Firewall can't write to wflogs repeatedly even after being fixed
-
The firewall has not worked for me since it was added to wordfence. I believe wordfence is disabling itself through mismanagement of permissions.
When I view the firewall page it says:
We were unable to write to ~/wp-content/wflogs/ which the WAF uses for storage. Please update permissions on the parent directory so the web server can write to it.
Looking at the permissions, I see the directory and files are set as follows:
drwxrwsr-x 2 www-data www-data 4096 May 1 18:20 . -rw-rw-r-- 1 www-data www-data 40083 Apr 12 15:13 attack-data.php -rw------- 1 root www-data 785 May 1 18:20 config.php -rw-rw-r-- 1 www-data www-data 51 Apr 12 15:13 ips.php -rw-rw-r-- 1 www-data www-data 17722 Apr 26 15:20 rules.php -rw-rw-r-- 1 www-data www-data 12578 Apr 26 15:20 wafRules.rules
If I reset the permissions on the config file:
chown www-data config.php or chmod g+rw config.php
Then I can see and change the firewall settings in wordfence. However after a few minutes, the permissions will get reset to the above and wordfence will not be able to load the firewall.
The permissions reset is not triggered by my activity. It happens periodically. I setup a monitor and saw it the permissions reset at 18:45:11. Then I fixed them and watched. They automatically reset at 18:50:03, without me using the admin site, just public activity. So every 5 minutes.
I don’t have any cron jobs that change permissions, and certainly on this one wordfence file. I can only conclude that it is changing it’s own permissions and locking itself out.
Also my error logs are filling up with this junk as my users are browsing my site (domain changed):
2016/05/01 18:52:41 [error] 28658#0: *894728 FastCGI sent in stderr: "PHP message: Unable to open /var/www/wp-content/wflogs/config.php for reading and writing" while reading response header from upstream, client: 198.58.99.82, server: example.org, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "example.org", referrer: "https://example.org/"
The site is on nginx, php-fpm, wt3c caching w/ cdn.
Thanks,
Cory
- The topic ‘Firewall can't write to wflogs repeatedly even after being fixed’ is closed to new replies.