xcloner permission denied when trying to backup

This probably does not have anything to do with BulletProof Security and may just be a simple folder permission issue. The error message appears to be a generic server error or maybe an error message coming from xcloner itself – this is not a BPS error message that i have added. Have you tried setting your folder permissions to 755 for the xcloner plugin folder? 755 is considered secure. If 755 does not work try 775 just for testing purposes. File permissions are typically 644 and you should be able to open files with 644 permissions without any problems. To eliminate BPS from the equation put your site in Default Mode temporarily and manually delete the .htaccess file in your /wp-admin folder for testing and see what happens. Thanks.

My permissions were set to 744 for files and 755 for folders in the xCloner directory. So I made no changes there. I then tried your solution to put BPS in default mode and delete .htaccess from admin and it worked! The xcloner backup completed without errors! So now I’m thinking that BPS secures files or folders that xcloner tries to acess in the index2.php mentioned in the errormessage above? Wich then in turn generates the errormessage from either xCloner or the server…
Anyway, thanks a million for the reply! I really like both xCloner and BPS, and hopefully you and/or Ovidiu could check in on this further to avoid this error in the future. Btw, should I set file permissions to 644 in the xcloner directory? All files in other plugin-directories are set to 644, so it’s only in xCloner they are set to 744.
Thanks again, and if I can help with further testing to solve this problem please let me know!

Ok your testing has shown then that BPS is definitely blocking xcloner. An htaccess skip rule is included in BPS .46.2 for xcloner. I guess then something has changed with xcloner since the last time i tested it. I see that a new version of xcloner was released today. Do you have this skip rule in your root htaccess file?

# XCloner 404 or 403 error when updating settings
# If you have WordPress installed in a subfolder you will need to add the
# subfolder name to the RewriteCond /blog/wp-content/plugins/xcloner-backup-and-restore/ [NC]
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/xcloner-backup-and-restore/ [NC]
RewriteRule . - [S=30]

See if the new version of xcloner works with the skip rule in BPS .46.2. I will retest this new version.

As far as the file permission go if the author has intentionally set to the permissions to something other than 644 it must be for a reason. Thanks.

Yes the skiprule is there.
Let me just recap to sort out my symptoms (mostly for myself and other readers ?? ;
– With earlier version of BPS (before skiprule) I got access denied when updating settings and creating a backup.
– BPS with skiprule (current version of BPS) fixed problems when updating settings. However I could not create a backup, and that was when I started this thread.
– I then went to default mode in BPS as you suggested and both settings and backup worked.
– After updating xCloner today (and activating BPS again) I once again get access denied when updating settings (wich is really weird, because skiprule is in place), and as before I can not create a backup.

Hope this helps. And my question about the file permissions within xCloner is related to my memory (or lack thereof). I seem to remember trying to elevate permissions within xCloner directory to see if that helped, but I’m not sure if I really did that or if I just thought of doing it :). Just wanted to check with you since you obviously know your way around security issues.

ok then the backup issue is another additional issue as well as the updating settings issue then. When i get some spare time this week i will find out exactly what is going on with the latest version of xcloner. I don’t think changing permissions on files would help with memory issues, but i don’t really know that much about xcloner so maybe it does do something for that plugin.

Thanks for your quick reply. Since xCloner makes a full backup of both files and database maybe there are .htaccess rules that prohibits these kind of operations. Obviously there should be, but not for admin.

The log in xCloner indicates that when trying to create a backup the sql backup finishes, but not the file backup. When the file backup process is about to start xCloner loads a new page (index2.php) and that is where the error message appears.

(Btw, I will stop referring to memory issues. I was talking about that I could not remember if I changed permissions or not. So the question was related to brain-memory and not computer memory. ?? Sorry for the confusion.)

Ok thanks for the extra info. It looks like Thursday is not going to be so hectic so I’ll test it then and find out what is going on. Thanks.
LOL on the memory thing. Too funny. ??

