plasmarobotics2403

Forum Replies Created

Viewing 15 replies - 1 through 15 (of 17 total)

  • 1.2.17 is available now so give that a try.

    I do not see it when I search the plugin list but my site just updated to 1.2.17 so it must be there.

    Thanks @iqpascal !

    Pascal committed some changes about 3 hours ago so he is clearly working on it. I suspect he had to take some extra time to test the changes with the newly release WP 6.0.

    Thread Starter plasmarobotics2403

    (@plasmarobotics2403)

    My hoster reports that my server is running PHP 5.3 with the following extension modules installed:

    Archive_Tar 1.1 stable
    Auth 1.2.3 stable
    Auth_HTTP 2.1.6 stable
    Auth_PrefManager 1.1.4 stable
    Auth_SASL 1.0.1 stable
    Benchmark 1.2.2 stable
    Cache 1.5.4 stable
    Cache_Lite 1.4.1 stable
    Config 1.10.4 stable
    Console_Getopt 1.2 stable
    Console_Table 1.0.1 stable
    Contact_Vcard_Build 1.1.1 stable
    Contact_Vcard_Parse 1.31.0 stable
    Crypt_CBC 0.4 stable
    Crypt_CHAP 1.0.0 stable
    Crypt_RC4 1.0.2 stable
    Crypt_Xtea 1.0 stable
    DB 1.7.6 stable
    DBA 1.1 stable
    DB_DataObject 1.7.13 stable
    DB_NestedSet 1.2.4 stable
    DB_Pager 0.7 stable
    DB_QueryTool 1.0.0 stable
    DB_ldap 1.1.0 stable
    Date 1.4.3 stable
    FSM 1.2.2 stable
    File 1.2.0 stable
    File_Find 0.2.0 stable
    File_HtAccess 1.1.0 stable
    File_Passwd 1.1.5 stable
    File_SearchReplace 1.0.1 stable
    HTML_BBCodeParser 1.1 stable
    HTML_CSS 0.2.0 stable
    HTML_Common 1.2.1 stable
    HTML_Crypt 1.2.2 stable
    HTML_Form 1.2.0 stable
    HTML_Javascript 1.1.0 stable
    HTML_Menu 2.1.1 stable
    HTML_Progress 1.2.1 stable
    HTML_QuickForm 3.2.4pl1 stable
    HTML_QuickForm_Controller 1.0.4 stable
    HTML_Select_Common 1.1 stable
    HTML_Table 1.5 stable
    HTML_Template_IT 1.1 stable
    HTML_Template_PHPLIB 1.3.1 stable
    HTML_Template_Sigma 1.1.2 stable
    HTML_Template_Xipe 1.7.6 stable
    HTML_TreeMenu 1.2.0 stable
    HTTP 1.3.6 stable
    HTTP_Request 1.2.4 stable
    HTTP_Upload 0.9.1 stable
    I18N 0.8.6 beta
    Image_Barcode 1.0.4 stable
    Image_Color 1.0.1 stable
    Image_GIS 1.1.1 stable
    Image_GraphViz 1.1.0 stable
    Image_IPTC 1.0.2 stable
    Log 1.8.7 stable
    MDB 1.3.0 stable
    MDB_QueryTool 1.0.0 stable
    MP3_Id 1.1.3 stable
    Mail 1.1.4 stable
    Mail_Mime 1.3.0 stable
    Mail_Queue 1.1.3 stable
    Math_Basex 0.3 stable
    Math_Fibonacci 0.8 stable
    Math_Integer 0.8 stable
    Math_Matrix 0.8.0 stable
    Math_RPN 1.1.1 stable
    Math_Stats 0.8.5 stable
    Math_TrigOp 1.0 stable
    Math_Vector 0.6.2 beta
    Net_CheckIP 1.1 stable
    Net_Curl 0.2 stable
    Net_DNS 0.03 stable
    Net_Dict 1.0.3 stable
    Net_Dig 0.1 stable
    Net_FTP 1.3.1 stable
    Net_Finger 1.0.0 stable
    Net_Geo 1.0 stable
    Net_IPv4 1.2 stable
    Net_Ident 1.1.0 stable
    Net_NNTP 1.0.1 stable
    Net_POP3 1.3.6 stable
    Net_Ping 2.4 stable
    Net_Portscan 1.0.2 stable
    Net_SMTP 1.2.6 stable
    Net_Sieve 1.1.1 stable
    Net_SmartIRC 1.0.0 stable
    Net_Socket 1.0.6 stable
    Net_URL 1.0.14 stable
    Net_UserAgent_Detect 2.0.1 stable
    Net_Whois 1.0 stable
    Numbers_Roman 0.2.0 stable
    PEAR 1.3.5 stable
    PEAR_Info 1.6.0 stable
    PEAR_PackageFileManager 1.5.2 stable
    PHPUnit 1.2.3 stable
    PHP_Compat 1.4.0 stable
    PHP_CompatInfo 1.0.0 stable
    Pager 2.3.2 stable
    Payment_Clieop 0.1.1 stable
    SOAP 0.9.1 beta
    Science_Chemistry 1.1.0 stable
    Services_Weather 1.3.1 stable
    Stream_SHM 1.0.0 stable
    Stream_Var 1.0.0 stable
    Structures_Graph 1.0.1 stable
    System_Command 1.0.1 stable
    TCLink 3.4.0 stable
    Text_Password 1.0 stable
    Text_Statistics 1.0 stable
    Translation 1.2.6pl1 stable
    Tree 0.2.4 beta
    Validate 0.5.0 alpha
    Var_Dump 1.0.2 stable
    XML_Beautifier 1.1 stable
    XML_CSSML 1.1 stable
    XML_HTMLSax 2.1.2 stable
    XML_NITF 1.0.1 stable
    XML_Parser 1.2.6 stable
    XML_RPC 1.2.2 stable
    XML_RSS 0.9.2 stable
    XML_SVG 1.0.0 stable
    XML_Serializer 0.16.0 beta
    XML_Transformer 1.1.0 stable
    XML_Tree 1.1 stable
    XML_Util 1.1.1 stable
    XML_fo2pdf 0.98 stable
    XML_image2svg 0.1 stable

