search

Highfivery / zero-spam-for-wordpress

The WordPress Zero Spam plugin makes blocking spam a cinch without all the bloated options. Just install, activate, and say goodbye to spam.
https://wordpress.org/plugins/zero-spam/
72 stars 32 forks source link

[BUG] "Errorcode 500 internal server error" , corrupt .htaccess file #274

Closed EnerKnis closed 3 years ago

EnerKnis commented 3 years ago

Describe the bug As of ZeroSpam v5.1.3 :"Errorcode 500 internal server error" after using action [Block IP] [Permanent] from the log tab. The error is caused by a corrupt .htaccess file on a Apache 2.4 server. The syntax used by ZeroSpam to block ips is "Deny from" . This will only work for old Apache servers, prior to v2.4. The current syntax is "Require not ip".

Because it's very hard to find out what version apache is running (security reasons) blocking ips by .htaccess should only be availble as an option from the ZeroSpam settings pages: option 1 NO (Default) option 2 YES "Require not ip" (for Apache server 2.4) option 3 YES "Deny from" (for older Apache servers) It should be clearly stated that choosing the wrong option will make the entire http/s website unavailable. (only to be fixed by FTP or hostingmanager)

bmarshall511 commented 3 years ago

@EnerKnis Oh no, thanks for letting me know. I'll get this updated ASAP and push out a hotfix today. Really appreciate the info!

bmarshall511 commented 3 years ago

@EnerKnis For Apache 2.4, does this look right:

<RequireAll>
Require all granted
Require not ip 72.133.122.151 188.126.73.206 185.191.171.38
</RequireAll>
bmarshall511 commented 3 years ago

@EnerKnis Just released a hotfix for this, v5.1.4, let me know if this fixes it for you.

EnerKnis commented 3 years ago

Thanks for the speedy fix. Installation went perfect, easy to find options. But did it work for me, èh no. When using the action [Update Block] on the ZeroSpam log tab it will return "Internal Server Error". It took me some time to find out why. Turns out that having 1102 items in my blocked ip list creates a line in htaccess that exceeds the maximum length of 8190 characters. (https://httpd.apache.org/docs/current/en/configuring.html) Now that i know the cause i just ad a couple of "Require not ip" to the htaccess file. Then it works fine for the time being.

bmarshall511 commented 3 years ago

Good info @EnerKnis. I'll work on an update that tries to help prevent this.

About how many IPs do you think there were when you ran into that?

bmarshall511 commented 3 years ago

@EnerKnis Added some warnings to help prevent people from adding too many IPs when using .htacess

If you have time, could you rate the plugin: https://wordpress.org/plugins/zero-spam/, I'd really appreciate it!