Recently installed OSSEC on Centos, and have found that I am unable to log into Wordpress dashboard at all when the OSSEC service is started.

In fact, I'm unable to reach my web service for about 5 minutes after attempting to log into the Wordpress dashboard!!

I disabled OSSEC, and this solved the problem. The strange thing is, OSSEC did not fire any warnings to me at all. And there are no log entries to indicate what the issue is.

I've googled the topic, but have not been able to find any literature about a potential conflict between OSSEC and Wordpress.

Wondering if the brain trust @ Linode could shine some light on this for me?

Cheers
Dave

Weird, might not be wordpress related, I'm wondering if for some reason OSSEC is ip blocking you, can you log in via SSH when you can't get into wordpress?

For around 5 minutes i cannot even get a ping response from my ip address!

My sites are still active from different connection however..

Then OSSEC is blocking your IP via firewall, check your OSSEC rules.

yes, it seems that i'm getting firewalled when i try and access the admin panel.

hard to know how to deal with this as my DSL IP is dynamic. So unless i switch off the wordpress rules, I can't see another solution.

Cheers
Dave

ok, have finally figured out the cause of this.

I also have suhosin installed, and it is firing a warning into the php.log about the script trying to increase memory in php.ini.

This fires OSSEC to firewall my ip for 5 minutes or so.

So the fix is to disable the logging of this event by Suhosin.

Ah the joys of suhosin, tried it, don't like it, had a really weird error where running mt_rand(0,1) would 75% of the time result in a 1...so not random. Also the suhosin forums have been in "maintenance" mode for months not very confidence inspiring.

interesting problem that i have trying to shut suhosin down.

am running lighttpd with php-cgi

i shut down lighttpd and kill all php-cgi spawn's, however when i restart lighttpd, the php.ini is not reloaded with the new configuration.

short of rebooting the linode, i'm not sure what i can do?

That's a bit weird, each time a php-cgi script is spawned it should read the php.ini file. Check your phpinfo() and make sure the Loaded Configuration File (near the top) is the right one.

But the important stuff is up there. Like the constant kick-back ads in their footer....

To bad nobody can get help on why suhosin breaks so much stuff....

Yep /etc/php.ini is the file that is being read and also the file that i am editting.

I've done a reboot and the problem persists. I cannot stop suhosin from being loaded.

Just to confirm thou, i have commented out the suhosin.so extension line, however the suhosin.ini is still being loaded by php.

Should i also remove the suhosini.ini file? i would have thought that by removing the extension, that would also stop the .ini from being loaded.

If php is configured to load extra ini files that maybe why it's loading the suhosin.ini remove it see if it fixes it.

yep, just moved the suhosin.ini out and it is no longer loading.

thanks!