session_mm_cgi-fcgi .sem – Session save path, Session save tmp path

Home Forums BulletProof Security Pro session_mm_cgi-fcgi .sem – Session save path, Session save tmp path

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #24586
    Chris Moon
    Participant

    Hi,

    After updating to WP 4.3 I’m getting a number of quarantine alerts for: “home/xxxxxx/public_html/session_mm_cgi-fcgi507.sem”. I don recognize this file, file is it something I should be worried about and delete or restore and create an exception  rule?

    regards,
    Chris Moon

    #24589
    AITpro Admin
    Keymaster

    Edit|Update: 12-30-2020
    cPanel uses session.save_path paths such as these examples:
    Note: These are just examples. Do not use these session.save_path settings. Check your web host help pages to get the correct session.save_path setting for your website/server.

    session.save_path = "/var/cpanel/php/sessions/ea-php74"
    session.save_path = "/opt/alt/php74/var/lib/php/session"

    The session_mm_cgi-fcgixxx.sem files should be saved/created in your server’s /tmp directory and not in your /public_html/ root hosting account folder.  The session_mm_cgi-fcgixxx.sem file has to do with Sessions. To fix this problem you will either need to edit your custom php.ini file or contact your web host to do this for you.

    Edit your custom php.ini file and either edit/change the session.save_path directive setting so that the setting is: “/tmp” or add this directive setting in your php.ini file if it does not already exist in your php.ini file:
    Note: If you have a VPS or Dedicated server you will probably need to reboot your Apache server for the new php.ini settings to be seen/loaded/take effect. If you have Shared hosting then it may take up to 15 minutes for your new php.ini settings to be seen by the server.

    session.save_path = "/tmp"
    #27384
    Chris Moon
    Participant

    I wasn’t able to clear this problem up and had to run my site without AutoRestore now I want the site to be fully protected  and would like to turn on AutoRestore again.  I can see the “session_mm_cgi-fcgi521.sem” file is being generated by the AutoRestore’s crone function, saved in my /public_html folder then quarantined.  The session.save_path is “/temp” in my VPS’s PHP configuration and the problem is only affecting 2 of the 14 sites on my VPS.  ARQ runs problem free on the other 12 sites.  Is there anything I can “tweak” on the problematic sites to ensure ARQ’s crone runs correctly?

    #27393
    AITpro Admin
    Keymaster

    This is a server configuration/php.ini setting issue and not something that is caused by or generated by BPS.  So you want to fix that server configuration/php.ini setting issue and not try to do a workaround band-aid solution in BPS.  Randomly named files cannot be whitelisted because that would mean the same thing as whitelist “all” files and the PHP copy() function needs actual real file names in order to be able to copy/move files.  Ask your host support to fix this server configuration/php.ini file issue for you.

    #27405
    Chris Moon
    Participant

    My issue proved to be an accidentally created blank php.ini file in the root of the problematic sites when I already had a php.ini in the root of my VPS. Just sharing in case anyone runs into similar problems…

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.