Tyler Griff
New member
- Joined
- Feb 9, 2023
- Messages
- 4
Hi there, I have recently attempted setting up my first website. I have purchased hosting and am using Direct Admin.
If it matters I am using a Direct Admin Reseller account, and for this website I operate under ‘User Access Level’.
I am a young photographer in Sydney, Australia, trying to set-up a portfolio website and to learn the basics of making a website myself.
Apologies if my question has already been answered elsewhere, I couldn't find a solution by searching. If so please point me in the right direction. Additionally, if I have provided too much information or my screenshots or error logs compromise my website safety / security please let me know as I am new to this world and a bit naive to it.
My website url is: tylergriffsmith.com
When I attempt to access wordpress admin (tylergriffsmith.com/wp) I get this error:
Forbidden
You don't have permission to access this resource.
If I type in tylergriffsmith.com/wp-admin. I get this error:
Not Found
The requested URL was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
I have a feeling this has something to do with my Files / Folder structure, as setting up I think involved a lot of deleting, moving and renaming things to get wordpress installed and up and running. I might have messed something up.
The following is what I did when creating the website.
After purchasing hosting and pointing my domain to my hostings nameservers, I logged into Direct Admin. I then changed the php to 7.4.
I then removed index.html and other files in file manager public html folder (tutorial I followed said delete them).
Then I installed wordpress, and placed the wordpress files into the public html folder.
I also added an SSL through Direct Admin and selected Force redirect in Direct Admin settings.
The website works and is online (tylergriffsmith.com), though I cannot access admin or login to wordpress.
I’ve attached images of errors and of my public html file structure (the files here are from Wordpress install, I deleted all others when first logging in (as apparently I have to delete the pre-built index.html from my hosting provider).
See error logs below (some of these errors occurred multiple times but I deleted duplicates for brevity):
#1 – [Sun Jan 29 10:41:44.889273 2023] [autoindex:error] [pid 774839:tid 140624887809792] [client 60.240.221.19:51789] AH01276: Cannot serve directory /home/micihlre/domains/tylergriffsmith.com/private_html/wp/: No matching DirectoryIndex (index.html,index.htm,index.shtml,index.php,index.phtml) found, and server-generated directory index forbidden by Options directive
#2 – [Sun Jan 29 10:43:37.015621 2023] [:error] [pid 774839:tid 140624552462080] [client 51.89.149.141:48336] File does not exist: /home/micihlre/domains/tylergriffsmith.com/private_html/wp/wp-cron.php, referer: https://tylergriffsmith.com/wp/wp-cron.php?doing_wp_cron=1674985416.8738620281219482421875
#3 – [Sun Jan 29 10:35:37.559740 2023] [:error] [pid 774839:tid 140624510498560] [client 45.34.15.92:56739] [client 45.34.15.92] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tylergriffsmith.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tylergriffsmith.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Y9Y96f4FF0Ewmpd20Z6FhgAAAFc"]
#4 – [Sun Jan 29 06:51:15.543122 2023] [:error] [pid 693201:tid 140624560756480] [client 147.189.140.172:63843] [client 147.189.140.172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/cwaf/rules/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tylergriffsmith.com"] [uri "/.env"] [unique_id "Y9YJU_51BWo50k-NRJNrjAAAAGo"]
#5 – [Sun Jan 29 06:51:11.084547 2023] [:error] [pid 693201:tid 140624418080512] [client 167.99.236.45:57595] [client 167.99.236.45] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "tylergriffsmith.com"] [uri "/xmlrpc.php"] [unique_id "Y9YJT_51BWo50k-NRJNrhQAAAHs"]
From the error logs I notice:
#1 – there seems to be a problem with /private_html/wp not existing? I didn’t create one. From tutorials it doesn’t seem that I needed to make one? It seems public html is what I need? I have gone into my Domain set-up and I do have ticked – Use a symbolink link from private_html to public_html - allows for same data in http and https.
#2 – again, seems to be /private_html folder. Should I create one? What folders or files within do I need?
#3 – Don’t know
#4 – Don’t know
#5 – Don’t know
Apologies for the newbie annoyance, I’m a little confused and would love some pointers on how to fix, as well as what I might’ve done wrong in the set-up (so I can avoid in the future). I have a hunch it has something to do with either when I set-up my SSL in Direct Admin or me deleting / moving files around in File Manager. I appreciate your time! Thank youu
If it matters I am using a Direct Admin Reseller account, and for this website I operate under ‘User Access Level’.
