.co/XCJNvLb

    • This reply was modified 1 year, 1 month ago by Metal_13.
    Thread Starter Metal_13

    (@metal_13)

    FFMPEG was uninstalled and the plugin is still causing the slowdown when enabled.
    can i hire you to fix or at-least check the cause of this problem?

    Plugin Author Kyle Gilman

    (@kylegilman)

    Now that the WGA strike is over, I’m back at work full time so I don’t have a ton of available time and I’m not particularly knowledgeable about server configuration. I wouldn’t expect FFMPEG just existing on the server to have any effect. You might try resetting Videopack settings, either on the settings page or by deleting the kgvid_video_embed_options field in wp_options. It’s also worth verifying that the Videopack code hasn’t been modified in some way. You can uninstall the plugin and re-install it to completely wipe any changes that might be there. That would also delete all Videopack settings from the database.

    Thread Starter Metal_13

    (@metal_13)

    The problem has been fixed, i hired someone. im not sure what he did, all he said was he optimized my server. anyways thank you for your time

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Server crash when plugin is enabled’ is closed to new replies.