Is whitelisting all of CF ips on plesk panel a good idea?

Solved Security
  • I am recently encountering google social login issue on my flarum, all other social logins are working. https://discuss.flarum.org/d/25182-friendsofflarum-oauth/343

    https://i.imgur.com/rC5YD04.png

    setting the firewall OFF is solving the login issue but this is not the right solution

    what could be the problem of my issue? i am checking this with FoF i understand this is something related to flarum but at the same time i want to take your opinion on handling this

    is white listing CF ips would solve the issue, is it a good idea? https://www.cloudflare.com/ips-v4

    below mentioned is MOD security error log

    https://docs.plesk.com/en-US/onyx/administrator-guide/server-administration/web-application-firewall-modsecurity.73383/

    [Wed Jun 15 02:09:18.099771 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Wed Jun 15 02:09:43.382478 2022] [proxy_fcgi:error] [pid 6366:tid 140208569825024] [client 162.158.162.17:0] AH01071: Got error 'Primary script unknown'
    [Wed Jun 15 02:09:45.804391 2022] [autoindex:error] [pid 6366:tid 140208595003136] [client 162.158.163.14:0] AH01276: Cannot serve directory /var/www/vhosts/domain.com/ask.domain.com/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.shtml) found, and server-generated directory index forbidden by Options directive
    [Wed Jun 15 02:11:10.538868 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Wed Jun 15 02:11:13.352938 2022] [core:crit] [pid 7496:tid 140208544646912] (13)Permission denied: [client 162.158.163.214:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
    [Wed Jun 15 02:11:13.886369 2022] [core:crit] [pid 7496:tid 140208536254208] (13)Permission denied: [client 162.158.162.99:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable, referer: https://ask.domain.com/
    [Wed Jun 15 02:11:15.698434 2022] [core:crit] [pid 7497:tid 140208603395840] (13)Permission denied: [client 162.158.162.89:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
    [Wed Jun 15 02:11:19.502834 2022] [core:crit] [pid 7496:tid 140208527861504] (13)Permission denied: [client 162.158.162.235:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
    [Wed Jun 15 02:12:49.204611 2022] [core:crit] [pid 7496:tid 140208519468800] (13)Permission denied: [client 162.158.163.214:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
    [Wed Jun 15 02:12:49.779996 2022] [core:crit] [pid 7496:tid 140208511076096] (13)Permission denied: [client 162.158.162.99:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable, referer: https://ask.domain.com/
    [Wed Jun 15 02:12:50.099405 2022] [core:crit] [pid 7496:tid 140208502683392] (13)Permission denied: [client 162.158.163.222:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
    [Wed Jun 15 02:12:50.446347 2022] [core:crit] [pid 7497:tid 140208586610432] (13)Permission denied: [client 162.158.163.222:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
    [Wed Jun 15 02:12:50.949608 2022] [core:crit] [pid 7496:tid 140208494290688] (13)Permission denied: [client 162.158.162.99:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable, referer: https://ask.domain.com/
    [Wed Jun 15 02:12:51.099223 2022] [core:crit] [pid 7496:tid 140208477505280] (13)Permission denied: [client 162.158.163.214:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
    [Wed Jun 15 02:12:51.457845 2022] [core:crit] [pid 7496:tid 140208469112576] (13)Permission denied: [client 162.158.162.99:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable, referer: https://ask.domain.com/
    [Wed Jun 15 02:13:09.700752 2022] [core:crit] [pid 7496:tid 140208452327168] (13)Permission denied: [client 162.158.163.200:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
    [Wed Jun 15 02:14:44.147673 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Wed Jun 15 02:27:52.232283 2022] [proxy_fcgi:error] [pid 9780:tid 140208569825024] [client 162.158.162.17:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.010149 2022] [proxy_fcgi:error] [pid 9768:tid 140208217462528] [client 162.158.163.214:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.500941 2022] [proxy_fcgi:error] [pid 9768:tid 140208511076096] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.519289 2022] [proxy_fcgi:error] [pid 9768:tid 140208251066112] [client 162.158.163.14:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.548120 2022] [proxy_fcgi:error] [pid 9768:tid 140208569825024] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.592215 2022] [proxy_fcgi:error] [pid 9768:tid 140208561432320] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.613714 2022] [proxy_fcgi:error] [pid 9768:tid 140208553039616] [client 162.158.163.14:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.645807 2022] [proxy_fcgi:error] [pid 9768:tid 140208536254208] [client 162.158.162.17:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.667662 2022] [proxy_fcgi:error] [pid 9768:tid 140208368465664] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.728957 2022] [proxy_fcgi:error] [pid 9768:tid 140208603395840] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.784193 2022] [proxy_fcgi:error] [pid 9768:tid 140208360072960] [client 162.158.162.17:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.790822 2022] [proxy_fcgi:error] [pid 9780:tid 140208553039616] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.815988 2022] [proxy_fcgi:error] [pid 9768:tid 140208351680256] [client 162.158.163.214:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.850240 2022] [proxy_fcgi:error] [pid 9780:tid 140208536254208] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.876244 2022] [proxy_fcgi:error] [pid 9780:tid 140208511076096] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.920156 2022] [proxy_fcgi:error] [pid 9780:tid 140208494290688] [client 162.158.162.17:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:55.930878 2022] [proxy_fcgi:error] [pid 9768:tid 140208259458816] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:56.039324 2022] [proxy_fcgi:error] [pid 9780:tid 140208452327168] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:56.090775 2022] [proxy_fcgi:error] [pid 9768:tid 140208527861504] [client 162.158.163.214:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:27:56.192898 2022] [proxy_fcgi:error] [pid 9768:tid 140208595003136] [client 162.158.163.14:0] AH01071: Got error 'PHP message: PHP Fatal error:  Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n  thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
