i have an website on wordpress, on an EC2 instance, with a ebs store, i access it using putty, and try to update the linux , cause its says updates where avaliable, it got a couple of errors in the process, and after that i couldn't access the website anymore, i check the instance status on my aws dashboard, and it says it could not be reached, try to reboot with no luck, then i stop it and start it, and works, both alerts was green, i try login with putty and works, however, when try to view the site using explorer it display a message "ERR_CONNECTION_REFUSED" , i read that after stop/starting a instance some settings has to be applied again, but the elastic ip addres its still the same, and the connection rules are still there, i guess its a setting that i have to make, but i have no clue, thanks. in advance
pd: even the website does not display at all, the favicon its shown, i access the instance via ftp using filezilla and works, all my flies are there.
Related
I have a static Gatsby site that uses WordPress for it's back end. I also have the WordFence plugin installed to prevent hackers from causing havoc. I started out without WordFence installed, the site got hacked, and we had to scrap the whole back end and start over with a new database.
When trying to deploy my Gatsby website using Netlify I recieve this error message:
If you are using a security plugin like WordFence or a server firewall you may need to whitelist your IP address or adjust your firewall settings for your GraphQL endpoint.
I have the NetlifyPress WordPress plugin installed. It doesn't help prevent the issue.
I was able to fix this error locally by whitelisting my IP address in the Wordfence firewall settings.
It's not as simple whitelisting the Netlify automated build processes on the website though.
Does anyone know how to stop Wordfence from from blocking Netlify?
I figured it out!
Go to WordFence dashboard.
Click on "Tools" to view a live graph of intercepted suspicious activity
Switch to Netlify and run a deploy of your site (it should fail)
Go back to the WordFence graph and take a look at the top row, the "page visited" column should have "/graphql" in it
Click on that row
Click on the "Add Param to Firewall Allowlist" button
Run your Netlify build again and it should work!
Some caveats:
Be super careful that you don't accidentally whitelist a hacker!
WordFence is constantly blocking attacks. Most attacks aren't trying to access "/graphql" though, so that is a pretty good indicator of which rows are services you want to white list and which rows are hackers that need to stay blocked.
The above method seems to give access to anyone that is trying to access the "/graphql" endpoint. That might be considered a security issue for you. On the plus side, it meant that it also fixed my BitBucket pipeline issue.
An alternative method is to copy the IP Address in the "IP Address" column then add it to your IP Address whitelist.
Go to the Wordfence dashboard
Click "Firewall" in the left nav bar
Click "All firewall options"
Enter the IP address in the "Allow listed IP addresses that bypass all rules" field
That could turn into quite a long list though as Netlify has a lot of servers all with different IP addresses. You will have to be constantly whitelisting new IP Addresses. It is admittedly a much more secure method than the first option though. This method ensures that only Netlify will have access to the "/graphql" end point.
Hello First of all I want to mentioned that I'm using Google cloud platform VM instance, openLiteSpeed + wordpress site.
I'm on fly more than a year with some domain and everything works well.
Today I bought a new domain and set it to my website and from this moment I can't enter to my site even if I'm using the External IP of my instance.
For now I deleted all my records in DNS section to try to handle this problem and still it does not work.
I also changed the virtual mapping on Listener section in openLiteSpeed dashboard.
I don't have idea what todo next, I try to solve this more than 5 hours.
Any suggestions how can I solve it ?
I reproduced your scenario in my own project-- I installed “openlitespeed-wordpress” solution.
I realised that this solution doesn't reserve an External IP, so when I stopped the instance and started it again, I wasn’t able to access my WordPress because my original IP was ephemeral, and it changed when I started my VM Instance again.
I solved this problem by modifying 2 fields in the DB, if you have the same issue you can follow the next steps:
In the Google Cloud Console, go to the VM instances page to check the new IP for your openlitespeed-wordpress Instance.
Use your new IP to access to your phpMyAdmin:
https://{Your-New-IP}/phpmyadmin/
If you don't know your credentials to access to phpMyAdmin you can get this information with the following command using ssh:
sudo sed -n 1p /home/ubuntu/.db_password
Once you have access, go to wordpress -> wp_options
Then you edit the option name
siteurl
home
After this action I was able to access my site again with my New IP.
To avoid this issue in the future you could reserve your IP:
In the Cloud Console, go to the VM instances page.
Click the name of the instance that you want to assign an external IP to.
The instance details page displays.
From the instance details page, complete the following steps:
a. Click Edit.
b. Under Network interfaces, click the edit button.
c. Under External IP, select Static external IP address to assign to the instance.
d. Click Done and Save.
Also I found some documentation that might help you to troubleshoot your issue.
My application uses a Angular frontend paired with a C# backend.
For determining who's currently sitting in front of the pc, I use C#/ASP.NET's Current.User.Identity .
Now, there is not a coding issue, my problem is that windows keeps handing out the wrong Identity. This happens since yesterday. My website keeps telling me I am IISAdmin, instead of my User Account that I am using right now.
I am guessing this probably stands in some relation to me adding a couple of network shares (quick access to the servers) using the credentials of IISAdmin and ticking the checkbox "Save Credentials".
Normally when I deploy patches I just connect to the server manually via explorer, and enter the credentials by hand. I have done this multiple times, this has never been an issue.
This is where it gets a little odd. I have tried starting Chrome explicitly as my User, and it just merged the window into the existing Chrome window I had already. Opened my web-app, IISAdmin.
I closed Chrome entirely, started it explicitly as my user again, IISAdmin.
Starting Chrome as a dummy account that I have access to, Chrome correctly opens a new Chrome window, and User.Identity confirms that I am logged in as said Dummy.
Internet Explorer behaves exactly the same way, so this is not browser-specific.
Even after a complete reboot this keeps remaining an issue. The network shares were removed after the restart, I am assuming they were temporary.
Windows should hand out my standard issue user account auth, not a highly powered super admin that's just saved somewhere.
After talking to some colleagues, they pointed me towards the solution.
If this happens to you:
Go to System Control / Credential Manager / Windows Credentials
(Golden Safe)
Delete the conflicting credentials
I was not aware of this at first, but when you create a network share and save the credentials, it saves them here.
What I didn't expect was that windows maps the file path to the server to the server's actual IP / DNS adress.
So whenever you connect to said server, Windows uses the saved creds it has, and because of the way Kerberos works, your existing token just get's handed around.
Hence making things a little mushy, even if you explicitly start Chrome as your normal user.
I have a running website (based on ASP.NET MVC) on some domain, let's say mydomain.com
Yesterday I was looking into site access logs and I noticed very weird logs: inside it, I saw different domain!
Something like anotherdomain.com/somePage
And I saw exception text in my log saying that 404 - anotherdomain.com/somePage can't be found. It looks like somehow my code running on some other domain (Request.URL show different domain).
How it is possible? Does that means that someone somehow got access to my host (I running on Azure) and steal my binaries and deployed on another host? Or maybe my website opened from iframe?
I need to understand in order to determine whether I have a breach.
If I had to guess, I would bet that someone accidentally set their domain's DNS records to point at your server. You can check where the A record for the domain is pointed with nslookup or whoisfrom the command line. If they are in fact mis-configured, you should contact the site administrator to let them know. This kind of mis-configuration, while uncommon, can happen more frequently with cloud services due to the inherently transient nature of the servers and routes used.
It's actually possible to make a GET request to access other domains, via your domain, to check if there's a badly configured proxy. Since you're not, it simply returns a 404 Not Found because you are not actually hosting those pages.
Scans like these happen all the time and is an unfortunate side effect of being connected to the internet, but does not mean that you are under attack or that someone has access to your host.
We have deployed our solution to a closed environment, and sometimes it is hard to debug problems because we can't even collect logs fast enough.
We devised a way to download the local log files via our own web forms application, but if the problem prevents access to that page in the first place, we are in the dark for a few hours.
The question then is: is there a way to display the original YSOD only to a specific, static IP address? That way, we would configure our company's static IP address to allow full debugging by displaying the original error instead of the user friendly custom error page.
Apparently, the default customErrors mechanism doesn't seem to allow control this fine grained.
A solution that still respects the original customErrors configuration on web.config would be ideal, as we would like to keep the custom page for random users accessing from other addresses.
Look up ELMAH. It can be found here. I have just downloaded via Nuget and so far it's pretty cool. It keeps track of all exceptions that occur and you can see the YSOD. All you ahve to do is go to your url for example.. www.example.com/blog/elmah.axd and you are able to view all the errors that have occured. You are able to use SQL as well. If you go that route, I'm sure it's really easy to pull all exceptions that occurred on a certain IP. You can also have emails sent to you on the error, and an RSS feed. It's really easy and quick. You are able to set it up to authorized users only. I'm using Active Directory so any user in "SoftwareDevelopers" are able to see the ELMAH log.
Hope this helps!