Results 1 to 13 of 13
  1. #1
    Join Date
    Jan 2016
    Posts
    17
    Points
    787
    Level
    10

    WordPress Whoa's With SiteWorx

    Hello everyone,

    I have an InterWorx server running for a few small web/e-mail customers.
    Amid a simple DNS issue with our ISP not resolving any domains, we changed the nameserver's in /etc/resolv.conf (CentOS 6).
    Great, our websites and e-mails resume normally.

    Following shortly after, checking on the hosted websites using WordPress on our InterWorx server, none will update or list plugin's from wordpress.org.
    Diagnosis:
    -Checked and switched DNS/nameservers for hosting server. (Not nameservers for the websites, just for the hosting server)
    -Able to resolve wordpress.org (66.155.40.250) but ping test times out.
    -When connecting via telnet to wordpress.org from another IP, connected fine, when telnet from specified questionable IP to wordpress.org, connection times out.
    -IP address is not blacklisted using MXToolbox search.
    -Restarted services, tested with firewall disabled, no change.
    -Add a few of wordpress.orgís IPís to whitelist on firewall.

    Further searching lead to the WordPress requirements of:

    • PHP 7 or greater
    • MySQL 5.6 or greater OR MariaDB 10.0 or greater
    • The mod_rewrite Apache module
    • HTTPS support


    Currently my InterWorx version 5.1.52-1311 shows installed:

    • phpMyAdmin -> 4.0.10.17 (Current latest 4.7.3)
    • PHP -> 5.6.17 (Current latest 7.1.7)
    • MySQL -> 5.5.47 (Current latest 5.7.19)


    I checked the "Software Update" section of "Server" in InterWorx with no updates available. Is there a particular reason why it looks to be so outdated or if I should be updating it outside of InterWorx?
    Thanks.

  2. #2
    Join Date
    Apr 2012
    Posts
    2,101
    Points
    20,806
    Level
    62
    Hi techalta

    Glad you resolved your NS issues

    If your license is current (I.e allows you to update), then you could set your IW update to release candidate, which will give you the latest version, including multiPHP

    If your license has expired for updates, you could buy a 6 month subscription from IW, and then update to latest versions

    Lastly, as far as I know, word press should still install on earlier versions, certainly on PHP 5.6, as both PHP 5.6 and 7 are currently supported.

    A warning over PHP 7.17, I do not think the ioncube loaders are available yet

    Also, just in case your checking PHP from IW CP, webserver, phpinfo. This shows the IW php version and not the php used by Apache. To see Apache version of php, upload a phpinfo file into one of your siteworx accounts.

    Finally, suPHP is outdated, not supported by suPHP, so the versions have changed to PHP-FPM, and the latest version of IW sets all new installs to PHP-FPM and not suPHP

    I hope that helps a little but appreciate an update once you have resolved word press/IW issue

    Many thanks

    John

  3. #3
    Join Date
    Jan 2016
    Posts
    17
    Points
    787
    Level
    10
    Hi John,

    The licenses for IW are current. The WordPress sites are indeed still installed and updated through the version since 4.5 and have had no issues until recently.
    I recall from another topic, pulling the PHP info from IW's CP is just that, for IW's CP. But good call, and the versions were pulled from a phpinfo.php file.

    I don't absolutely require the newest of the newest version of php/mysql, and understand IW has been great to keep things secure by using the most stable versions they believe work, but though WordPress is certainly a very common CMS to be installed and the minimum requirements would be easily met.

    Another side note as WordPress.org tries to check for a possible block of one of my IP's, wget has been updated to version 1.19 and cURL to 7.54.1 using city-fan.repo.
    If I had a site that was exploited and caused wordpress.org to block my one IP, I could understand that, but I can't find anything, nor do I believe there is really any issues with IW.

    I'm pulling at straws here.. hopefully WordPress will get back. Otherwise I will need to try and figure out how to change IP's for IW's mySQL software.
    Thanks.

  4. #4
    Join Date
    Apr 2012
    Posts
    2,101
    Points
    20,806
    Level
    62
    Hi techalta

    Many thanks.

