Getting 500 error for my site.

I had been working on a test/staging site for mysite.com and made my site live on Saturday. Since then, I have been getting the following errors 500-error.php?warning.500_internal_error.1. The site appears to be coming up on my end, however still getting errors on Sucuri, GTmetrix, http://mysite.com. Sucuri scanned it for malware and said it was clean. Also, when I tried to check it on wpmudev's uptime - it said "Your domain does not appear to be publicly accessible on the internet. We can only monitor the uptime of public web sites" I also got a 500 error on wpmudev's wp check up. I have turned off many unneeded plugins. Thanks, I would appreciate any help you can provide to help me fix my site.

  • Michael

    If you still have access to your Wordpress Admin backend, then go under Settings > Permalink Settings and resave them. This will recreate your Wordpress URLs structure and ensure that's valid.

    If you still have issues, then you might need to backup and recreate the .HTACCESS file on your server. Keep the Wordpress permalink admin page open. Access your server via FTP Client. Rename the .HTACCESS file something else to backup. Then repeat the step above for the permalink, resaving it again. Check if Wordpress has recreated that .HTACCESS file.

  • Christy

    Heloo-

    I followed the steps above and it did not resolve the problem.

    I also emptied my Sucuri Firewall cache and Comet cache to see if that would help and it did not.

    SoCalCycling.com still seems to be online and can see it but I still get the following error messages. Can you help me fix it so I don't get these error messages? thank you!

    In my WPMUDEV Hub it says:

    YOUR WEBSITE IS DOWN
    403 FORBIDDEN
    Unavailable for 12h 3m

    On My Sucuri Monitering it says:

    http://socalcycling.com/404testpage4525d2fdc
    *Site error detected.
    (Definition: 500-error.php?warning.500_internal_error.1)
    http://socalcycling.com/disclaimer/
    *Site error detected.
    (Definition: 500-error.php?warning.500_internal_error.1)
    http://socalcycling.com/newsletter/
    *Site error detected.
    (Definition: 500-error.php?warning.500_internal_error.1)
    http://socalcycling.com/search/
    *Site error detected.
    (Definition: 500-error.php?warning.500_internal_error.1)
    http://socalcycling.com/category/mountain-biking/
    *Site error detected.
    (Definition: 500-error.php?warning.500_internal_error.1)
    http://socalcycling.com/category/rider_diaries/
    *Site error detected.
    (Definition: 500-error.php?warning.500_internal_error.1)
    http://socalcycling.com/category/interviews/
    *Site error detected.
    (Definition: 500-error.php?warning.500_internal_error.1)

  • Huberson

    Hello Christy,
    I have tested the site with a few monitoring tools and all report the site is up
    - http://downforeveryoneorjustme.com & https://www.uptrends.com. I couldn't notice any 500 error either.

    If you tried Michael suggestions and still get the issue on your end with some specific tools, it is possible some server configuration or security tools are blocking crawling on the website. You can check with your hosting provider to ensure some Firewall setting is not causing that.

    Regards,
    Huberson

  • Michael

    Seems valid and working to me too.

    On the off chance, I would suggest checking your server logs and see if you have been hit by a massive amount of requests, such as: GET /wp-json/wp/v2/users HTTP/1.1

    That's a DDOS attack via JSON exploit which has been going around. It would of temporary disrupted valid requests to the server database from going through. Hense the 500 error would of been a time out issue.

    I've actually been shutting down a couple of abused servers doing this attack towards Wordpress websites today.

    Your hub is actually saying "403 FORBIDDEN - Unavailable for 12h 3m", suggesting it's been blocked. Hense, ease up on the requests and come back in 12 hours to try again. It's probably being blocked from being hammered.