    I do not see Net_IPv6? Is it required?

    Thread Starter plasmarobotics2403

    (@plasmarobotics2403)

    I am willing to give it a try. The latest storm of attempts to break in seems to have died down but there will always be another.

    I am comfortable with MySQL so I will take a first pass on the logs. If I cannot make any sense of it I will ask for help.

    I will contact you via your web site to make arrangements.

    Bruce

    Thread Starter plasmarobotics2403

    (@plasmarobotics2403)

    I checked all of the IPs from October and all of the missed ones are wp-login.php attempts. A couple were GETs but the vast majority were all POSTs.

    Thread Starter plasmarobotics2403

    (@plasmarobotics2403)

    I only block them from the backend. The frontend is unrestricted. I can enable frontend blocks if you think it would help resolve this.

    Thread Starter plasmarobotics2403

    (@plasmarobotics2403)

    I volunteer my site for testing anything you come up since I have a steady stream of unwanted visitors.

    Bruce

    Thread Starter plasmarobotics2403

    (@plasmarobotics2403)

    My apologies for the delay. I was busy dealing with some work related issues and overlooked my note to respond last week.

    I still see the same behavior with 1.1.22. I upgraded and waited a few days to see if there would be any differences in the logs. Again I see several entries in the iThemes / server logs that I do not see in the iQBC log.

    For the first 5 days in October iQBC logged only 3 IPs (1 from Russia and 1 from Sweden that tried twice). I see those same IPs in the other logs plus 12 more IPs from all over Europe that should have been caught / logged. I checked over half with iQBC and it accurately detects the countries (e.g. 91.219.236.222 is Hungary) so its clearly not that they are not being mapped to a country.

    Is there any extra logging I can enable to help understand why not all the rejectable IPs are not getting logged?

    Bruce

    Thread Starter plasmarobotics2403

    (@plasmarobotics2403)

    Duplicate log entries do not concern me. I expect them since I run 2 security plugins. What does concern me is the lack of at least 1 matching entry for any IP that meets the security criteria from each plugin.

    I updated to iThemes 5.0.1 last night and waited all day to analyze the results. Tonight I compared the logs from both plugins. After removing the US IP addresses from the iThemes log here is what I see:

    iThemes:
    2015-09-16 14:41:16 217.66.106.211 Ukraine
    2015-09-16 13:46:39 149.202.42.188 France
    2015-09-16 13:46:20 85.10.210.199 Germany
    2015-09-16 02:37:51 185.100.84.82 Romania

    iQBC:
    2015-09-16 14:41:16 217.66.106.211 Ukraine
    2015-09-16 06:16:56 37.59.100.133 France

    The first IP they both logged. After that iThemes logged 3 IPs that iQBC did not and iQBC logged 1 IP that iThemes did not.

