temp-write-test-{time stamp} file quarantined

Home Forums BulletProof Security Pro temp-write-test-{time stamp} file quarantined

Viewing 10 posts - 16 through 25 (of 25 total)
  • Author
  • #24613

    Got it, thanks!

    Living Miracles


    I’ve encountered this issue on several of my websites (hosting is a SiteGround dedicated server). I understand that, as long as everything on the site seems to be working normally (which, in our case, it does), then this isn’t too much of a concern. However, I’d still like to make an attempt to resolve it if possible in order to minimize the ARQ notifications.

    I’m not sure if I’m on a DSO server (is there an easy way to tell?) but I can at least say that the BPS Pro System Info page shows the following: WP Filesystem API Method: direct

    I plan to contact my host, but just wanted to ask a couple quick questions first:

    1) I found the following in the error log on one of my sites where the “temp” file was showing up (and getting quarantined). Does this indicate anything significant?

    [Tue Oct 15 14:15:40.008094 2019] [access_compat:error] [pid 10544] [client xx.xxx.xxx.xxx:xxxxx] AH01797: client denied by server configuration: /home/username/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_security.png, referer: https://domain.org/wp-content/plugins/bulletproof-security/admin/mod-test/mod_security.png
    [Tue Oct 15 14:15:39.646727 2019] [authz_core:error] [pid 11262] [client xx.xxx.xxx.xxx:xxxxx] AH01630: client denied by server configuration: /home/username/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_host-nc-require-host.png, referer: https://domain.org/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_host-nc-require-host.png
    [Tue Oct 15 14:15:39.341759 2019] [authz_core:error] [pid 17617] [client xx.xxx.xxx.xxx:xxxxx] AH01630: client denied by server configuration: /home/username/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_core-nc-denied.png, referer: https://domain.org/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_core-nc-denied.png
    [Tue Oct 15 14:15:38.999372 2019] [access_compat:error] [pid 19510] [client xx.xxx.xxx.xxx:xxxxx] AH01797: client denied by server configuration: /home/username/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_access_compat-od-nc-denied.png, referer: https://domain.org/wp-content/plugins/bulletproof-security/admin/mod-test/mod_access_compat-od-nc-denied.png
    [Tue Oct 15 14:15:38.726972 2019] [access_compat:error] [pid 10633] [client xx.xxx.xxx.xxx:xxxxx] AH01797: client denied by server configuration: /home/username/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_host-od-cond-denied.png, referer: https://domain.org/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_host-od-cond-denied.png
    [Tue Oct 15 14:15:38.396863 2019] [authz_core:error] [pid 19336] [client xx.xxx.xxx.xxx:xxxxx] AH01630: client denied by server configuration: /home/username/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_host-require-ip.png, referer: https://domain.org/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_host-require-ip.png
    [Tue Oct 15 14:15:37.882396 2019] [access_compat:error] [pid 15351] [client xx.xxx.xxx.xxx:xxxxx] AH01797: client denied by server configuration: /home/username/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_core-od-cond-denied.png, referer: https://domain.org/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_core-od-cond-denied.png
    [Tue Oct 15 14:15:37.417871 2019] [authz_core:error] [pid 19336] [client xx.xxx.xxx.xxx:xxxxx] AH01630: client denied by server configuration: /home/username/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_core-denied.png, referer: https://domain.org/wp-content/plugins/bulletproof-security/admin/mod-test/mod_authz_core-denied.png
    [Tue Oct 15 14:15:37.037614 2019] [access_compat:error] [pid 19695] [client xx.xxx.xxx.xxx:xxxxx] AH01797: client denied by server configuration: /home/username/public_html/wp-content/plugins/bulletproof-security/admin/mod-test/mod_access_compat-od-denied.png, referer: https://domain.org/wp-content/plugins/bulletproof-security/admin/mod-test/mod_access_compat-od-denied.png

    2) The permissions on the main folders for my sites (public_html, wp-content, etc.) are all 705. Is it possible that changing these permissions to 755 could help in some way, or would that be irrelevant in this case?

    Thank you.

    AITpro Admin

    Here is the relevant section of the WP code in the /wp-admin/includes/file.php file below.  The code checks the WP file system method and writes a temp file in the wp-content folder if the $method cannot be found/detected.  The errors are “normal” errors that are used to check for ModSecurity installed on a web host. The errors are not related to the temp file problem.

    Since your WordPress Filesystem API Method is “direct” then you should not have to do anything since the Method is already correctly defined.  I’m not sure why the WP check in the file.php is doing this.  I could be many possible things.  ie some config setting on your server, opcache issue and maybe a dozen other things.  You could force the FS_METHOD by adding the FS_METHOD constant in your wp-config.php file, which I don’t recommend that you do >>> https://wordpress.org/support/article/editing-wp-config-php/#wordpress-upgrade-constants

    function get_filesystem_method( $args = array(), $context = '', $allow_relaxed_file_ownership = false ) {
    	$method = defined( 'FS_METHOD' ) ? FS_METHOD : false; // Please ensure that this is either 'direct', 'ssh2', 'ftpext' or 'ftpsockets'
    	if ( ! $context ) {
    		$context = WP_CONTENT_DIR;
    	// If the directory doesn't exist (wp-content/languages) then use the parent directory as we'll create it.
    	if ( WP_LANG_DIR == $context && ! is_dir( $context ) ) {
    		$context = dirname( $context );
    	$context = trailingslashit( $context );
    	if ( ! $method ) {
    		$temp_file_name = $context . 'temp-write-test-' . str_replace( '.', '-', uniqid( '', true ) );
    		$temp_handle    = @fopen( $temp_file_name, 'w' );
    AITpro Admin

    Here is the description help text for the WordPress get_filesystem_method() function. I see that plugins can define a custom transport handler so maybe one of your plugins is interfering with the WP filesystem check?

     * Determines which method to use for reading, writing, modifying, or deleting
     * files on the filesystem.
     * The priority of the transports are: Direct, SSH2, FTP PHP Extension, FTP Sockets
     * (Via Sockets class, or fsockopen()). Valid values for these are: 'direct', 'ssh2',
     * 'ftpext' or 'ftpsockets'.
     * The return value can be overridden by defining the FS_METHOD constant in wp-config.php,
     * or filtering via {@see 'filesystem_method'}.
     * @link https://codex.wordpress.org/Editing_wp-config.php#WordPress_Upgrade_Constants
     * Plugins may define a custom transport handler, See WP_Filesystem().
     * @since 2.5.0
     * @global callable $_wp_filesystem_direct_method
     * @param array  $args                         Optional. Connection details. Default empty array.
     * @param string $context                      Optional. Full path to the directory that is tested
     *                                             for being writable. Default empty.
     * @param bool   $allow_relaxed_file_ownership Optional. Whether to allow Group/World writable.
     *                                             Default false.
     * @return string The transport to use, see description for valid return values.
    Living Miracles

    Thank you very much for the info, much appreciated.

    Agreed, interference from a plugin is possible, especially since we use the same plugins across a large number of our sites (and we’ve been seeing the “temp” file problem across many of our sites). Probably difficult to pinpoint in that case though since the issue seems very unpredictable (e.g., doesn’t occur consistently every day, or even every week) and I’m not aware of any way to “trigger” it for testing purposes.

    If we do get to the bottom of the issue, I will be sure to post a brief update here in case it provides insight for others encountering the same issue.

    AITpro Admin

    Intermittent problems or problems that start happening all of a sudden are typically going to be related to things like: php memory/cache/caching plugins/CDN’s/VPN’s/Proxy’s/Load Balancers/Host server problems (new security measures added on Host server (Mod Security, etc.), DNS server/DNS configuration problem, MySQL server timeout, server overloaded, etc.), /Browser problems (corrupt cache, Sessions, Cookies, add-on, extension)/ISP (connectivity)/CloudFlare, Incapsula, etc.

    Living Miracles

    I just heard back from our hosting company (SiteGround). I described the issue to them and they offered the following as a potential solution:

    “As you can see, the permissions of the folder /wp-content are 705, which means that the cPanel user can read, write and execute it, but the group has 0 permissions. You can consider updating them to the default 755 permissions.”

    The reason we were using 705 is because that is what shows up as the “Recommended Permissions” on the BPS Pro System Info page. But I think I will give that a try (i.e., change from 705 to 755) on all our websites to see if that makes a difference. I imagine it’s a pretty low-impact change to make in terms of security.

    AITpro Admin

    Give it a try.  705 and 755 directory permissions should work exactly the same as far as WordPress is concerned.

    Living Miracles


    At this point, it seems that we may have to use the define(‘FS_METHOD’, ‘direct’); constant. You mentioned that you don’t recommend doing this. Could you explain why you feel that way about this possible solution?

    AITpro Admin

    It’s fine to add to the FS_METHOD code in your wp-config.php file.  Originally I thought it might be a kind of band-aid solution, but if it works then that is fine since this is band-aid kind of problem.

Viewing 10 posts - 16 through 25 (of 25 total)
  • You must be logged in to reply to this topic.