Having issues running the support tool to diagnose potential issues with server

Type: Bitnami Support Tool

Description:
Here’s what I’m getting when I run the tool:
(Please not, I’m located in Indonesia and I’ve tried using a VPN to cloack my server. So, I’m unsure why its suggesting there’s a bot attack).

/opt/bitnami/bndiagnostic/components/bndiagnostic-wordpress.sh: line 39: /opt/bitnami/apps/wordpress/htdocs/wp-config.php: No such file or directory

✓ Php: No issues found
? Apache: Found possible issues
✓ Connectivity: No issues found
✓ Mariadb: No issues found
✓ Wordpress: No issues found
? Resources: Found possible issues

[Apache]
Found recent error or warning messages in the Apache error log.

[Mon Sep 06 09:32:53.251736 2021] [authz_core:error] [pid 24144:tid 140290719303424] [client 46.3.241.52:64644] AH01630: client denied by server configuration: /opt/bitnami/phpmyadmin/ind
ex.php
 [Mon Sep 06 09:32:55.266758 2021] [core:error] [pid 24639:tid 140290954299136] [client 46.3.241.52:56020] AH00124: Request exceeded the limit of 10 internal redirects due to probable con
figuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
 [Mon Sep 06 09:32:57.944293 2021] [core:error] [pid 24143:tid 140290828408576] [client 46.3.241.52:60496] AH00124: Request exceeded the limit of 10 internal redirects due to probable con
figuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.

Please check the following guide to troubleshoot server issues:

https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
A high number of incoming requests originate from one or more unique IP addresses. This could indicate a bot attack. The following guide shows how to check for and block suspicious IP add
resses.

https://docs.bitnami.com/bch/apps/moodle/troubleshooting/deny-connections-bots-apache/
[Resources]
[Resources]
Your instance has little available RAM memory.

              total        used        free      shared  buff/cache   available
Mem:           1693        1023         218         106         451         407
Swap:             0           0           0

You could try to increase your instance’s memory. Please check your cloud provider’s documentation for more information.
You can also enable swap memory to improve performance.

https://docs.bitnami.com/installer/faq/linux-faq/administration/increase-memory-linux/

The problem I was orginally trying to diagnose/get help on the forums was an error caught by WordFence:

  • Publicly accessible config, backup, or log file found: .user.ini

Type: Publicly Accessible Config/Backup/Log

I’ve tried deleting the file, but it appears to recreate itself automatically.

Hi @gednav

Thanks for using Bitnami!

The tool will usually print all the possible error messages it has found, and then, provide an identifier at the end. Did the tool fail to provide the ID?

/opt/bitnami/bndiagnostic/components/bndiagnostic-wordpress.sh: line 39: /opt/bitnami/apps/wordpress/htdocs/wp-config.php: No such file or directory

I see there are some errors in the output, I will report that to the team in order to fix it. Thanks :slightly_smiling_face:

  • Publicly accessible config, backup, or log file found: .user.ini

I have tried launching a new Bitnami WordPress instance and checked for this file in the entire instance, but I was not able to list it:

$ sudo find /opt/bitnami -name "*ini" | grep user
$ sudo find / -name "*ini" | grep user

Hence, I believe this is something that either a plugin or a theme has created. In any case, the official documentation of WordFence states this:

If in doubt, the scan result includes the option to “Hide this file in .htaccess”, which will add a section to your .htaccess file to prevent Apache from serving this file, if you leave the file in place. This is recommended for .user.ini and similar files. You can run another scan after making the change, to make sure your server correctly blocks public access.

Ref: https://www.wordfence.com/help/scan/scan-results/#public-logs

You can implement that making changes to the /opt/bitnami/apache/conf/vhosts/htaccess/wordpress-htaccess.conf file:

+ <Directory "/opt/bitnami/wordpress">
+  # Only allow direct access to specific Web-available files.
+    <Files ".user.ini">
+    <IfModule mod_authz_core.c>
+      Require all denied
+    </IfModule>
+    <IfModule !mod_authz_core.c>
+      Order deny,allow
+      Deny from all
+    </IfModule>
+  </Files>
+ </Directory>
...

After that, check the syntax and restart the Apache service:

$ sudo apachectl -t
$ sudo /opt/bitnami/ctlscript.sh restart apache

When trying to access that URL, you should see something like this:

Screenshot 2021-09-07 at 13.56.55

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

@jcarmona … I’ve booted a new Bitnami WordPress Multisite instance and I won’t be installing WordFence this time to avoid any server issues.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.