opendir failed to open dir in class-itsec-file-change.php line 452

  • Since 02-Aug-2014, I’ve been seeing many many PHP warnings like this:

    [02-Aug-2014 04:39:39 UTC] PHP Warning: opendir(/proc/tty/driver/): failed to open dir: Permission denied in /home/getbusi/public_html/wp-content/plugins/better-wp-security/modules/free/file-change/class-itsec-file-change.php on line 452

    They all seem to be related to /proc. This must have been introduced in the one of the latest updates. The site is a network/multisite installation.

    On another (standalone) site, I get a different error since 11-Aug-2014:

    [11-Aug-2014 18:35:10 UTC] PHP Warning: opendir(/home/getbusi/public_html/ronitbaras/wp-content/cache/supercache/www.ronitbaras.com/emotional-intelligence/personal-development-c/if-you-think-you-can-or-think-you-cant-you-are-right-the-story-of-marina/): failed to open dir: No such file or directory in /home/getbusi/public_html/ronitbaras/wp-content/plugins/better-wp-security/modules/free/file-change/class-itsec-file-change.php on line 452

    Since the code checked the return value of opendir and handles it, these PHP warnings should be prevented or suppressed to avoid unnecessarily filling up error log files. Please adjust the code.

    Alternatively, please advise how I can prevent these from occurring.

    Thank you,
    Gal

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 9 replies - 1 through 9 (of 9 total)
  • Thread Starter Gal Baras

    (@galbaras)

    Really, no response?

    I am getting the same error, even after turning off the File Change Module. Very Strange

    @jim Camomile & @galbaras

    It’s a security issue in iThemes Security plugin right from the version 4.3.2
    We have been investigating for this PHP warning on several wordpress installations. Yesterday, found that one or both of the following generating PHP Warning messages. All these PHP warnings can also be seen at error_log files in wordpress installation root directory and wordpress own directory (if wp installated in its own directory).

    These PHP warnings revealing cPanel user names and directory structure of the wordpress installations. It is a security breach.

    We suggest the following actions from admins as a temporary solution to make a check not to reveal such vital info to public.

    Under file change detection>>
    1).Deselect “Split File Scanning”

    2).From drop down options for “Include/Exclude Files and Folders”
    select “Exclude Selected”

    3).From “Files and Folders List” add directories similar to the following:
    wp-content/cache/
    wp-content/uploads/ithemes-security/

    Depending on word press installation and plugins installed along with iThemes Security, any one or all of the above said 3 setups will give you peace of mind.

    Mainly first option from the above, “Split File Scanning” generating PHP warnings even cache plugins not installed. Even fresh installation of wordpress with this setup generating php warnings.

    I hope plugin authors might release fix for this in the upcoming versions.

    Note: Some search engines revealing these error info along with website url in search results. If any one of your sites data is revealing in search engines like google, then request for removal of that info from search results through webmaster tools.

    Thread Starter Gal Baras

    (@galbaras)

    One site had the split check on, but the other had it off. I’ve added the two exclusions to both and will monitor.

    Thank you!

    Thread Starter Gal Baras

    (@galbaras)

    The problem seems to have gone away. Thanks, @reviewkeys.

    Now all we need is for this to be fixed in the plugin…

    I have the same problem. TONS of Warnings on my error_log.
    Some of them got indexed by google.

    Hey galbara!
    Happy to hear that you found and fixed you problem. ??

    @ *B.V.Ramanarao*

    Thanks, it worked well

    G.

    Hay @ Giorgio25b
    Great to hear that. ??

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘opendir failed to open dir in class-itsec-file-change.php line 452’ is closed to new replies.