  • Christy

    HI -

    I am still getting the following message in my HUB - can you recheck and see if you can acces my site. I think Sucuri fixed the issue and am finally not getting 500 errors and can resubmit to Google in my Search Console. Thank you! :

    YOUR WEBSITE IS DOWN
    403 FORBIDDEN
    Unavailable for 10d 2h 23m

    Sucuri also wrote:
    "Now in regards to GoogleBot, the Sucuri Firewall will no block valid bots from crawling the site (unless the requests are malicious - spoofing .etc), especially requests from GoogleBot.
    I checked our access logs for the past 3 days on requests from Googlebot and most of them are receiving 500 Internal server errors from the hosting server.

    Here are the top 10 response codes:

    2905:500
    986: 200
    810: 301
    223: 403
    165: 302
    119: 304
    15: 404

    And some examples of requests:

    https://pastebin.sucuri.net/49rha62sigxmt1

    You can also share them with the host. As you can see in the above report, most requests from the GoogleBot IPs are receiving 500 HTTP responses from the host server on various paths accessed.
    The 500 Internal server errors are coming from the web server and can happen due to multiple reasons.
    Misconfigurations in the CMS, recent plugins/themes installed, misconfigurations in a recent upgrade or server issues (db, web server, processes not running correctly .etc).
    The Sucuri Firewall cannot generate 500 Internal Server errors and we're not seeing firewall blocks on requests from googlebot for the past few days.

    You can share all of our findings from above with your host or site developer it might help them with identifying what's causing the current errors."

  • Kasia Swiderska

    Hello Christy,

    Have you contacted your hosting provider about those issues with 500 internal server error and 403 error?

    Can you check with them is they are not blocking our IP addresses:

    66.135.60.59
    66.135.49.214
    66.135.60.64
    
    104.236.238.22
    104.236.50.140

    Another reason for 500 internal server errors is plugin conflict. Please run a quick plugin/theme conflict test as described in getting support manual E. Plugin Conflict Test
    https://premium.wpmudev.org/docs/getting-started/getting-support/#chapter-2

    I'm not able to access your site because Sucuri Firewall is blocking me (I dont have static IP to clear).

    kind regards,
    Kasia

  • Christy

    HI-

    I heard back from both my web host and Sucuri (Firewall and web site monitoring service). See their responses below and see if this helps explain why my socalcycling.com site is being blocked by WPMP Dev (causing the 403 forbidden error in my uptime dashboard) . My other two sites echelondesignteam. com and socalcyclingteam.com that I have on my WPMU Dev dashboard and are hosted on the same server as socalcycling.com (neither are on Sucuri though) and are not being blocked. thanks.

    My Host Tech wrote
    "These ip's are not in your IPtables.

    Are they connecting to the domain that runs through Securi? Is it per chance Securi blocks them? What shows in their actual logs?

    Your log grep is below:
    root@vps [/usr/local/apache/domlogs/socal]# grep 66.135.60.59 *
    root@vps [/usr/local/apache/domlogs/socal]# grep 66.135.49.214 *
    root@vps [/usr/local/apache/domlogs/socal]# grep 66.135.60.64 *
    root@vps [/usr/local/apache/domlogs/socal]# grep 104.236.238.22 *
    root@vps [/usr/local/apache/domlogs/socal]# grep 104.236.50.140 *
    root@vps [/usr/local/apache/domlogs/socal]# dir

    It is important to note that the only IP's we see in /usr/local/apache/domlogs/socal/socalcyclling.com is that of Sucuri (185.93.230.10, 192.88.134.10) so this is a method of where WPMUDev is using your domain which is protected by Sucuri, in which Secure is most likely blocking those IP's as they are not directly hitting the server (all traffic appears to be going through Sucuri first)."

    Sucuri Tech wrote -
    "I've pulled your logs for the past 3 days and looked for those IPs.

