[$25 reward] Cpanel account - HTTP 500 Error almost every day - why?

AlyssaD

http://www.logaholic.com/manual/references/locating-log-files-for-hosting-control-panel-users/

Falzo

@AlyssaD said:
http://www.logaholic.com/manual/references/locating-log-files-for-hosting-control-panel-users/

+$25 ;-)

mikho

Compare file/folder structure of the old and old-old theme.

Did you rename the old-old theme so you can run it at the same time?

If you do a db restore, do both versions of the theme work?

imok

This thread is driving me crazy. Why? @myhken, WHY?

@DewlanceVPS said:

One and only one issue cause 500 error - Lack of memory or process is killed by Firewall (CSF)

let's agree that this was the biggest BS statement in this thread anyway.

I agree.

@Falzo said:

myhken said: When the site gets the 500 HTTP error, you can't even access wp-admin. When I then rename the theme folders, I can access the wp-admin page, so I can change the theme to another.

this is quite weird, because the admin-area shouldn't rely on the foreign theme folders at all.

Theme folders have a lot to do with wp-admin BTW.

Falzo

imok said: Theme folders have a lot to do with wp-admin BTW.

but why? I always assumed they should not be needed for the admin-area in any way :-)

robohost

Look at header.php first and other files is there any encoded script, usually outdated theme get injected and used to send spam

deank

Search for let.php. You've been hacked by us.

myhken

@mikho said:
Compare file/folder structure of the old and old-old theme.

Did you rename the old-old theme so you can run it at the same time?

If you do a db restore, do both versions of the theme work?

The thing is the theme the site was using (with the issue) is actually three folders under the Wordpress Theme folder. It's News, then News-Pro, then Genesis.
They are showed in WordPress like News Child Theme - News Pro and Genesis.
It's the News Child Theme that actually is the theme for the site.

If I rename the News and News-pro folder they disappear from the WordPress Theme selector. Just the Genesis theme is left.

So can't run them at the same time. But I have now uploaded three .zip files to the Theme folder. One with the three theme folders from 2016, on with the folder from Friday (when they still work) and one with the files after the 500 HTTP error.

If I replace the folders with the first two .zip files the site is working perfectly. If i replace them with the last .zip file I get the 500 Http error.

SO I have not tried a DB restore, since the files/folders works perfectly with the files from 2016, and the files from Friday, but not with the files from yesterday.
And there has been none updates at all on wordpress/themes/plugins from Friday to yesterday.

imok

@Falzo said:

imok said: Theme folders have a lot to do with wp-admin BTW.

but why? I always assumed they should not be needed for the admin-area in any way :-)

A theme could throw a 500 error, and it will have effect in wp-admin if it's attached to a hook (filter or action) called from there. It's the same for plugins.

myhken

Hmm...did some more testing with just one and one folder with the three theme folders the site is using (without the default WP themes) and I have now pinpointed the issue to the Genesis folder/theme/framework.

When I'm using the files from after the site got the latest 500 HTTP error, I can use both the News and News-pro folder without any issues, but when I replace the Genesis folder, the site gets the 500 HTTP error right away.

imok

myhken

Looked at some of the logs, and I can see lots of theese in the error log:
[23-Mar-2018 03:32:22 UTC] PHP Fatal error: Call to undefined function add_action() in /home/sitexyz/public_html/wp-content/themes/genesis/lib/classes/sanitization.php on line 336 [23-Mar-2018 03:34:19 UTC] PHP Fatal error: Call to undefined function add_action() in /home/sitexyz/public_html/wp-content/themes/genesis/lib/classes/sanitization.php on line 336 [23-Mar-2018 07:03:30 UTC] PHP Fatal error: Call to undefined function add_action() in /home/sitexyz/public_html/wp-content/themes/genesis/lib/classes/sanitization.php on line 336

sitexyz = I have replaced the actually site.

Edit:
And here is more around the time the site stopped working at the night today:

[25-Mar-2018 02:15:44 UTC] PHP Fatal error: Call to undefined function genesis_site_layout() in /home/sitexyz/public_html/wp-content/themes/genesis/lib/structure /layout.php on line 27 [25-Mar-2018 02:16:41 UTC] PHP Warning: require_once(/home/sitexyz/public_html/wp- content/themes/genesis/lib/init.php): failed to open stream: No such file or directory in /home/sitexyz/public_html/wp-content/themes/news/functions.php on line 8 [25-Mar-2018 02:16:41 UTC] PHP Fatal error: require_once(): Failed opening required '/home /sitexyz/public_html/wp-content/themes/genesis/lib/init.php' (include_path='.:/usr/lib/php: /usr/local/lib/php') in /home/sitexyz/public_html/wp-content/themes/news/functions.php on line 8 [25-Mar-2018 02:47:35 UTC] PHP Warning: Division by zero in /home/sitexyz/public_html /wp-content/plugins/clicky/frontend/class-clicky-visitor-graph.php on line 249

imok

Now you can try solving the problem with the first Google result

It looks like paid software. You can try contacting support.

Also you can try updating the theme and Wordpress, if they are not in the latest version. Some files are missing, you have been hacked probably.

myhken

@imok said:
Now you can try solving the problem with the first Google result

Don't think I want to do anything to the code - suddenly it's our responsibly if anything else goes wrong, now or for all future. The customer has to hire a webdesigner to fix this issue.
I have done too much already. Like all the time I have spent today, is time I can't charge the customer for, it was just fun to find out more about this issue.

This customer has no other service with us, so we are making around €100/year on this customer at the max. Of course, for the work I have done the last two weeks in worktime, I have charged €120 per hour. (for backup restore, and all the other work).

