Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

HTTP ERROR 500 on all server sites

Discussion in 'General Discussion' started by greektranslator, Feb 14, 2019.

  1. greektranslator

    greektranslator Well-Known Member

    Joined:
    Jun 5, 2011
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    Without doing anything on the server, all sites present the above error. I still have WHM/Cpanel access.

    From last error entries:

    [Thu Feb 14 22:09:18.183992 2019] [:error] [pid 22834:tid 47073999222528] [client 51.75.161.51:0] [client 51.75.161.51] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "176.31.235.xxx"] [uri "/admin/phpmyadmin/scripts/setup.php"] [unique_id "XGXK7lB9vBBS-XEUI1HgnwAAAdU"]
    [Thu Feb 14 22:09:18.184404 2019] [:error] [pid 22834:tid 47074001323776] [client 51.75.161.51:0] [client 51.75.161.51] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Found User-Agent associated with security scanner"] [tag "event-correlation"] [hostname "176.31.235.xxx"] [uri "/403.shtml"] [unique_id "XGXK7lB9vBBS-XEUI1HgnwAAAdU"]
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 greektranslator, Feb 14, 2019
    Last edited: Feb 14, 2019
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,272
    Likes Received:
    2,154
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @greektranslator,

    Can you share the output to /usr/local/apache/logs/error_log when you encounter the 500 error code in your browser?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. greektranslator

    greektranslator Well-Known Member

    Joined:
    Jun 5, 2011
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    [Thu Feb 14 22:32:20.754381 2019] [core:notice] [pid 11450:tid 47070470198336] AH00094: Command line: '/usr/sbin/httpd'
    [Thu Feb 14 22:34:19.866587 2019] [core:error] [pid 11677:tid 47070931126016] [client REMOVED:33820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
    [Thu Feb 14 22:34:23.204513 2019] [mpm_event:notice] [pid 11450:tid 47070470198336] AH00493: SIGUSR1 received. Doing graceful restart
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 greektranslator, Feb 14, 2019
    Last edited by a moderator: Feb 14, 2019
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,272
    Likes Received:
    2,154
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @greektranslator,

    I modified the output you shared to highlight the relevant error messages. The particular culprit is likely the following message, suggesting a potential lack of available resources:

    It's difficult to troubleshoot this type of issue without access to the affected system. I recommend opening a support ticket if you'd like us to take a closer look and rule out any problems with cPanel & WHM or the overall Apache configuration. You can post the ticket number here and we'll update this thread with the outcome, though do note you may need to contact a system administrator for assistance if it's determined to stem from something unrelated to cPanel & WHM (e.g. DDOS attack).

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. greektranslator

    greektranslator Well-Known Member

    Joined:
    Jun 5, 2011
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    HI, I did post a ticket (ticketid=11434833). The point is SMF is compatible with 7.1 and it was functioning fine for months on that. Also, it was not just that specific forum that went down, but ALL sites on that server.
    https://www.simplemachines.org/community/index.php?topic=553855.0
    https://www.simplemachines.org/community/index.php?topic=564738.msg4004435#msg4004435

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,272
    Likes Received:
    2,154
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @greektranslator,

    Upon reviewing the ticket, it's likely the "PHP Parse" error on the domain using SMF was unrelated to the "500" error code that appeared when accessing any of your domains.

    Do you use PHP-FPM for all of your domains? If so, review the global PHP error log for PHP 7.1 at /opt/cpanel/ea-php71/root/usr/var/log/php-fpm/error.log and see if there were any specific errors at the time the 500 error code appeared. Remember to remove any real domain names or IP addresses if you post any error output here, and to only post snippets of the log rather than the entire log file.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice