temp-write-test-{time stamp} file quarantined

Home Forums BulletProof Security Pro temp-write-test-{time stamp} file quarantined

This topic contains 15 replies, has 2 voices, and was last updated by  protection 2 years, 10 months ago.

Viewing 15 posts - 1 through 15 (of 16 total)
  • Author
    Posts
  • #24441

    protection
    Participant

    Hello –

    Periodically I get the message that a file (temp-write-test-#######) has been quarantined under /wp-content/. Do you know what this is from? Should I allow this file to be written?

    Thanks

    #24443

    AITpro Admin
    Keymaster

    I did a Google search and did not find anything about this.  I assume that one of the plugins you have installed is creating this test file for some reason, which is probably to check if the /wp-content/ folder is writable for other real/legitimate plugin files that will be created in the /wp-content/ folder.  The PHP is_writable() function can check both files or a directory to see if it is writable so there would not be any reason to create a temp file to do that. The file naming convention is odd, but # characters are allowed in file naming conventions.  To find out which plugin is creating this file you can use the BPS Pro String|Function Finder Pro-Tool to search your /plugins/ folder using these search parameters:

    Search String: temp-write-test
    Search Path: /path/to/your/plugins/folder (Your Website Root Path is displayed on the page so just add the rest of the folder path to your plugins folder)

    #24445

    protection
    Participant

    Thanks for the quick response. I did not see that string in my /plugins/ folder, but when I searched the root I discovered this:

    /home/content/##/#######/html/wp-admin/includes/file.php, line 928
    $temp_file_name = $context . 'temp-write-test-' . time();

    Does this mean that one of my plugins is calling a function that triggers this? By the way, the # symbols I had in my example for temp-write-test-####### was for the numerical value, which I can now see is a timestamp based on the time() function reference.

    #24448

    AITpro Admin
    Keymaster

    Ok I changed this Forum Topic title to:  temp-write-test-{time stamp} file quarantined to make this easier to find later on if needed.  I checked the get_filesystem_method() function in the WordPresss /wp-admin/includes/file.php file and the temp file is created if WordPress cannot get your WP Filesystem API Method that would be used for WordPress, Plugins and Theme installations and upgrades.  So I am assuming your have a DSO Server Type and you may need to do something like this:  http://forum.ait-pro.com/forums/topic/dso-setup-steps/ or some kind of other Permission or Owner problem with your /wp-content/ folder.  If everything is working fine for WordPress, Plugins and Theme installations and upgrades then you do not need to fix anything and can just delete this file again when it is quarantined again in the future.  You cannot exclude this file from being checked by ARQ since the filename will be different (different time stamp) each time it is recreated again.

    #24454

    protection
    Participant

    Thanks for the thorough explanation. As far as I can tell, everything seems to be working fine, and I usually just delete that file anyway. It seems to be a blank file with no contents.

    So, there’s no way to specify a wildcard for ARQ exclusion, such as temp-write-test*  ?

    #24455

    AITpro Admin
    Keymaster

    Unfortunately, using Regex for excluding files or folders in ARQ is just not possible at this time (or maybe not possible at all) due to several factors.  The most important factors are this class filter:  RecursiveFilterIterator is not extended to the: RegexIterator class in order to process Regex rules and file and folder names and paths should be literal throughout all exclusions, checking, quarantining, copy, exists, features, functions, …………  Or the sky will fall on your head. 😉

    #24461

    protection
    Participant

    Gotcha, thanks 🙂

    #24602

    protection
    Participant

    Hello –

    I did some digging today, and noticed that after doing a search for get_filesystem_method, I found the reference within BPS, under the following:

