WordPress Whoa's With SiteWorx

Hello everyone,

I have an InterWorx server running for a few small web/e-mail customers.
Amid a simple DNS issue with our ISP not resolving any domains, we changed the nameserver’s in /etc/resolv.conf (CentOS 6).
Great, our websites and e-mails resume normally.:smiley:

Following shortly after, checking on the hosted websites using WordPress on our InterWorx server, none will update or list plugin’s from wordpress.org.
Diagnosis:
-Checked and switched DNS/nameservers for hosting server. (Not nameservers for the websites, just for the hosting server)
-Able to resolve wordpress.org (66.155.40.250) but ping test times out.
-When connecting via telnet to wordpress.org from another IP, connected fine, when telnet from specified questionable IP to wordpress.org, connection times out.
-IP address is not blacklisted using MXToolbox search.
-Restarted services, tested with firewall disabled, no change.
-Add a few of wordpress.org?s IP?s to whitelist on firewall.

Further searching lead to the WordPress requirements of:

  • PHP 7 or greater
  • MySQL 5.6 or greater OR MariaDB 10.0 or greater
  • The mod_rewrite Apache module
  • HTTPS support

Currently my InterWorx version 5.1.52-1311 shows installed:

  • phpMyAdmin -> 4.0.10.17 (Current latest 4.7.3)
  • PHP -> 5.6.17 (Current latest 7.1.7)
  • MySQL -> 5.5.47 (Current latest 5.7.19)
:eek: I checked the "Software Update" section of "Server" in InterWorx with no updates available. Is there a particular reason why it looks to be so outdated or if I should be updating it outside of InterWorx? Thanks.

Hi techalta

Glad you resolved your NS issues

If your license is current (I.e allows you to update), then you could set your IW update to release candidate, which will give you the latest version, including multiPHP

If your license has expired for updates, you could buy a 6 month subscription from IW, and then update to latest versions

Lastly, as far as I know, word press should still install on earlier versions, certainly on PHP 5.6, as both PHP 5.6 and 7 are currently supported.

A warning over PHP 7.17, I do not think the ioncube loaders are available yet

Also, just in case your checking PHP from IW CP, webserver, phpinfo. This shows the IW php version and not the php used by Apache. To see Apache version of php, upload a phpinfo file into one of your siteworx accounts.

Finally, suPHP is outdated, not supported by suPHP, so the versions have changed to PHP-FPM, and the latest version of IW sets all new installs to PHP-FPM and not suPHP

I hope that helps a little but appreciate an update once you have resolved word press/IW issue

Many thanks

John

Hi John,

The licenses for IW are current. The WordPress sites are indeed still installed and updated through the version since 4.5 and have had no issues until recently.
I recall from another topic, pulling the PHP info from IW’s CP is just that, for IW’s CP. But good call, and the versions were pulled from a phpinfo.php file.

I don’t absolutely require the newest of the newest version of php/mysql, and understand IW has been great to keep things secure by using the most stable versions they believe work, but though WordPress is certainly a very common CMS to be installed and the minimum requirements would be easily met.

Another side note as WordPress.org tries to check for a possible block of one of my IP’s, wget has been updated to version 1.19 and cURL to 7.54.1 using city-fan.repo.
If I had a site that was exploited and caused wordpress.org to block my one IP, I could understand that, but I can’t find anything, nor do I believe there is really any issues with IW.

I’m pulling at straws here… hopefully WordPress will get back. Otherwise I will need to try and figure out how to change IP’s for IW’s mySQL software.
Thanks.

Hi techalta

Many thanks.

The MySQL should be either localhost or 127.0.0.1, unless you have set additional MySQL as the main MySQL, which you can do

I’m sorry, I am not fully understanding your issue, so will have a read and think a little, but are you saying you cannot install Wordpress even after updating to IW 6.0.5

Many thanks

John

Hi John,

In the past, when I would set a new siteworx account, I would manually upload the latest version of wordpress, configure the wp-config.php file to the specified MySQL server/account details as listed in their siteworx account.
During that time, I would enter in the exact server IP for the MySQL server (Same IW server) rather than 127.0.0.1 or localhost. *(Not sure why, but I did.) I have switched over a test account to localhost and of course the site still works as normal.

The ultimate issue is that I cannot ping any of wordpress.org’s IP addresses. (66.150.40.249, .250, .201, etc) This is done as a quick test as none of the wordpress sites I host can update. *(Wordpress and plugins can still be updated if done by ftp)

Error messages include:
“WordPress could not establish a secure connection to WordPress.org
RSS Error: WP HTTP Error: cURL error 28: Connection timed out after 10000 milliseconds”
RSS Error: WP HTTP Error: cURL error 7: Failed to connect to planet.wordpress.org port 443: Connection timed out”

I have tested it for a very short time with iptables turned off, and it still cannot ping.
My guess is either:

  1. The firewall is configured in a way I don’t understand, to block SSL connections (https://wordpress.org, https://api.wordpress.org, TCP in and out are open for port 443)
  2. The IW server is not allowing the response from their https connection.

Hi techalta

Many thanks

Sorry, just retiring to bed but checked for posts.

Iw changed the firewall slightly, but cannot remember exactly which version, so connections would be checked for outgoing calls

I cannot remember the name sorry, but can post a picture tommorow if it helps.

Is your ticked (enabled). It is easily recognisable for what it does.

