HTTP ERROR 500 on all server sites

[greektranslator]

Without doing anything on the server, all sites present the above error. I still have WHM/Cpanel access.

From last error entries:

[Thu Feb 14 22:09:18.183992 2019] [:error] [pid 22834:tid 47073999222528] [client 51.75.161.51:0] [client 51.75.161.51] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "176.31.235.xxx"] [uri "/admin/phpmyadmin/scripts/setup.php"] [unique_id "XGXK7lB9vBBS-XEUI1HgnwAAAdU"]
[Thu Feb 14 22:09:18.184404 2019] [:error] [pid 22834:tid 47074001323776] [client 51.75.161.51:0] [client 51.75.161.51] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Found User-Agent associated with security scanner"] [tag "event-correlation"] [hostname "176.31.235.xxx"] [uri "/403.shtml"] [unique_id "XGXK7lB9vBBS-XEUI1HgnwAAAdU"]

 

[cPanelMichael]

Hello @greektranslator,

Can you share the output to /usr/local/apache/logs/error_log when you encounter the 500 error code in your browser?

Thank you.

 

[greektranslator]

[Thu Feb 14 22:32:20.754381 2019] [core:notice] [pid 11450:tid 47070470198336] AH00094: Command line: '/usr/sbin/httpd'
[Thu Feb 14 22:34:19.866587 2019] [core:error] [pid 11677:tid 47070931126016] [client REMOVED:33820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Thu Feb 14 22:34:23.204513 2019] [mpm_event:notice] [pid 11450:tid 47070470198336] AH00493: SIGUSR1 received. Doing graceful restart

 

[cPanelMichael]

Hello @greektranslator,

I modified the output you shared to highlight the relevant error messages. The particular culprit is likely the following message, suggesting a potential lack of available resources:

[mpm_event:notice] [pid 11450:tid 47070470198336] AH00493: SIGUSR1 received. Doing graceful restart

It's difficult to troubleshoot this type of issue without access to the affected system. I recommend opening a support ticket if you'd like us to take a closer look and rule out any problems with cPanel & WHM or the overall Apache configuration. You can post the ticket number here and we'll update this thread with the outcome, though do note you may need to contact a system administrator for assistance if it's determined to stem from something unrelated to cPanel & WHM (e.g. DDOS attack).

Thank you.

 

[greektranslator]

HI, I did post a ticket (ticketid=11434833). The point is SMF is compatible with 7.1 and it was functioning fine for months on that. Also, it was not just that specific forum that went down, but ALL sites on that server.
https://www.simplemachines.org/community/index.php?topic=553855.0
https://www.simplemachines.org/community/index.php?topic=564738.msg4004435#msg4004435

It seems your Simple Machines Forums software (SMF) on the X account is not PHP 7.1 compatible.

As a test, I switched the PHP version from 7.1 to 5.6 and the site works now.

You'll need to consult with the authors of SMF if PHP 7.1 is not working as expected. The error I saw as:

[14-Feb-2019 20:41:24 UTC] PHP Parse error: syntax error, unexpected ''$string, '' (T_CONSTANT_ENCAPSED_STRING), expecting ';' in Load.php(257) : runtime-created function on line 2

That's a coding error in the script itself. I assumed it was that the mbstring function was not installed for PHP 7.1, but I checked that and it is.

[22:43:19 host [email protected] public_html]cPs# scl enable ea-php71 'php -m | grep mbstring'
mbstring

 

[cPanelMichael]

Hello @greektranslator,

Upon reviewing the ticket, it's likely the "PHP Parse" error on the domain using SMF was unrelated to the "500" error code that appeared when accessing any of your domains.

Do you use PHP-FPM for all of your domains? If so, review the global PHP error log for PHP 7.1 at /opt/cpanel/ea-php71/root/usr/var/log/php-fpm/error.log and see if there were any specific errors at the time the 500 error code appeared. Remember to remove any real domain names or IP addresses if you post any error output here, and to only post snippets of the log rather than the entire log file.

Thank you.