    $ egrep "66.135.60.59|66.135.49.214|66.135.60.64|104.236.238.22|104.236.50.140" socalcycling.com.access-20170922-20170925.log

    66.135.60.59 - - [23/Sep/2017:01:23:50 -0400] "POST /wp-load.php?wpmudev-hub=59c5efe5993ec-1506144229.6277 HTTP/1.1" 200 27 "http://socalcycling.com/wp-load.php?wpmudev-hub=59c5efe5993ec-1506144229.6277" "Mozilla/5.0 (compatible; WPMU DEV Hub/2.0; +https://premium.wpmudev.org)" "PROXYBLOCKID:" "CACHEP:disappointed:WHITELISTED"

    66.135.60.59 - - [23/Sep/2017:07:21:33 -0400] "HEAD / HTTP/1.1" 200 0 "http://socalcycling.com/" "WP Checkup (https://premium.wpmudev.org)" "PROXYBLOCKID:" "CACHEP:EXPIRED/WHITELISTED"

    66.135.60.59 - - [23/Sep/2017:12:28:38 -0400] "HEAD / HTTP/1.1" 200 0 "http://socalcycling.com/" "WP Checkup (https://premium.wpmudev.org)" "PROXYBLOCKID:" "CACHEP:HIT/WHITELISTED"

    66.135.60.59 - - [25/Sep/2017:03:44:12 -0400] "POST /wp-load.php?wpmudev-hub=59c8b3cb461f8-1506325451.2872 HTTP/1.1" 200 27 "http://socalcycling.com/wp-load.php?wpmudev-hub=59c8b3cb461f8-1506325451.2872" "Mozilla/5.0 (compatible; WPMU DEV Hub/2.0; +https://premium.wpmudev.org)" "PROXYBLOCKID:" "CACHEP:disappointed:WHITELISTED"

    There have only been 4 requests, all from the same IP, and they all received a 200 "OK" response. This confirms they were not blocked."

  • Kasia Swiderska

    Hello Christy,

    I'm sorry for the late response on my side - I've send message to developers about 403 error and blocked site and I'm waiting for the response.

    In the meantime can you confirm that you run plugin conflict test and asked your server provider about 500 internal server errors (those are generated on server, they are logged in server error logs and provider should be able to tell what is causing them).

    kind regards,
    Kasia

  • Christy

    Hello-

    I ran the plugin conflict test and still got the "Your Website is Down" and 403 error message in my WPMU DEV uptime tab.

    I turned off all the plugins and it still said "Your Website is Down" and 403 error message before turning any of the plugins back on.

    I have had this message for 3 weeks, can you fix it?

    My hosting error message say- 185.93.229.10 is my Sucuri Monitoring service.
    [Thu Oct 05 04:44:57 2017] [error] [client 185.93.229.10] client denied by server configuration: /home/socal/public_html/wp-content/themes/presso/index.php
    [Thu Oct 05 00:44:49 2017] [error] [client 185.93.229.10] client denied by server configuration: /home/socal/public_html/wp-content/themes/presso/index.php
    [Wed Oct 04 20:44:05 2017] [error] [client 185.93.229.10] client denied by server configuration: /home/socal/public_html/wp-content/themes/presso/index.php
    [Wed Oct 04 16:42:46 2017] [error] [client 185.93.229.10] client denied by server configuration: /home/socal/public_html/wp-content/themes/presso/index.php

  • Christy

    Hi-
    I was looking in my Sucuri Firewall "Blocked Requests" and I saw what appears that WPMU Dev Uptime Monitor is being blocked with HTTP Status 403. (See attached.)

    Can this be causing my problem above where it says for SoCalCycling.com "Your Website is Down" and 403 error message in my WPMU DEV uptime tab?

    How do I fix this? Can I tell Sucuri to do something?

    It looks like there are a bunch of IP addresses. Can I whitelist them, if so what are they. Just wan to confirm this is coming from WPMU Dev and not a hacker?

    thanks.

  • Michael

    Do you have any Amazon plugin on your website, such as Amazon Affiliates importing products and updating price tags, etc. Almost all those IP Addresses in question are Amazon servers. If you do, try disabling that plugin for a temp period and seeing if those IP Addresses die down.

    HTTP Status 403 - Is a Forbidden access to the requested location (file or folder). It could be your security firewall blocking as it assumes it's a DDOS attack or it could be those locations itself being restricted with server file permissions (CHMOD), etc.

    https://codex.wordpress.org/Changing_File_Permissions

    Using a FTP Client, such as FlashFXP or similar, check your Wordpress folders and files for their permissions. On some FTP Clients, you can right-click the folders and files, selecting "Change Attributes (CHMOD)", just be careful if changing them.

    For Wordpress, normally:
    All directories should be: 755
    All files should be: 644

    If it's not that, then have a live online chat (or contact support) of Sucuri themselves, asking to setup your firewall settings. They can easily scan your firewall access and determine what should or shouldn't be allowed.

    https://sucuri.net/

  • Kasia Swiderska

    Hello Christy,

    I've talked wit our sysadmins and we are not blocking your site from our side. From our side it looks like that

    They are blocking all of our pings with some kind of firewall, but only they can know why or what rules. Doesn’t seem to matter what IP we use, so maybe it’s a user agent rule unless they are blocking all of AWS.

    So this is something you need to discuss with Sucuri, because we can't do anything on our side if our pings are blocked.

    kind regards,
    Kasia

  • Christy

    HI-

    Thanks for the info.

    Sucuri wrote -

    "Based on the details provided we managed to identify a few of the blocks on requests from “WPMUDEV Uptime Monitor 4.0” in the past few days.
    Similar to:

    54.221.0.222 10/Oct/2017:06:59:09 DDOS22 GET 403 / CACHEP:- - WPMUDEV Uptime Monitor 4.0 (https://premium.wpmudev.org)
    52.90.72.25 10/Oct/2017:06:57:11 DDOS22 GET 403 / CACHEP:- - WPMUDEV Uptime Monitor 4.0 (https://premium.wpmudev.org)
    52.54.211.245 10/Oct/2017:06:55:11 DDOS22 GET 403 / CACHEP:- - WPMUDEV Uptime Monitor 4.0 (https://premium.wpmudev.org)
    54.221.0.222 10/Oct/2017:06:53:09 DDOS22 GET 403 / CACHEP:- - WPMUDEV Uptime Monitor 4.0 (https://premium.wpmudev.org)

    Most of them are triggering one of our DDOS security settings - this cannot be disabled from the Sucuri Dashboard.
    This mainly happens because requests are performed every 2 minutes, they are reaching the homepage and don’t have a referrer. Our firewall identified that behavior and request as malicious.
    In this case it may be required to change the way the request is performed - try accessing a different page for monitoring & add a referrer in the requests from WPMUDEV to prevent triggering the firewall settings.
    Or one other thing that can be done here is to whitelist the IPs or the IP ranges used by the monitor to perform requests on socalcycling.com, if the admins can provide a list, those can be whitelisted from:
    https://waf.sucuri.net/?settings&site=socalcycling.com&panel=access-control
    It will ensure the monitor requests are no longer restricted by the Sucuri Firewall."

    I appreciate any help you can provide so I can get my WPMU Dev monitoring to work.

    • Rupok

      Hi Michael,

      I'm sorry but I'm not exactly sure about your question. Did you mean that if an exception is created in the firewall to allow our server for Uptime Monitoring, will the Uptime Monitoring slow down?

      If this is what you asked, then let me confirm you that it won't slow down the Uptime Monitoring service.

      Please let us know if you meant something else. We will be very glad to help :slight_smile:

      Have a nice day. Cheers!
      Rupok

      • Michael

        Hi Rupok, to clarify I was attempting to give quick fixes for post owner (disable or add exceptions into the firewall).

        However, in regards to the "Slow down" of the uptime monitoring service, I was actually suggesting that more as a plugin feature. Sucuri Firewall is currently blocking it like if it was a DDOS attack, due to how regularly it's triggering off. Add an option under the uptime monitoring service to set how regular it checks could resolve this perhaps. Rather than 2 minute period checks, it could be every 5, 10 or 15 minutes, etc.

        Hope that helps.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.