If ticked, could you untick it and test

It sounds rather like the issue you are seeing

Many thanks

John

Hi TechAlta
Many thanks, and sorry, I have tested the packet outbound filter on/off and it appears to make no difference to my curl/ping tests. Tested on 2 different IW servers - see below
I think I need to understand a little more, so if you ping wordpress.org, does it resolve to an IP (thinking it maybe a DNS issue here)
Many thanks
John

curl -I https://api.wordpress.org
HTTP/1.1 302 Found
Server: nginx
Date: Thu, 27 Jul 2017 08:07:41 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Location: https://developer.wordpress.org/rest-api/
X-Frame-Options: SAMEORIGIN
ping wordpress.org
PING wordpress.org (66.155.40.250) 56(84) bytes of data.
64 bytes from 66.155.40.250: icmp_seq=1 ttl=50 time=181 ms
64 bytes from 66.155.40.250: icmp_seq=2 ttl=50 time=181 ms
64 bytes from 66.155.40.250: icmp_seq=3 ttl=50 time=181 ms
curl -I https://wordpress.org
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 27 Jul 2017 08:08:50 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=360
X-Olaf: :snowman:
X-Frame-Options: SAMEORIGIN
X-nc: HIT lax 249
SSL test
php -i | grep “SSL Version”
SSL Version => OpenSSL/1.0.1e
curl -sslv3 https://api.wordpress.org

  • About to connect() to api.wordpress.org port 443 (#0)
  • Trying 66.155.40.189… connected
  • Connected to api.wordpress.org (66.155.40.189) port 443 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • NSS error -12286
  • Closing connection #0
  • SSL connect error
    curl -tlsv1.0 https://planet.wordpress.org

Results:
curl -I https://api.wordpress.org
curl: (7) Failed to connect to api.wordpress.org port 443: Connection timed out
curl -I https://wordpress.org
curl: (7) Failed to connect to wordpress.org port 443: Connection timed out
php -i | grep “SSL Version”
SSL Version => OpenSSL/1.0.1e
PHP Warning: Unknown: It is not safe to rely on the system’s timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone ‘UTC’ for now, but please set date.timezone to select your timezone. in Unknown on line 0
curl -sslv3 https://api.wordpress.org

  • Rebuilt URL to: https://api.wordpress.org/
  • Trying 66.155.40.189…
  • TCP_NODELAY set
  • connect to 66.155.40.189 port 443 failed: Connection timed out
  • Trying 66.155.40.249…
  • TCP_NODELAY set
  • connect to 66.155.40.249 port 443 failed: Connection timed out
  • Trying 66.155.40.250…
  • TCP_NODELAY set
  • connect to 66.155.40.250 port 443 failed: Connection timed out
  • Trying 66.155.40.202…
  • TCP_NODELAY set
  • connect to 66.155.40.202 port 443 failed: Connection timed out
  • Trying 66.155.40.187…
  • TCP_NODELAY set
  • connect to 66.155.40.187 port 443 failed: Connection timed out
  • Trying 66.155.40.203…
  • TCP_NODELAY set
  • connect to 66.155.40.203 port 443 failed: Connection timed out
  • Trying 66.155.40.188…
  • TCP_NODELAY set
  • connect to 66.155.40.188 port 443 failed: Connection timed out
  • Trying 66.155.40.186…
  • TCP_NODELAY set
  • connect to 66.155.40.186 port 443 failed: Connection timed out
  • Failed to connect to api.wordpress.org port 443: Connection timed out
  • Closing connection 0
    curl -tlsv1.0 https://planet.wordpress.org
    curl: (7) Failed to connect to planet.wordpress.org port 443: Connection timed out

In IW, port 443/https, TCP In and TCP Out are both open with UDP closed. None of the IP’s are listed in the blocked IP’s list.

Hi techalta

Many thanks

I would set your time zones in php.ini

The sslv3 test was just for an answer, as I knew it should fail

Your specific issue is a timeout from what I can see

Are you behind a firewall or is something upstream to your server stopping ssl

Many thanks

John

Hi John,

I will correct that asap.
As for firewall, this IW server is running APF with iptables on Centos 6.9. (Pretty much a stock IW setup) Network connection is straight to the modem and no proxy. I did contact my ISP and was told there are absolutely no ports being blocked by them and that it is likely with our IW server.

I did read somewhere that having an SSL cert may cause this issue? (There is an SSL cert for the IW server, and one for a website it hosts with a separate IP) Would passing along the SSL Cipher Suite help? Both the IW site and the other site work fine with their SSL when I tested them with any of the online checks. Reverse DNS was also setup with our ISP for the two IW servers.

Hi techalta

Many thanks

I understand what your saying, but passing ssl with curl most likely would not help, as it should already be set correctly (as long as it’s not using sslv3)

It could be an issue with curl perhaps, but I do not think so

The issue is a timeout waiting for a response from Wordpress.org

One thought, in your router/modem, as a test, could you try dmz the Iw server, which should bypass all firewall/routing on the modem/router and simply pass all incoming to the iw server.

Another test might be to test curl by trying to access another api site.

Many thanks

John

Well,

Checking on the sites again, everything has become resolved. All the WordPress sites can now update normally through their admin dashboards and the server can ping to wordpress.org. HTTPS is also working for gathering updates. No changes were made to the server. I can only assume that WordPress checked on their end for the IP address and unblocked it. Not a fun time and I still don’t know if there was a reason, or which site may have been at fault.
Thanks again John for all your help and keeping me in check with the various items that could have caused the problem from the start.

Hi techalta

Many thanks for your update, and glad it’s resolved

I believe you are correct with Wordpress unblocking your IP address

Many thanks

John

Check the PHP version you are using also test the server response, However, I was having the same issue with InterWorx but when I went through the guide and check it was an issue from WordPress SSL which I installed days ago.