WOW! Xcloner has really come a long way! Very impressive now. I did not run into any problems doing a full backup of both the DB and all Files. I did run into a problem when i tried to download the .tar file using the download button. The download just hung. I don’t think BPS has anything to do with that since no error messages are being generated and the download is started, but is just not completing. Maybe just the size alone of the .tar file is what is causing what appears to be a hang, but is actually preparing to download.

I did my testing with IE and i noticed that when i click download this URL does a popup first and then the download window shows up. …/plugins/xcloner-backup-and-restore/index2.php?option=com_cloner&task=download&file=/backup_2011-05-27_23-05_www.ait-pro.com-sql-nodrop.tar. This looks like some form of a temporary redirect of some sort so maybe this is where you are running into the problem. So I’m not sure why you are seeing that error message, but like i said this is a generic server error message and not a BPS error. Everything worked perfectly without errors except for trying to download a 50MB .tar file.

There is a known problem with Super Cache that is wreaking havoc with BPS. If you have Super Cache installed the root htaccess code will need to be manually corrected.

So at this point double check that you have both the root and wp-admin BulletProof Modes activated and actually look at the files in the BPS File Editor to make sure they look ok. other than that i can’t think of anything else to check. Find out if the 403 error message is coming from Xcloner – ask the plugin author. If it is not then the combination of the htaccess and some setting on your particular server or maybe another plugin is conflicting with BPS.

And finally this statement you made tells me you have an issue that is not straightforward and is more complex for whatever reason on your site.
“- After updating xCloner today (and activating BPS again) I once again get access denied when updating settings (wich is really weird, because skiprule is in place), and as before I can not create a backup.”

This should not have happened at all so this is a huge red flag indicating your site has some issues. Thanks.

DOH! just added my FTP info and the download is working of course. So that means that everything worked perfectly in testing without a single problem found.

XCloner is the BEAST! Wow! This is the best full file backup plugin i have come across so far. I use WP-DBManager for just SQL DB backups and will continue to use it, but WP-DBManager is not a full file backup plugin so XCloner is now officially on my favorite plugins list. ?? It’s da BOMB!

AITpro you are right! It’s a great plugin!! I’ve used it for years with Joomla and was so happy to see a wordpress version. It has come along way for sure and I’m happy that you are also saying so. For the longest time I felt like the only one that was using this awesome plugin and was a little worried that maybe others knew something I didn’t ??

I’ve been away for a few days, but thanks for testing… now I know it should work without any problems. I don’t have supercache installed, and I have both bulletproof modes activated so I think it’s time for me to start from the beginning with both plugins. Uninstall and then add them again. Maybe I’ve messed something up in the process ?? I will try this during the weekend, then I will post results.

I’ve tried uninstalling and then reinstalling both BPS and xCloner, but the symptoms remain. When updating settings in xCloner or when generating backup (step 2, file backup) I still get permission denied. Skiprule is in place in root .htacess. And when (temporarily) activating default mode in BPS both updating settings and generating backup runs smooth and without any errors.
How does the skiprule work exactly? Is it limited to actions within the xCloner pluginfolder? Since xCloner runs index2.php within the xCloner plugin directory but it copies files from all directories, are the ‘skiprule permissions’ inherited properly to these actions in other folders as well? Just a thought, maybe I’m way off on this one since I don’t know how the background voodoo works ??
Please advice.

The problem you are describing is exactly what would happen if you did not have the wp-admin BulletProof Mode activated. You must have both the Root BulletProof Mode and the wp-admin BulletProof Modes activated together. The wp-admin htaccess file should not be modified to include any URL rewriting and should not be modified for any reason i can think of any way. Does the BPS Status page say the a wp-admin .htaccess is activated? Have you checked the root htaccess file in the BPS File Editor to make sure that the htaccess code is ok. If another plugin is writing to the root htaccess file and it changes the order of the Query String filters then this will cause problems. Also if you are using a caching plugin you need to eliminate that you have corrupted cache that is causing a problem. Also you need to eliminate that you browser cache is causing a problem. Clear all caches.
The skiprule says don’t apply any BPS filters to any files in the XCloner plugin folder and that would include the index2.php file. Now if you did not have an htaccess file in your wp-admin folder then the root htaccess rules would be applied to / inherited to the wp-admin folder and you would have the exact problem that you are describing. The only other outside possibility i can think of is you have your browser set up in a way that the Xcloner redirection is causing BPS to interpret the redirection as some sort of external threat. In any case you have some specific mistake or setting on your site that needs to be corrected since my testing of XCloner with the skiprule worked perfectly. Thanks.

First of all, thanks for your huge patience with my problem! And for BPS of course ??

Ok… now to answer your questions;
All four BP modes under ‘Security Modes’ are activated. Under ‘Status’ I have the following info;

Activated BulletProof Security .htaccess Files;

The .htaccess file that is activated in your root folder is:
string(45) " BULLETPROOF .46.2 >>>>>>> SECURE .HTACCESS " 

√ wp-config.php is .htaccess protected by BPS
√ php.ini and php5.ini are .htaccess protected by BPS

√ Deny All protection activated for BPS Master /htaccess folder
√ Deny All protection activated for /wp-content/bps-backup folder

The .htaccess file that is activated in your wp-admin folder is:
string(45) " BULLETPROOF .46.2 WP-ADMIN SECURE .HTACCESS "

General BulletProof Security File Checks;

√ An .htaccess file was found in your root folder
√ An .htaccess file was found in your /wp-admin folder
√ A default.htaccess file was found in the /htaccess folder
√ A secure.htaccess file was found in the /htaccess folder
√ A maintenance.htaccess file was found in the /htaccess folder
√ A bp-maintenance.php file was found in the /htaccess folder
√ A bps-maintenance-values.php file was found in the /htaccess folder
√ A wpadmin-secure.htaccess file was found in the /htaccess folder
√ Your Current Root .htaccess File is backed up
√ Your Current wp-admin .htaccess File is backed up
√ Your BPS Master default.htaccess file is backed up
√ Your BPS Master secure.htaccess file is backed up
√ Your BPS Master wpadmin-secure.htaccess file is backed up
√ Your BPS Master maintenance.htaccess file is backed up
√ Your BPS Master bp-maintenance.php file is backed up
√ Your BPS Master bps-maintenance-values.php file is backed up

The only thing a bit fishy with that info is that the string(45) command shows in the status, otherwise seems ok too me.

Both .htacess seems fine in editor. I haven’t made any changes here and it does not seem like any plugin has written to them either.

I don’t have any caching plugins either. The only one even close to ‘caching’ was a search plugin that probably indexes info. I disabled that along with just about all other plugins for testing. No change. I also removed robots.txt just in case. I cleared cache in my three different browsers and tried accessing with all three.

I have also checked all possible settings in my web hotel control panel, MySql, WordPress, Theme settings and browsers. When I check my web page for errors I get a few but nothing serious I think. An unclosed ‘span’ and a few forgotten semicolons etc. I will correct them and try again. Next step for me is to start a new website with default theme and settings and then install only BPS and xCloner. I will post results as I get them.

So once again, thanks for your time and effort AITpro. Knowing that your test came up with a perfect result is what makes me continue trying. (It also bugs me bigtime xD)

Cool. Yep you are taking the next logical step. A clean testing environment. Yep I would do the exact same thing – install another WordPress site in another folder and use the WP 2010 Theme and then just install BPS and XCloner. If the same problem occurs then the only thing left to look at is an issue with your browser. I have heard that Chrome wreaks all kinds of random havoc. I did not test if XCloner had any issues with Chrome. BPS has been tested on all the major browsers and no issues were found. You never know it could be some wierd combination of things causing this. Usually the problem is a simple thing in 99% of the cases so think simple and then go deep. ?? Thanks.