    [Wed Jun 15 02:29:43.170174 2022] [:error] [pid 9768:tid 140208519468800] [client 162.158.163.214:0] [client 162.158.163.214] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile openid https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "YqlEF05yvNKGrhj@JcvjRwAAAAo"]
    [Wed Jun 15 02:31:56.359284 2022] [:error] [pid 9768:tid 140208267851520] [client 162.158.163.222:0] [client 162.158.163.222] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "YqlEnE5yvNKGrhj@JcvjVAAAABA"]
    [Wed Jun 15 02:32:52.681099 2022] [:error] [pid 9768:tid 140207462545152] [client 162.158.162.17:0] [client 162.158.162.17] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "YqlE1E5yvNKGrhj@JcvjWQAAABY"]
    [Wed Jun 15 02:35:03.919471 2022] [proxy_fcgi:error] [pid 9768:tid 140208578217728] [client 162.158.162.17:0] AH01071: Got error 'PHP message: PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 4198400 bytes) in /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Frontend/Compiler/JsCompiler.php on line 58'
    [Wed Jun 15 02:41:58.453864 2022] [:error] [pid 9768:tid 140208578217728] [client 162.158.163.214:0] [client 162.158.163.214] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "YqlG9k5yvNKGrhj@JcvjbAAAAAM"]
    [Wed Jun 15 19:02:46.831198 2022] [:error] [pid 9780:tid 140208544646912] [client 162.158.163.230:0] [client 162.158.163.230] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.profile openid https:/www.googleapis.com/auth/userinfo.email"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "Yqos1ok86vzjmWxiXhdjWQAAAEc"]
    [Wed Jun 15 19:20:16.365823 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Wed Jun 15 20:37:24.316972 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Wed Jun 15 20:38:11.296962 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Wed Jun 15 20:54:00.391607 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Wed Jun 15 20:56:59.767639 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Wed Jun 15 21:23:31.169513 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Wed Jun 15 21:26:51.529563 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Thu Jun 16 00:00:06.258800 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Thu Jun 16 00:00:12.462299 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Thu Jun 16 00:10:49.866051 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Thu Jun 16 00:15:09.871371 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Thu Jun 16 04:26:42.517867 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Thu Jun 16 04:38:37.132509 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Thu Jun 16 16:51:01.892066 2022] [proxy_fcgi:error] [pid 214153:tid 140208536286976] [client 162.158.163.192:0] AH01071: Got error 'PHP message: PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 2097152 bytes) in /var/www/vhosts/domain.com/ask.domain.com/storage/less/lessphp_cp1441skk1kwk4sk8sggocso4ccwsws.lesscache on line 3', referer: https://ask.domain.com/admin
    [Thu Jun 16 16:51:25.710449 2022] [proxy_fcgi:error] [pid 214139:tid 140208360105728] [client 162.158.162.235:0] AH01071: Got error 'PHP message: PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 8388608 bytes) in /var/www/vhosts/domain.com/ask.domain.com/vendor/sycho/sourcemap/src/parsing/SegmentParser.php on line 51', referer: https://ask.domain.com/admin
    [Thu Jun 16 16:51:30.075556 2022] [proxy_fcgi:error] [pid 214139:tid 140208616523520] [client 162.158.162.17:0] AH01071: Got error 'PHP message: PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 32768 bytes) in /var/www/vhosts/domain.com/ask.domain.com/storage/less/lessphp_cp1441skk1kwk4sk8sggocso4ccwsws.lesscache on line 3', referer: https://ask.domain.com/admin
    [Thu Jun 16 16:51:55.763089 2022] [proxy_fcgi:error] [pid 214139:tid 140208402069248] [client 162.158.162.225:0] AH01071: Got error 'PHP message: PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 8388608 bytes) in /var/www/vhosts/domain.com/ask.domain.com/vendor/sycho/sourcemap/src/parsing/SegmentParser.php on line 52', referer: https://ask.domain.com/admin
    [Thu Jun 16 16:51:57.093191 2022] [proxy_fcgi:error] [pid 214139:tid 140208536286976] [client 162.158.162.123:0] AH01071: Got error 'PHP message: PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 32768 bytes) in /var/www/vhosts/domain.com/ask.domain.com/storage/less/lessphp_cp1441skk1kwk4sk8sggocso4ccwsws.lesscache on line 3', referer: https://ask.domain.com/admin
    [Fri Jun 17 00:00:06.016973 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Fri Jun 17 00:00:12.356501 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Sat Jun 18 00:00:07.083509 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Sat Jun 18 00:00:13.358214 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Sat Jun 18 04:40:29.461238 2022] [:error] [pid 522273:tid 140208435574528] [client 162.158.163.14:0] [client 162.158.163.14] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile openid https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "Yq1XPW3j44ht3Vj6@4NbLgAAAFM"]
    [Sat Jun 18 04:43:42.949876 2022] [:error] [pid 522245:tid 140208622507776] [client 162.158.162.225:0] [client 162.158.162.225] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "Yq1X-hcxu015Y@ZC6uBIZQAAAAU"]
    [Sat Jun 18 04:49:19.569052 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Sat Jun 18 05:01:59.656548 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Sat Jun 18 05:11:12.533569 2022] [ssl:warn] [pid 561930:tid 140494744509504] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Sat Jun 18 05:11:12.556320 2022] [ssl:warn] [pid 561932:tid 140494744509504] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Sat Jun 18 05:11:16.385620 2022] [ssl:warn] [pid 561932:tid 140494744509504] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    [Sat Jun 18 05:11:29.136927 2022] [proxy_fcgi:error] [pid 562138:tid 140494503876352] [client 162.158.163.14:0] AH01071: Got error 'PHP message: PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 4202496 bytes) in /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Frontend/Compiler/JsCompiler.php on line 58', referer: https://ask.domain.com/admin
    [Sat Jun 18 05:30:12.149110 2022] [ssl:warn] [pid 561932:tid 140494744509504] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
    
  • @phenomlab doing this solved the issue, i have whitelisted auth URL activity in Plesk firewall and login with google is working.

    3704fb46-d306-4a8c-ac03-27d15423de6b-image.png

  • @Hari said in Is whitelisting all of CF ips on plesk panel a good idea?:

    what could be the problem of my issue? i am checking this with FoF i understand this is something related to flarum but at the same time i want to take your opinion on handling this
    is white listing CF ips would solve the issue, is it a good idea? https://www.cloudflare.com/ips-v4

    Setting CF to off for the entire site isn’t a good solution at all. It would be a much better approach to use a page rule for the URL in question that disables security

  • @phenomlab doing this solved the issue, i have whitelisted auth URL activity in Plesk firewall and login with google is working.

    3704fb46-d306-4a8c-ac03-27d15423de6b-image.png

  • Hariundefined Hari has marked this topic as solved on
  • @Hari that’s a common Plesk issue. I had that all time when using it and eventually you’ll need to poke so many holes like this to get things to work that your security will look like Swiss cheese.

    One of the reasons I stopped using Plesk.


Did this solution help you?
Did you find the suggested solution useful? Why not buy me a coffee? It's a nice gesture, and a great way to show your appreciation💗

  • 2 Votes
    5 Posts
    69 Views

    @mathourthy Good question. They have zero effect from what I can see. It’s not going to stop them from targeting anyone else.

  • 1 Votes
    1 Posts
    49 Views

    This is nuts. Not only did a bunch of teenagers hack into some of the best defended networks in the world, but the UK authorities allowed one individual to do this three times - despite arresting him in the first instance then bailing him - for him to do the same again - TWICE.

    The legal system in the UK is a joke. The computer misuse act alone should have been enough to detain him pending trial, and yet, they released him and allowed him to continue??

    https://www.bbc.com/news/technology-66549159

    Now, admittedly, there is an art form here that should be leveraged and understood in order for organizations to better arm themselves against future attacks. If juveniles are able to break their way into high profile organizations, then this would literally be kindergarten for an experienced nefarious actor.

    It seems that high profile companies will continue to remain targets while they focus more effort on profits than user vulnerability. According to the article, the attackers bombarded employees with access requests and some approved this access as a way of making it stop!

    There are several extremely valuable lessons that can be learned from these events - one of them being able to determine the level of risk posed by an individual - which it seems that the UK authorities completely failed to do.

    More on the recently updated Computer Misuse Act can be found below

    https://www.gov.uk/government/consultations/review-of-the-computer-misuse-act-1990/review-of-the-computer-misuse-act-1990-consultation-and-response-to-call-for-information-accessible

  • 1 Votes
    1 Posts
    35 Views

    It’s not often that I post anything on LinkedIn, but the post below caught my eye, and raised an eyebrow (to say the least) when I read it.