I am a young photographer in Sydney, Australia, trying to set-up a portfolio website and to learn the basics of making a website myself.
Apologies if my question has already been answered elsewhere, I couldn't find a solution by searching. If so please point me in the right direction. Additionally, if I have provided too much information or my screenshots or error logs compromise my website safety / security please let me know as I am new to this world and a bit naive to it.
My website url is: tylergriffsmith.com
When I attempt to access wordpress admin (tylergriffsmith.com/wp) I get this error:
Forbidden
You don't have permission to access this resource.
If I type in tylergriffsmith.com/wp-admin. I get this error:
Not Found
The requested URL was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
I have a feeling this has something to do with my Files / Folder structure, as setting up I think involved a lot of deleting, moving and renaming things to get wordpress installed and up and running. I might have messed something up.
The following is what I did when creating the website.
After purchasing hosting and pointing my domain to my hostings nameservers, I logged into Direct Admin. I then changed the php to 7.4.
I then removed index.html and other files in file manager public html folder (tutorial I followed said delete them).
Then I installed wordpress, and placed the wordpress files into the public html folder.
I also added an SSL through Direct Admin and selected Force redirect in Direct Admin settings.
The website works and is online (tylergriffsmith.com), though I cannot access admin or login to wordpress.
I’ve attached images of errors and of my public html file structure (the files here are from Wordpress install, I deleted all others when first logging in (as apparently I have to delete the pre-built index.html from my hosting provider).
See error logs below (some of these errors occurred multiple times but I deleted duplicates for brevity):
#1 – [Sun Jan 29 10:41:44.889273 2023] [autoindex:error] [pid 774839:tid 140624887809792] [client 60.240.221.19:51789] AH01276: Cannot serve directory /home/micihlre/domains/tylergriffsmith.com/private_html/wp/: No matching DirectoryIndex (index.html,index.htm,index.shtml,index.php,index.phtml) found, and server-generated directory index forbidden by Options directive
#2 – [Sun Jan 29 10:43:37.015621 2023] [:error] [pid 774839:tid 140624552462080] [client 51.89.149.141:48336] File does not exist: /home/micihlre/domains/tylergriffsmith.com/private_html/wp/wp-cron.php, referer: https://tylergriffsmith.com/wp/wp-cron.php?doing_wp_cron=1674985416.8738620281219482421875
#3 – [Sun Jan 29 10:35:37.559740 2023] [:error] [pid 774839:tid 140624510498560] [client 45.34.15.92:56739] [client 45.34.15.92] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/usr/local/cwaf/rules/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tylergriffsmith.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tylergriffsmith.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Y9Y96f4FF0Ewmpd20Z6FhgAAAFc"]
#4 – [Sun Jan 29 06:51:15.543122 2023] [:error] [pid 693201:tid 140624560756480] [client 147.189.140.172:63843] [client 147.189.140.172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/usr/local/cwaf/rules/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tylergriffsmith.com"] [uri "/.env"] [unique_id "Y9YJU_51BWo50k-NRJNrjAAAAGo"]
#5 – [Sun Jan 29 06:51:11.084547 2023] [:error] [pid 693201:tid 140624418080512] [client 167.99.236.45:57595] [client 167.99.236.45] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "tylergriffsmith.com"] [uri "/xmlrpc.php"] [unique_id "Y9YJT_51BWo50k-NRJNrhQAAAHs"]
From the error logs I notice:
#1 – there seems to be a problem with /private_html/wp not existing? I didn’t create one. From tutorials it doesn’t seem that I needed to make one? It seems public html is what I need? I have gone into my Domain set-up and I do have ticked – Use a symbolink link from private_html to public_html - allows for same data in http and https.
#2 – again, seems to be /private_html folder. Should I create one? What folders or files within do I need?
#3 – Don’t know
#4 – Don’t know
#5 – Don’t know
Apologies for the newbie annoyance, I’m a little confused and would love some pointers on how to fix, as well as what I might’ve done wrong in the set-up (so I can avoid in the future). I have a hunch it has something to do with either when I set-up my SSL in Direct Admin or me deleting / moving files around in File Manager. I appreciate your time! Thank youu