    The MySQL should be either localhost or 127.0.0.1, unless you have set additional MySQL as the main MySQL, which you can do

    I'm sorry, I am not fully understanding your issue, so will have a read and think a little, but are you saying you cannot install Wordpress even after updating to IW 6.0.5

    Many thanks

    John

  5. #5
    Join Date
    Jan 2016
    Posts
    17
    Points
    787
    Level
    10
    Hi John,

    In the past, when I would set a new siteworx account, I would manually upload the latest version of wordpress, configure the wp-config.php file to the specified MySQL server/account details as listed in their siteworx account.
    During that time, I would enter in the exact server IP for the MySQL server (Same IW server) rather than 127.0.0.1 or localhost. *(Not sure why, but I did.) I have switched over a test account to localhost and of course the site still works as normal.

    The ultimate issue is that I cannot ping any of wordpress.org's IP addresses. (66.150.40.249, .250, .201, etc) This is done as a quick test as none of the wordpress sites I host can update. *(Wordpress and plugins can still be updated if done by ftp)

    Error messages include:
    "WordPress could not establish a secure connection to WordPress.org"
    "RSS Error: WP HTTP Error: cURL error 28: Connection timed out after 10000 milliseconds"
    "RSS Error: WP HTTP Error: cURL error 7: Failed to connect to planet.wordpress.org port 443: Connection timed out"

    I have tested it for a very short time with iptables turned off, and it still cannot ping.
    My guess is either:
    1. The firewall is configured in a way I don't understand, to block SSL connections (https://wordpress.org, https://api.wordpress.org, TCP in and out are open for port 443)
    2. The IW server is not allowing the response from their https connection.

  6. #6
    Join Date
    Apr 2012
    Posts
    2,101
    Points
    20,806
    Level
    62
    Hi techalta

    Many thanks

    Sorry, just retiring to bed but checked for posts.

    Iw changed the firewall slightly, but cannot remember exactly which version, so connections would be checked for outgoing calls

    I cannot remember the name sorry, but can post a picture tommorow if it helps.

    Is your ticked (enabled). It is easily recognisable for what it does.

    If ticked, could you untick it and test

    It sounds rather like the issue you are seeing

    Many thanks

    John

  7. #7
    Join Date
    Apr 2012
    Posts
    2,101
    Points
    20,806
    Level
    62
    Hi TechAlta
    Many thanks, and sorry, I have tested the packet outbound filter on/off and it appears to make no difference to my curl/ping tests. Tested on 2 different IW servers - see below
    I think I need to understand a little more, so if you ping wordpress.org, does it resolve to an IP (thinking it maybe a DNS issue here)
    Many thanks
    John

    curl -I https://api.wordpress.org
    HTTP/1.1 302 Found
    Server: nginx
    Date: Thu, 27 Jul 2017 08:07:41 GMT
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    Location: https://developer.wordpress.org/rest-api/
    X-Frame-Options: SAMEORIGIN
    ping wordpress.org
    PING wordpress.org (66.155.40.250) 56(84) bytes of data.
    64 bytes from 66.155.40.250: icmp_seq=1 ttl=50 time=181 ms
    64 bytes from 66.155.40.250: icmp_seq=2 ttl=50 time=181 ms
    64 bytes from 66.155.40.250: icmp_seq=3 ttl=50 time=181 ms
    curl -I https://wordpress.org
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 27 Jul 2017 08:08:50 GMT
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=360
    X-Olaf: ⛄
    X-Frame-Options: SAMEORIGIN
    X-nc: HIT lax 249
    SSL test
    php -i | grep "SSL Version"
    SSL Version => OpenSSL/1.0.1e
    curl -sslv3 https://api.wordpress.org
    * About to connect() to api.wordpress.org port 443 (#0)
    * Trying 66.155.40.189... connected
    * Connected to api.wordpress.org (66.155.40.189) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    * CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
    * NSS error -12286
    * Closing connection #0
    * SSL connect error
    curl -tlsv1.0 https://planet.wordpress.org