I'm sure we could have most likely fixed the issue with help from you guys, but like I said, we do not want the responsible for this site. They never upgrade their wordpress installation and/or themes and plugins. And it will create a situation there the customer demands that we fix their site next time they have issues. Hope you can understand that.
Our business is not web hosting, but we are offering webhosting for our customers that has lots of other services with us.

Thank you for all the help as usually, and @Coffee will get his/hers money within the day.

AlyssaD

https://www.google.com/search?q=Call+to+undefined+function+add_action()

https://stackoverflow.com/questions/47993237/call-to-undefined-function-add-action-wp-head

https://stackoverflow.com/questions/3947979/fatal-error-call-to-undefined-function-add-action

myhken

imok said: Also you can try updating the theme and Wordpress, if they are not in the latest version.

Like I have told people over and over in this thread - there is no new update on the themes the site is using since January 2016.

Wordpress + the rest of the default themes + all plugins is updated to the latest update. It was one of the first thing I did.

AlyssaD

@myhken said:

imok said: Also you can try updating the theme and Wordpress, if they are not in the latest version.

Like I have told people over and over in this thread - there is no new update on the themes the site is using since January 2016.

Wordpress + the rest of the default themes + all plugins is updated to the latest update. It was one of the first thing I did.

Pst, then reference the error log and call it good!

Hello, 

We have taken some time to diagnose your issue with your site.xyz. We have come to determine via the error logs that your wordpress install is having issues. These issues are not related to our hosting service, or servers.  These are some of the error codes we have found:

 -- insert error codes --



We suggest that you either contact your developer, or address the issue yourself. Otherwise, we can provide you assistance for -- insert hourly rate here, and min time --.

We hope you have a lovely day, and thank you for using ourLaidBackHosting.


-- Jennifer, not the female tech you see featured on our website.

imok

If you had took a look at the logs since the beginning, you would had noted that it has nothing to do with the server.

So you are fine.

myhken said: Hope you can understand that.

We weren't demanding anything else than cooperation to help you in what you asked

myhken said: Wordpress + the rest of the default themes + all plugins is updated to the latest update. It was one of the first thing I did.

Just to clarify, if you have been hacked, a Wordpress update won't delete all the injected code so you have to delete and replace the wp directories manually and look for malicious code inside wp-content.

AlyssaD said: -- Jennifer, not the female tech you see featured on our website.

AlyssaD

Man be thinking: "Now that is a fine boot.... I wonder if she wants my ... hard drive."

.... If only it weren't so floppy. <--- Reality

imok

They deleted the image from their whole media.

Still weird

https://twitter.com/time4vps/status/951388731109408768

I feel like @wss, derailing threads.

Janevski

@myhken said:

>

...
I'm sure we could have most likely fixed the issue with help from you guys, but like I said, we do not want the responsible for this site.
...

>

Thank you for all the help as usually, and @Coffee will get his/hers money within the day.

Okay, from now on LET is responsible for this site.

You should get a box of cookies and give a cookie to every one in this thread.

deank

I refuse the cookie.

quick

Did you check the logs?

jetchirag

imok said: If you had took a look at the logs since the beginning, you would had noted that it has nothing to do with the server.

@myhken said:

imok said: Also you can try updating the theme and Wordpress, if they are not in the latest version.

Like I have told people over and over in this thread - there is no new update on the themes the site is using since January 2016.

Wordpress + the rest of the default themes + all plugins is updated to the latest update. It was one of the first thing I did.

You've mentioned that developer of this theme hasn't updated it since sometime. But your theme is not a full theme itself but child theme and dependent on genesis. So, If genesis is updated and some functions are depreciated, it may also cause errors. However, this is a very common problem and could've been solved by simply looking at logs and finding cause

nabin

I think there might be some backdoor on the website. You need to analyze the codes too.

Mitsuhashi

@Shazan said:
I really can't understand why you don't want to take a look at the logs

Because then he'd only be able to charge for 5 minutes instead of 500. Duh.

kkrajk

restore site to working condition

disable cron

disable auto updates

change all version files on genesis and other resp themes to a far future version

be done with it..

patriciamarsh

Can you kindly copy and paste the error logs which you have received against 500 Internal Server error, so that we can provide you solution for your issue, because without checking server error logs, its really very difficult to provide you solution.

someshzade

Check resources uses...

XuHi

@myhken said:

imok said: Also you can try updating the theme and Wordpress, if they are not in the latest version.

Like I have told people over and over in this thread - there is no new update on the themes the site is using since January 2016.

Wordpress + the rest of the default themes + all plugins is updated to the latest update. It was one of the first thing I did.

If the Genesis hasnt been updated since January 2016 I would scan the site with ClamAV or something similar:

https://www.pluginvulnerabilities.com/2016/09/22/arbitrary-file-upload-vulnerability-in-genesis-simple-defaults/

Scan for base64:

find /home/CPANEL_USERNAME/ -name "*.php" -exec grep "base64" '{}' \; -print &> b64-detections.txt

cat b64-detections.txt

Scan for eval:

find /home/CPANEL_USERNAME/ -name "*.php" -exec grep "eval" '{}' \; -print &> eval-detections.txt

cat eval-detections.txt

Decode the files that return back (if any) analyse the content to see what they are doing.

Most of the time you get detections they will either be spam scripts of shells which you can load via there path in the browser as confirmation.

If they are shells or spam scripts you need to find out how they got there.

Use tools like Wordfence which checks vulnerability DB's for Wordpress plugins and themes.

Manually create a list of all the plugins and themes (with versions) and search google for vulnerabilities.

A good site is: https://wpvulndb.com/

What people forget is that even if a plugin / theme may appear to be up to date there may be active vulnerabilities and the developer may have stopped their work.