wp-content/blogs.dir/1/ permissions got set to 0 ??

Access your server via FTP or SFTP and use that to change the permissions on the directory.

I don’t have shell access. And attempts to change permissions via ftp access only result in “access denied” since the access is set to 0. I even created a php file:

<?php
chmod(“folder location redacted here”, 0755);
?>

running this php file serverside still gave back: “Operation not permitted”

Any clue as to how this happened??

I don’t have shell access. And attempts to change permissions via ftp access only result in “access denied” since the access is set to 0.

In that case, you’ll have to contact your hosting provider.

Any clue as to how this happened??

Just about anything from a long list of “maybes,” including (but not limited to) rogue plugin, server-wide change, rogue server-side script, etc.

Thank you for your help. I’ve already sent a request to the hosting provider.

Only plugin is DMS guestbook. Your other options would imply a malicious hack? Can I modify .htaccess to fix this? I’ve copied its contents below.

One last question: why does the 3.0+ versions of wordpress use this /blogs.dir/1/ structure? Old structure (uploads folder organized by year and month) seemed much more straightforward.

.htaccess existing contents:

RewriteEngine On
RewriteBase /

#uploaded files
#RewriteRule ^(.*/)?files/$ index.php [L]
#RewriteCond %{REQUEST_URI} !.*wp-content/plugins.*
#RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]

# add a trailing slash to /wp-admin
RewriteCond %{REQUEST_URI} ^.*/wp-admin$
RewriteRule ^(.+)$ $1/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule . – [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>

What is also weird is that some of the files located in that directory are able to be read while others are not.

ex. https://justiceformydad.com/wp-content/blogs.dir/1/files/2010/05/Pic-1.jpg

appears fine in the post and is downloadable.

But

https://justiceformydad.com/wp-content/blogs.dir/1/files/2010/09/Eid-Appeal-to-HH-page-1.jpg

is not. You can save file as but it only downloads a text version of the 404 error page.

They are both inside of this mystery folder with 0 permissions into which I cannot browse via FTP.

I know you’ve said you’ve contacted your host but I have a feeling that this was something that they did. When there’s a security issue on a server, it’s common for someone with root access to go in, set permissions to zero, and wait for the client to notice something’s up and contact them.

I have a feeling that you’re able to see the directory within a control panel like CPanel. Many of those panels run as a root user. That’s probably why you can see it here but not as ftp. Your ftp user is at the same level as your user account.

I agree with tdjcbe here, likely the host did something to reset permissions. even a routine upgrade.

It’s visible in both FTP and CPanel. But in neither are the subfolders visible and in neither can permissions be changed.

Then you absolutely have to contact your webhost.

ANSWER:

It turns out that the webhost had set the permissions to 0 intentionally in response to a letter from a lawyer. Crazy world. Now I have a taste of what wikileaks and torrent sites must go through all the time…

I’m doing this work (fixing up the WP theme, etc.) as a favor to a friend. It never occurred to me that someone would have threatened his webhost and that they would have done this action to his account. I thought I was going crazy or had inadvertently done something horribly wrong. The friend has been framed/targeted and is serving an unjust sentence. That is what the site is set up for – to show the facts of the case to the public. Some don’t want the facts known….

Thanks all for your advice.

Bingo. Glad you got it worked out.