    wp-content/plugins/bulletproof-security/admin/system-info/system-info.php:316:	echo __('WP Filesystem API Method', 'bulletproof-security').': ' . get_filesystem_method() . '<br>';	
    wp-content/plugins/bulletproof-security/admin/system-info/system-info.php:317:	if ( get_filesystem_method() != 'direct' && function_exists('getmyuid') && function_exists('fileowner') ) {
    wp-content/plugins/bulletproof-security/admin/system-info/system-info.php:321:	if ( get_filesystem_method() != 'direct' && function_exists('get_current_user') ) {
    wp-content/plugins/bulletproof-security/admin/wizard/wizard.php:439:	if ( @substr($sapi_type, 0, 6) != 'apache' && get_filesystem_method() == 'direct') {
    wp-content/plugins/bulletproof-security/admin/wizard/wizard.php:442:	elseif ( @substr($sapi_type, 0, 6) == 'apache' && preg_match('#\\\\#', ABSPATH, $matches) && get_filesystem_method() == 'direct') {
    wp-content/plugins/bulletproof-security/admin/wizard/wizard.php:445:	elseif ( @substr($sapi_type, 0, 6) == 'apache' && !preg_match('#\\\\#', ABSPATH, $matches) && get_filesystem_method() == 'direct') {
    wp-content/plugins/bulletproof-security/admin/wizard/wizard.php:448:	elseif ( @substr($sapi_type, 0, 6) == 'apache' && get_filesystem_method() != 'direct') {
    wp-content/plugins/bulletproof-security/admin/wizard/wizard.php:449:		echo $failTextBegin.__('Server API: Apache DSO Server Configuration | WP Filesystem API Method: ', 'bulletproof-security').get_filesystem_method().$failTextEnd.'<br>'.__('Your Server type is DSO and the WP Filesystem API Method is NOT "direct". You can use the Setup Wizard, but you must first make some one-time manual changes to your website before running the Setup Wizard. Please click this Forum Link for instructions: ', 'bulletproof-security').'<a title="Link opens in a new Browser window" href="http://forum.ait-pro.com/forums/topic/dso-setup-steps/" target="_blank">'.__('DSO Setup Steps', 'bulletproof-security').'</a><br><br>';

    I’m not sure if this helps or not, but thought I’d mention.

    Thanks

    #24605

    AITpro Admin
    Keymaster

    The temp file is created by WordPress if WordPress cannot get the WP Filesystem API Method used on your server/website for WordPress, Plugin and Theme installations and upgrades.  So this issue is not related to BPS in any way.  The issue would be an issue between your server/server configuration and WordPress itself.  If things are working correctly then you do not have to change or fix anything on your server/server configuration or in your wp-config.php file.

    #24607

    protection
    Participant

    OK, thanks. Maybe I should contact my hosting company.

    #24608

    AITpro Admin
    Keymaster

    Try reinstalling WordPress first and see if that fixes the problem.  I guess you could also do standard WordPress plugin and theme troubleshooting steps too, but I doubt this issue/problem has to do with any plugins or your theme.  If you do contact your host then ask them to look at folder/file Permissions and folder/file Ownership or anything else on the server that would prevent WordPress from being able to detect your WP Filesystem API Method.  The most important thing is this:  If there is a serious problem with the WP Filesystem API Method then you would not be able to do these things:  Upgrade or reinstall WordPress itself, install or upgrade plugins, install or upgrade themes…  So if you are able to do all of these things then whatever is causing WordPress to create the temp file is insignificant/not important.

    #24609

    protection
    Participant

    Thanks again for the detailed explanation. I don’t think reinstalling WP is something I can easily do at this time, but I’m thinking it’s not an important issue, as I’m easily able to install/update plugins/themes 🙂

    #24610

    AITpro Admin
    Keymaster

    Reinstalling WordPress is quick and simple.  Go to your Dashboard Menu > Updates page > click the Re-install Now button to reinstall WordPress.  I think maybe you thought I was saying to uninstall and reinstall WordPress.

    #24611

    protection
    Participant

    If I was getting the warning message before and after upgrading to the latest version of WP, do you think reinstalling WP would still be worth trying out? If so, I have some questions:

    1.) What do I need to do within BPS to avoid auto-restoration of my files? Should I delete all of the BPS backup files first, then shut off autorestore?

    2.) Will reinstalling WP overwrite all of the current WP files? The only file I modified is WP-Config. I guess I’m wondering what exactly the reinstall does. Does it delete/reinstall all WP files?

    3.) I have a few extra folders on my root, that are not WordPress related. Will this matter?

    Thanks

    #24612

    AITpro Admin
    Keymaster

    Reinstalling WordPress would not make a difference then.  The issue/problem is a folder/file Permissions or folder/file Ownership issue/problem.  AutoRestore is completely automated and does not require any additional steps by you:  http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#automation  Reinstalling WordPress replaces all WordPress Core files, but wp-config.php is never replaced when doing a WordPress installation, reinstall or upgrade.  WordPress installs WordPress folders and files and does not do anything with files or folders that are not WordPress.

Viewing 15 posts - 1 through 15 (of 16 total)

You must be logged in to reply to this topic.