Why is this Wordpress blog suddenly blocked in Berlin?
July 7, 2010 4:41 PM Subscribe
I updated a Wordpress blog today and now it's throwing a 403 error... in Germany. Which is where my client is vacationing! What would be causing a 403 error on her side?
I posted a bunch of layout updates to a Wordpress blog today. Everything went fairly smoothly until I contacted my client to let her know it was live. She reported back that she "cleared my cache. still get a 403 permission denied. i cannot look at the site". She had viewed the pre-updated site much earlier in the day. Commence panic!
I checked with four other people at different locations in the US, including the site's host (Bluehost). Everyone could see the site and no one saw a 403 error. Nothing truly radical happened on the code side.
The host suggested that maybe the updates triggered some kind of filtering program at her location. Or her ISP decided to block a range of IP addresses for some reason (including Bluehosts)
Developer MeFites, what could be causing this error and how would I go about fixing it? I've never run into anything like it before.
I posted a bunch of layout updates to a Wordpress blog today. Everything went fairly smoothly until I contacted my client to let her know it was live. She reported back that she "cleared my cache. still get a 403 permission denied. i cannot look at the site". She had viewed the pre-updated site much earlier in the day. Commence panic!
I checked with four other people at different locations in the US, including the site's host (Bluehost). Everyone could see the site and no one saw a 403 error. Nothing truly radical happened on the code side.
The host suggested that maybe the updates triggered some kind of filtering program at her location. Or her ISP decided to block a range of IP addresses for some reason (including Bluehosts)
Developer MeFites, what could be causing this error and how would I go about fixing it? I've never run into anything like it before.
Response by poster: Looks like I have access to logs from today. What do I need to look for?
posted by missmobtown at 4:59 PM on July 7, 2010
posted by missmobtown at 4:59 PM on July 7, 2010
It's all about process of elimination.
First, try to find a way to view the site from Germany (not your client), so that you can confirm whether or not it has anything to do with where you're getting to the site from.
Ask the client to use a different browser (unlikely cause, but rule everything out).
Ask the client if they can try another computer, ideally via a different ISP.
Have your client visit another Bluehost site.
Put a static page up somewhere on the server and have your client try to reach it.
It may not show up on the server logs if, for example, it is a result of a rewrite rule and you don't have the rewrite log switched on.
posted by Deathalicious at 5:00 PM on July 7, 2010
First, try to find a way to view the site from Germany (not your client), so that you can confirm whether or not it has anything to do with where you're getting to the site from.
Ask the client to use a different browser (unlikely cause, but rule everything out).
Ask the client if they can try another computer, ideally via a different ISP.
Have your client visit another Bluehost site.
Put a static page up somewhere on the server and have your client try to reach it.
It may not show up on the server logs if, for example, it is a result of a rewrite rule and you don't have the rewrite log switched on.
posted by Deathalicious at 5:00 PM on July 7, 2010
On postview: my response was written before I saw your latest question.
The error_log file should list all errors logged by the web server.
The access_log will list all accesses.
You need to get your client's ip address and then search for that ip address (which is usually logged) in these files. They will give you some information -- generally, the path that was being accessed, the exact error status code, and the date/time. It generally doesn't indicate why an error occurred, only that it occurred.
If you don't see *any* records from your client's IP address, one possibility is that they were going to the wrong URL. It does happen.
posted by Deathalicious at 5:03 PM on July 7, 2010
The error_log file should list all errors logged by the web server.
The access_log will list all accesses.
You need to get your client's ip address and then search for that ip address (which is usually logged) in these files. They will give you some information -- generally, the path that was being accessed, the exact error status code, and the date/time. It generally doesn't indicate why an error occurred, only that it occurred.
If you don't see *any* records from your client's IP address, one possibility is that they were going to the wrong URL. It does happen.
posted by Deathalicious at 5:03 PM on July 7, 2010
Contact Bluehost. A 403 error specifically means that the server has been successfully reached, but is denying access to the client requesting it. Maybe this is a bad hacking-prevention effort on Bluehosts' part.
posted by ElfWord at 5:05 PM on July 7, 2010
posted by ElfWord at 5:05 PM on July 7, 2010
A 403 error is an Access Forbidden error of some variety.
First instinct, given that it seems to be regional, is some sort of localization - The interface for many programs like Wordpress have localized versions in different languages, and Wordpress may be broken in some way when trying to serve a German variant of the page.
See if there's any localization options you can enable/disable.
posted by Rendus at 5:23 PM on July 7, 2010
First instinct, given that it seems to be regional, is some sort of localization - The interface for many programs like Wordpress have localized versions in different languages, and Wordpress may be broken in some way when trying to serve a German variant of the page.
See if there's any localization options you can enable/disable.
posted by Rendus at 5:23 PM on July 7, 2010
Response by poster: There are a lot of 403's tied to this IP address, specifically, if I'm reading the logs right.
92.224.253.47 - - [07/Jul/2010:16:33:24 -0600] "GET / HTTP/1.0" 403 406 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.10) Gecko/20100504 Firefox/3.5.10 (.NET CLR 3.5.30729)"
posted by missmobtown at 5:34 PM on July 7, 2010
92.224.253.47 - - [07/Jul/2010:16:33:24 -0600] "GET / HTTP/1.0" 403 406 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.10) Gecko/20100504 Firefox/3.5.10 (.NET CLR 3.5.30729)"
posted by missmobtown at 5:34 PM on July 7, 2010
You updated the theme, right? Can you switch to a default theme and have her try again?
posted by ErikaB at 6:15 PM on July 7, 2010
posted by ErikaB at 6:15 PM on July 7, 2010
Response by poster: And I just found that in her htaccess file there was one line that read:
deny from 92.
Any chance this is the problem?
posted by missmobtown at 6:16 PM on July 7, 2010
deny from 92.
Any chance this is the problem?
posted by missmobtown at 6:16 PM on July 7, 2010
Best answer: Any chance this is the problem?
Yes. That's almost certainly it.
No clue why it would be set up that way, but remove that line and ask her to try again.
posted by Deathalicious at 6:20 PM on July 7, 2010
Yes. That's almost certainly it.
No clue why it would be set up that way, but remove that line and ask her to try again.
posted by Deathalicious at 6:20 PM on July 7, 2010
Oh yeah forget what I said, that 92 line is definitely the culprit.
posted by ErikaB at 6:35 PM on July 7, 2010
posted by ErikaB at 6:35 PM on July 7, 2010
OH WAIT BEFORE YOU CHANGE IT check the last changed date on that file to see when it was updated that way.
posted by ErikaB at 6:36 PM on July 7, 2010
posted by ErikaB at 6:36 PM on July 7, 2010
Best answer: *ahem* sorry, just hoping to catch you in time!
Anyway, my guess is that at some point in the far distant past, your site was having trouble with someone from that block of IP addresses. And that this line was added as a quick and dirty way of blocking Germany from visiting the site.
This is an easy, if somewhat ham-handed, way of solving a fairly common problem.
I elaborate because once you remove that line (and possibly restart the server), your client's first question is going to be "Well who did that in the first place?"
If you can check the date on the file before you change it, you'll be able to say "May 12th, 2007."
As to why she was "suddenly" blocked in conjunction with your update, ask her if she had visited the website from Germany before you emailed and asked her to check out your new changes. If she says yes she had visited the site, then just say something along the lines of "Your German ISP must have assigned you a new IP address from the bad block in the meantime."
But my guess is, she hadn't checked the site until you asked her to.
posted by ErikaB at 6:40 PM on July 7, 2010
Anyway, my guess is that at some point in the far distant past, your site was having trouble with someone from that block of IP addresses. And that this line was added as a quick and dirty way of blocking Germany from visiting the site.
This is an easy, if somewhat ham-handed, way of solving a fairly common problem.
I elaborate because once you remove that line (and possibly restart the server), your client's first question is going to be "Well who did that in the first place?"
If you can check the date on the file before you change it, you'll be able to say "May 12th, 2007."
As to why she was "suddenly" blocked in conjunction with your update, ask her if she had visited the website from Germany before you emailed and asked her to check out your new changes. If she says yes she had visited the site, then just say something along the lines of "Your German ISP must have assigned you a new IP address from the bad block in the meantime."
But my guess is, she hadn't checked the site until you asked her to.
posted by ErikaB at 6:40 PM on July 7, 2010
FYI blocking all "92" address would span different organizations from Portugal to the UK to Russia, so do not assume you were just blocking Germany or anything, it's not that simple to block a country. For instance, the htaccess may have blocked her work, but not a coffeeshop right next door, it's all according to what ISPs were being used.
posted by yeahyeahyeahwhoo at 7:45 AM on July 8, 2010
posted by yeahyeahyeahwhoo at 7:45 AM on July 8, 2010
Response by poster: Looks like htaccess was last updated on 5/5/10, though the 92. line was about midway down a long list of blocked IPs. Undoubtedly this was some kind of spam control effort, though not a very mindful one! I'll be sure to warn her about that, after she's done expressing gratitude about her blog being fixed :-)
Mefites, you guys rule. I can always count on good advice when I come here. Thanks!
CG
posted by missmobtown at 8:40 AM on July 8, 2010
Mefites, you guys rule. I can always count on good advice when I come here. Thanks!
CG
posted by missmobtown at 8:40 AM on July 8, 2010
This thread is closed to new comments.
posted by jrockway at 4:45 PM on July 7, 2010