  8. #8
    Join Date
    Jan 2016
    Posts
    17
    Points
    787
    Level
    10
    Results:
    curl -I https://api.wordpress.org
    curl: (7) Failed to connect to api.wordpress.org port 443: Connection timed out
    curl -I https://wordpress.org
    curl: (7) Failed to connect to wordpress.org port 443: Connection timed out
    php -i | grep "SSL Version"
    SSL Version => OpenSSL/1.0.1e
    PHP Warning: Unknown: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in Unknown on line 0
    curl -sslv3 https://api.wordpress.org
    * Rebuilt URL to: https://api.wordpress.org/
    * Trying 66.155.40.189...
    * TCP_NODELAY set
    * connect to 66.155.40.189 port 443 failed: Connection timed out
    * Trying 66.155.40.249...
    * TCP_NODELAY set
    * connect to 66.155.40.249 port 443 failed: Connection timed out
    * Trying 66.155.40.250...
    * TCP_NODELAY set
    * connect to 66.155.40.250 port 443 failed: Connection timed out
    * Trying 66.155.40.202...
    * TCP_NODELAY set
    * connect to 66.155.40.202 port 443 failed: Connection timed out
    * Trying 66.155.40.187...
    * TCP_NODELAY set
    * connect to 66.155.40.187 port 443 failed: Connection timed out
    * Trying 66.155.40.203...
    * TCP_NODELAY set
    * connect to 66.155.40.203 port 443 failed: Connection timed out
    * Trying 66.155.40.188...
    * TCP_NODELAY set
    * connect to 66.155.40.188 port 443 failed: Connection timed out
    * Trying 66.155.40.186...
    * TCP_NODELAY set
    * connect to 66.155.40.186 port 443 failed: Connection timed out
    * Failed to connect to api.wordpress.org port 443: Connection timed out
    * Closing connection 0
    curl -tlsv1.0 https://planet.wordpress.org
    curl: (7) Failed to connect to planet.wordpress.org port 443: Connection timed out



    In IW, port 443/https, TCP In and TCP Out are both open with UDP closed. None of the IP's are listed in the blocked IP's list.

  9. #9
    Join Date
    Apr 2012
    Posts
    2,101
    Points
    20,806
    Level
    62
    Hi techalta

    Many thanks

    I would set your time zones in php.ini

    The sslv3 test was just for an answer, as I knew it should fail

    Your specific issue is a timeout from what I can see

    Are you behind a firewall or is something upstream to your server stopping ssl

    Many thanks

    John

  10. #10
    Join Date
    Jan 2016
    Posts
    17
    Points
    787
    Level
    10
    Hi John,

    I will correct that asap.
    As for firewall, this IW server is running APF with iptables on Centos 6.9. (Pretty much a stock IW setup) Network connection is straight to the modem and no proxy. I did contact my ISP and was told there are absolutely no ports being blocked by them and that it is likely with our IW server.

    I did read somewhere that having an SSL cert may cause this issue? (There is an SSL cert for the IW server, and one for a website it hosts with a separate IP) Would passing along the SSL Cipher Suite help? Both the IW site and the other site work fine with their SSL when I tested them with any of the online checks. Reverse DNS was also setup with our ISP for the two IW servers.

  11. #11
    Join Date
    Apr 2012
    Posts
    2,101
    Points
    20,806
    Level
    62
    Hi techalta

    Many thanks

    I understand what your saying, but passing ssl with curl most likely would not help, as it should already be set correctly (as long as it's not using sslv3)

    It could be an issue with curl perhaps, but I do not think so

    The issue is a timeout waiting for a response from Wordpress.org

    One thought, in your router/modem, as a test, could you try dmz the Iw server, which should bypass all firewall/routing on the modem/router and simply pass all incoming to the iw server.

    Another test might be to test curl by trying to access another api site.

    Many thanks

    John

  12. #12
    Join Date
    Jan 2016
    Posts
    17
    Points
    787
    Level
    10
    Well,

    Checking on the sites again, everything has become resolved. All the WordPress sites can now update normally through their admin dashboards and the server can ping to wordpress.org. HTTPS is also working for gathering updates. No changes were made to the server. I can only assume that WordPress checked on their end for the IP address and unblocked it. Not a fun time and I still don't know if there was a reason, or which site may have been at fault.
    Thanks again John for all your help and keeping me in check with the various items that could have caused the problem from the start.

  13. #13
    Join Date
    Apr 2012
    Posts
    2,101
    Points
    20,806
    Level
    62
    Hi techalta

    Many thanks for your update, and glad it's resolved

    I believe you are correct with Wordpress unblocking your IP address

    Many thanks

    John

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •