Error is back: "Unable to open …../wflogs/config.php for reading and writing."

  • Resolved SH10151

    (@sh10151)


    8 years, 3 months ago

    Well, I thought I fixed this problem, but it is back…

    “Unable to open /usr/share/nginx/html/wp-content/wflogs/config.php for reading and writing.”

    This config.php’s permissions seem to eventually get changed back to either “root:root:” or just the group changes to “www-data” (from group “www”):
    -rw-rw—- 1 root root 859 Aug 7 05:15 config.php

    This is back in my logs and appears around 20-30+ times in the log at a time in quick succession.

    The last and only entry in this file is:

    <?php exit(‘Access denied’); __halt_compiler(); ?>
    a:16:{s:9:”wafStatus”;s:13:”learning-mode”;s:30:”learningModeGracePeriodEnabled”;i:1;s:23:”learningModeGracePeriod”;i:1471116127;s:7:”authKey”;s:64:”<)+ld4 J_)!*!*z^`!-q:lz&IVe>ps2U(~<G[V5AM5=^zg @sv?Jq FK.”;s:4:”cron”;a:1:{i:0;O:24:”wfWAFCronFetchRulesEvent”:1:{s:11:”^@*^@fireTime”;i:1471116127;}}s:7:”version”;s:5:”1.0.0″;s:6:”apiKey”;s:160:”b6a8b13757af000090b08466aebf74817d302be4a45fdd0306592b8bd52813572350d9c7c5d06501fc86255065a09c2c5d6cddba1de22dc572045ebfec56c5ab536e”;s:11:”wafDisabled”;b:0;s:16:”rulesLastUpdated”;i:1470511331;s:12:”premiumCount”;i:25;s:23:”createInitialRulesDelay”;i:1470511631;s:6:”isPaid”;s:0:””;s:7:”siteURL”;s:25:”https://www.<mydomainishere&gt;.com”;s:7:”homeURL”;s:25:”https://www.<mydomainishere&gt;.com”;s:14:”whitelistedIPs”;s:0:””;s:9:”howGetIPs”;s:0:””;}

    Please help!

    https://www.ads-software.com/plugins/wordfence/

Viewing 6 replies - 16 through 21 (of 21 total)

  • Hi SH10151,
    sorry you had problems with this. For anyone else who might be looking for an answer in the future, if you remove wordfence-waf.php without removing references to the file in .htaccess and/or .user.ini you will get a PHP error because the auto_prepend_file directive in those files will be looking for a file that doesn’t exist.

    Marking this as resolved for now. Let me know if you have any further questions.

    dloxton

    (@dloxton)

    I am getting this on 4 different sites, on the same server now too.

    [Thu Dec 01 10:26:44.899335 2016] [:error] [pid 6829] [client 172.68.118.73:33981] Unable to open /var/www/html/webroot/……./wp-content/wflogs/config.php for reading and writing.,

    I can delete the wflogs folder and that clears the error for about 20 mins.

    On the /wp-admin/admin.php?page=WordfenceWAF page: “We were unable to write to ~/wp-content/wflogs/ which the WAF uses for storage. Please update permissions on the parent directory so the web server can write to it. ”

    The folder shows:

    drwxrwxr-x 2 www-data www-data 4096 Dec 1 10:25 wflogs

    The contents of the folder are:
    `/wp-content/wflogs$ ls -l
    total 264
    -rw-rw—- 1 www-data www-data 40083 Dec 1 09:30 attack-data.php
    -rw-rw—- 1 root root 92310 Dec 1 10:25 config.php
    -rw-rw—- 1 www-data www-data 51 Dec 1 09:30 ips.php
    -rw-rw-r– 1 www-data www-data 87671 Dec 1 09:30 rules.php
    -rw-rw—- 1 www-data www-data 39141 Dec 1 09:30 wafRules.rules

    Diagnostics shows:
    Checking if web server can read from ~/plugins/wordfence/tmp OK
    Checking if web server can write to ~/plugins/wordfence/tmp OK
    Checking if web server can write to ~/wp-content/wfcache OK

    PHP
    PHP version >= PHP 5.2.4 (Minimum version required by WordPress) 7.0.8-0ubuntu0.16.04.3
    Process Owner www-data

    We are WordPress 4.6.1, PHP 7.0.8

    Any help really appreciated as this is filling up our logs real fast

    • This reply was modified 8 years ago by dloxton.

    That likely means you have a server side cron job ser to execute wp cron every 20 mins. Check your serverside cron jobs and change the one for wp cron to run via curl. Then wp cron will be running as the same user as your WordPress installation is running as and you will not get conflicting permissions on files created or modified.

    Hi @wfasa

    I follow your thinking and we did have some of these. I am now running sudo tail -f -n 100 /var/log/apache2/*-error.log and watching these come through with EVERY request.

    Thanks for coming back to me, but we still dont have a solution.

    Having converted the CRON to curl, and then deleting the wflogs files, then WordFence recreates then as it pleases, everything now seems to be working as it should.

    Hi dloxton,
    thanks for checking back in. Glad to hear you were able to solve it!

Viewing 6 replies - 16 through 21 (of 21 total)
  • The topic ‘Error is back: "Unable to open …../wflogs/config.php for reading and writing."’ is closed to new replies.