    Checking the server logs I see that iQBC one from France did not attempt to log in. They did GETs on my wp-login.php which is why iThemes did not log them but iQBC did (Yay!). The server logs show the 3 IPs iQBC did not block were all POSTs to my wp-login.php. Checking the IPs on the iQBC Tools tab correctly identifies the country of origin.

    Is there any way to determine why those 3 backend attempts were not logged by iQBC?

    Bruce

    I see a 5.0.1 is available already. It only describes the change as:

    Compatibility Fix: Added support for ITSEC_TEST_MALWARE_SCAN_DISABLE_SSLVERIFY. Setting it to true can bypass “SSL peer certificate or SSH remote key was not OK” errors on servers with bad SSL configurations.

    For now I will not try the patch myself but I may if there is no update for this issue soon.

    Bruce

    Thread Starter plasmarobotics2403

    (@plasmarobotics2403)

    Thanks for the info.

    I have been half watching that thread once I noticed the errors in my log like everyone else. I have not had the cycles to try the interim changes at the bottom and was hoping that the devs would put out an official fix before too long.

    Whats the best way to retitle this thread since its a known issue?

    Thread Starter plasmarobotics2403

    (@plasmarobotics2403)

    From your reply it sounds as if WordPress will call plugins in the reverse order they are activated. iQ Block Country was the last one added and activated. I did as you suggested and deactivated and reactivated it to see if it fixes the “Cannot modify header information” issue. If not then I will try the other option. (We do not use a CDN so we do not have any caching to worry about.)

    In the mean time I am seeing a LOT of blocks in iThemes but only a few in the iQ Block Country log. Is that because if iThemes blocks the access then iQ Block Country does not even get a chance to block it (and visa versa) or should I see log entries from both plugins when someone from a banned country attempts to log in as me?

    Thread Starter plasmarobotics2403

    (@plasmarobotics2403)

    I just thought to check the CGI error log and I find a bunch of errors logged for iQ Block Country around that date:

    20150903T032206: plasmarobotics.org/wp-login.php
    PHP Warning: Cannot modify header information – headers already sent by (output started at /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-login.php:61) in /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-content/plugins/iq-block-country/libs/blockcountry-checks.php on line 268
    PHP Warning: Cannot modify header information – headers already sent by (output started at /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-login.php:61) in /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-content/plugins/iq-b

    20150905T060501: news.plasmarobotics.org/wp-login.php
    PHP Warning: Cannot modify header information – headers already sent by (output started at /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-login.php:61) in /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-content/plugins/iq-block-country/libs/blockcountry-checks.php on line 291
    PHP Warning: Cannot modify header information – headers already sent by (output started at /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-login.php:61) in /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-content/plugins/iq-b
    20150906T034250: plasmarobotics.org/wp-login.php
    PHP Warning: Cannot modify header information – headers already sent by (output started at /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-login.php:61) in /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-content/plugins/iq-block-country/libs/blockcountry-checks.php on line 291
    PHP Warning: Cannot modify header information – headers already sent by (output started at /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-login.php:61) in /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-content/plugins/iq-b

    Thread Starter plasmarobotics2403

    (@plasmarobotics2403)

    Yes, that was when I got the iThemes notification.

    When I check the iQ Block Country log I do not see anything logged for Sep-4. The sorted log shows only the day before and the day after:

    2015-09-03 00:22:06 185.30.27.164 GB /wp-login.php B
    2015-09-05 00:18:56 207.35.85.163 CA /wp-login.php B

    I just checked the CGI error log and it shows a bunch of errors reported for iQ Block Country for those dates. They are all the same:

    20150905T060501: news.plasmarobotics.org/wp-login.php
    PHP Warning: Cannot modify header information – headers already sent by (output started at /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-login.php:61) in /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-content/plugins/iq-block-country/libs/blockcountry-checks.php on line 291
    PHP Warning: Cannot modify header information – headers already sent by (output started at /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-login.php:61) in /hermes/bosnaweb08a/b396/ipg.plasmaroboticsorg/wp-content/plugins/iq-b

Viewing 15 replies - 1 through 15 (of 17 total)