Jump to content

Admin area showing 503 error


kurraglen

Recommended Posts

I tried to login in to my shop admin area which shows the login screen but enter the username and password, it returns an error:

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Additionally, a 503 Service Unavailable error was encountered while trying to use an ErrorDocument to handle the request.


 
Our site is hosted by Vodien and we have had numerous times when it appears that our cPanel password has been changed but not by us. Whether that has anything to do with it, I'm not sure.
 
Any help would be great, as the support at Vodien is hopeless sometimes. They are suggesting that it is my internet connection, which it isn't.
 
Thanks Bruce
Link to comment
Share on other sites

I have not seen a 503 Error, even if it were to have been caused by CubeCart. But, to begin searching for the problem, create the error log.

https://forums.cubecart.com/topic/51550-how-to-create-the-error-log/

If no error_log appears, then in Cpanel, find the web server error log. Hopefully your hosting provider has one enabled for your account.

Link to comment
Share on other sites

Thanks for that.

The last error is showing:

[01-Dec-2022 17:07:04 Australia/Sydney] PHP Notice:  Possible Phishing attack - Redirection to 'http://kurraglenindustries.com.au/shop/admin_14HXeN.php?_g=login' is not allowed. Please check the value of 'Store URL' in the SSL section of your store settings. in /home/xxxxxxxx/public_html/shop/classes/admin.class.php on line 437

I changed the account to x's for security.

I just checked previous errors, which show:

[25-Nov-2022 16:46:44 Australia/Sydney] PHP Warning:  Security Warning: Illegal array key "bxMY=5800_AND_1=1_UNION_ALL_SELECT_1,NULL,'<script>alert("XSS")</script>',table_name_FROM_information_schema_tables_WHERE_2>1--/**/;_EXEC_xp_cmdshell('cat___/__/__/etc/passwd')#" was detected and was removed. in /home/xxxxxxxx/public_html/shop/classes/sanitize.class.php on line 114
[25-Nov-2022 17:03:23 Australia/Sydney] PHP Warning:  Security Warning: Illegal array key "bMIr=1773_AND_1=1_UNION_ALL_SELECT_1,NULL,'<script>alert("XSS")</script>',table_name_FROM_information_schema_tables_WHERE_2>1--/**/;_EXEC_xp_cmdshell('cat___/__/__/etc/passwd')#" was detected and was removed. in /home/xxxxxxxx/public_html/shop/classes/sanitize.class.php on line 114
[25-Nov-2022 17:03:23 Australia/Sydney] PHP Warning:  Invalid Security Token in /home/xxxxxxxx/public_html/shop/classes/sanitize.class.php on line 155
[25-Nov-2022 17:03:39 Australia/Sydney] PHP Warning:  Invalid Security Token in /home/xxxxxxxx/public_html/shop/classes/sanitize.class.php on line 155

 

Link to comment
Share on other sites

The first Notice is expected. That happens all the time. That one is not one to worry about.

The other four seems to be a miscreant making attempts at penetration testing - SQL Injection.

As such, and if there are a lot of these errors logged, it could be (just a scientific wild guess) there is a security appliance taking notice of these attempts and is shutting down access to your site momentarily.

As said, that is just a wild guess. If your hosting provider's tech support can be reached, maybe having a conversation about what they do for penetration blocking and how that may affect your site is in order.

Cpanel will also have web access logs. You can match up the minute/second time (adjust hours for time zone) to learn of the IP address of these penetration attempts.

 

Link to comment
Share on other sites

  • 1 month later...

Yes, eventually.

My Cubecart site and 2 other websites that I have, as well as a lot of others on the same shared server were infected with malware and kept regenerating files like about.php, lock360.php or radio.php and modifying index and htaccess files.

Vodien hosting support was hopeless and they couldn't fix it, so eventually I spent hours finding and removing a lot of files that didn't belong there.

I gave Vodien the flick and changed over to VentraIP and the problem no longer exists and the sites load a lot faster.

I am not convinced that it was just the malware that was causing the 503 error. I suspect that it was an issue with the server itself that Vodien was having intermittent problems with and seemed that they were incapable of rectifying it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...