    Screenshot_2023-08-24-20-39-47-54_254de13a4bc8758c9908fff1f73e3725.jpg

    I typically remain impassive and neutral to most of these types of post as they are usually aimed at selling you something. However, the frankly absurd security advice here being offered was so bad, I found it hard to ignore and posted the below response

    Forgive me if I decide not to take any of your cyber security advice as all of the points you’ve raised are the entire point of phishing exercises. Do you really think a nefarious actor isn’t going to send emails that look just like this (mostly because they have succeeded elsewhere as others have highlighted)?

    Your profile states that you are the leader of a world class cyber security team, yet you offer really bad advice like this? This is exactly how all cyber security campaigns work and their effectiveness is blatantly obvious by the screenshot you posted.

    “Hurt feelings” are irrelevant when you are measuring the effectiveness of your cyber security program. As the primary defense in any organization, the security department needs to be in a position to detect and repel as many attacks as possible. The paradigm here being that an organization needs to stop thousands of these attacks getting through per day (probably way more) yet an attacker only needs one link to be clicked for their campaign to succeed.

    Employee security awareness should in fact be everything that the original poster claims it shouldn’t be. Just look at the success rate of previous campaigns which any decent training program is based on.

    The bottom line here is that I really don’t understand the reasoning for the original post. This guy claims to be the leader of a world class cyber security team, yet he decides to give poor advice like this?

    Speechless. And this is a so called professional?? We’re all doomed 😱

  • 0 Votes
    4 Posts
    152 Views

    @DownPW 🙂 most of this really depends on your desired security model. In all cases with firewalls, less is always more, although it’s never as clear cut as that, and there are always bespoke ports you’ll need to open periodically.

    Heztner’s DDoS protection is superior, and I know they have invested a lot of time, effort, and money into making it extremely effective. However, if you consider that the largest ever DDoS attack hit Cloudflare at 71m rps (and they were able to deflect it), and each attack can last anywhere between 8-24 hours which really depends on how determined the attacker(s) is/are, you can never be fully prepared - nor can you trace it’s true origin.

    DDoS attacks by their nature (Distributed Denial of Service) are conducted by large numbers of devices whom have become part of a “bot army” - and in most cases, the owners of these devices are blissfully unaware that they have been attacked and are under command and control from a nefarious resource. Given that the attacks originate from multiple sources, this allows the real attacker to observe from a distance whilst concealing their own identity and origin in the process.

    If you consider the desired effect of DDoS, it is not an attempt to access ports that are typically closed, but to flood (and eventually overwhelm) the target (such as a website) with millions of requests per second in an attempt to force it offline. Victims of DDoS attacks are often financial services for example, with either extortion or financial gain being the primary objective - in other words, pay for the originator to stop the attack.

    It’s even possible to get DDoS as a service these days - with a credit card, a few clicks of a mouse and a target IP, you can have your own proxy campaign running in minutes which typically involves “booters” or “stressers” - see below for more

    https://heimdalsecurity.com/blog/ddos-as-a-service-attacks-what-are-they-and-how-do-they-work

    @DownPW said in Setting for high load and prevent DDoS (sysctl, iptables, crowdsec or other):

    in short if you have any advice to give to secure the best.

    It’s not just about DDos or firewalls. There are a number of vulnerabilities on all systems that if not patched, will expose that same system to exploit. One of my favourite online testers which does a lot more than most basic ones is below

    https://www.immuniweb.com/websec/

    I’d start with the findings reported here and use that to branch outwards.

  • 19 Votes
    21 Posts
    511 Views

    @crazycells this perhaps? 🙂

    terminator_endoskeleton_1020.webp

  • 3 Votes
    4 Posts
    122 Views

    @DownPW yeah, I seem to spend a large amount of my time trying to educate people that there’s no silver bullet when it comes to security.

  • 6 Votes
    12 Posts
    240 Views

    @crazycells yes. I’m guessing the regulators here are the SEC.

  • 4 Votes
    3 Posts
    485 Views

    @phenomlab

    No they have a free and pro console instance.
    We can see alert with IP, Source AS, scenario attack etc…

    Installation on the NODEBB server without problems. Very good tools

    cf7e5a89-84f4-435b-82eb-434c0bfc895e-image.png
    cc82a10e-a1f1-4fd8-a433-7c9b2d31f254-image.png

    1b7147b0-37c6-4d87-b4f1-a0fe92e74afd-image.png

    7c21fc10-1825-48e1-a993-92b84455f074-image.png


    We can also do research on IPs via the crowdsec analyzer

    I believe it’s 500 per month in the Free version

    43bc8265-a57c-4439-829c-0bb8602d99b4-image.png