WordPress.org

Ready to get started?Download WordPress

Forums

AntiVirus
Get an unusual error (16 posts)

  1. Strategerizer
    Member
    Posted 1 year ago #

    Hi,

    I get "virus suspected" email. Going to the AntiVirus setting page in the WP dashboard, I see the following error at the very top of the page (on white page background and the regular Dashboard content being pushed underneath)

    -------------
    Warning: scandir(/home/[...]/public_html/wp-content/themes/komotion/log) [function.scandir]: failed to open dir: Permission denied in /home/[...]/public_html/wp-includes/class-wp-theme.php on line 978

    Warning: scandir() [function.scandir]: (errno 13): Permission denied in /home/[...]/public_html/wp-includes/class-wp-theme.php on line 978

    Warning: Invalid argument supplied for foreach() in /home/[...]/public_html/wp-includes/class-wp-theme.php on line 981
    ---------------

    There is no other error being displayed on the AntiVirus page but because of the error above it looks like clicking the "Scan the theme templates now" button does not do anything.

    Upon some investigation... Going to my theme folder I see there is a "log" folder in the root of the theme folder. The folder has permission of "111" and inside there is a file archivers.php.

    Is this "log" folder created by AntiVirus??

    Furthermore, as long as that folder is there with 111 permission, I cannot save any pages for a website that uses that theme. If I change permissions to 777, issue get resolved.

    I have WP Multisite ON.

    Any ideas what is going on?

    Thanks!

    http://wordpress.org/extend/plugins/antivirus/

  2. Chris Reynolds
    Member
    Posted 1 year ago #

    I have the exact same problem with those errors on my Add Page screen. This is a site that got hit by malware a while back, so I'm guessing it's related to that. Deactivating the AntiVirus plugin didn't make the error go away, so I suspect that has nothing to do with the issue, unfortunately. Setting perms to 777 fixes the issue for me, as well, however, I'm skeptical about doing that as a permanent solution as I suspect there's some lingering infected file somewhere that wants to inject code or php files into that folder...

  3. Chris Reynolds
    Member
    Posted 1 year ago #

    lo and behold, setting permissions to 777 gave me an archivers.php file... :/

  4. Chris Reynolds
    Member
    Posted 1 year ago #

    I was able to resolve the issue by ripping and reinstalling WordPress over ssh via the method posted about here: http://www.dailyblogtips.com/how-to-upgrade-wordpress-via-ssh/

    Hope this helps!

  5. Chenoa - PayerFusion
    Member
    Posted 1 year ago #

    I am currently experiencing this problem as well. On every edit page screen I see this error, as well as the edit theme screen under appearances. I'm currently setting the permissions to 777, but I don't see any changes.

    I'm not familiar with the SSH method -- I'm nervous about using it because this is my company's main site.

    Any help?

    Thank you!!!

  6. Chris Reynolds
    Member
    Posted 1 year ago #

    @Chenoa

    If you've got a malicious script on your site, you're compromised and likely losing business anyway. And if you aren't yet, you will soon, as your site will likely soon be blacklisted by Google for serving malware.

    If you aren't familiar or comfortable with SSH, basically all that process does is delete the wp-admin, wp-includes and all the files in the root directory of your WordPress install and replace them with fresh copies. Even then, you may still have rogue code in your wp-content directories, in your plugins and themes, but at least that's somewhat more manageable than digging through every folder in wp-admin and wp-includes.

    The reason I prefer SSH over FTP (besides that, if you aren't using secure FTP, FTP alone isn't the most secure method of transferring files and can expose your password), is that it's much faster. Doing an rm -rf ./wp-admin takes a second, wheras deleting the entire wp-admin directory via FTP will take several minutes as it digs into each sub-sub-folder and removes each file individually.

    The post I linked to gives a pretty good tutorial, but it is, of course, dependent on your host giving you SSH access.

  7. Chris Reynolds
    Member
    Posted 1 year ago #

    I should point out that if you're deleting files manually via FTP, DON'T DELETE YOUR WP-CONFIG FILE!!!

    However, that said, wp-config.php is often the target for code injection, so a good idea would be to take a look at that file and see if there's any code that doesn't look right at the top or the bottom of the file.

  8. Chenoa - PayerFusion
    Member
    Posted 1 year ago #

    Thanks Chris!

    The error did disappear after I changed the file permissions from 755 to 777 and then back to 755. Also, I found a few corrupt files and cleaned them. I'll be going through my wp-content folder and replacing plugin files with fresh, updated versions.

  9. Chris Reynolds
    Member
    Posted 1 year ago #

    Good luck! And don't forget to check your wp-config.php file and just take a quick gander at your other directories to see if there are things in there that don't look right.

  10. candrichuk
    Member
    Posted 1 year ago #

    Hi,
    I have recently run into a similar problem as discussed in this post. I uploaded a plugin - WP Bulletin Board (since removed and deleted the files) and it looks like it has conflicted with my theme, Aggregate (Elegant Themes) or loaded some type of malicious script. My site is still functioning but I can no longer access my editor as well I have warning script above the editor area (it has been pushed down below the warning script) and I also have warning script when I open up an existing page to edit it - the script is under page attributes (it has eliminated my page theme option). I have emailed Elegant Themes for some help / assistance and have yet to get a response from them. I am not a techie and am feeling a bit desperate as to how to fix this. Can anyone help me with this problem? I have updated WP to 3.5.1. The script I am getting is as follows:

    Warning: scandir(/home/content/82/5919282/html/travelagentrevolution/wp-content/themes/Aggregate) [function.scandir]: failed to open dir: Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

    Warning: scandir() [function.scandir]: (errno 13): Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

    Warning: Invalid argument supplied for foreach() in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 983

    Warning: scandir(/home/content/82/5919282/html/travelagentrevolution/wp-content/themes/Aggregate) [function.scandir]: failed to open dir: Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

    Warning: scandir() [function.scandir]: (errno 13): Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

    Warning: Invalid argument supplied for foreach() in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 983

    Thank you!
    Cheri

  11. Chris Reynolds
    Member
    Posted 1 year ago #

    Sounds like you have a malicious script somewhere on your site. I'd recommend one of the things I posted above here and here.

    If you're not comfortable cleaning the code yourself, you may want to hire a professional to fix your site.
    http://sucuri.net/

  12. candrichuk
    Member
    Posted 1 year ago #

    Thank you, Chris!
    I checked out Sucuri and used their free scan of my website and it came out clean - nothing malicious. As I mentioned, I am not technical and do not feel comfortable attempting what you posted above myself. I would rather pay for a service or someone to clean up this mess, however, I want to make sure that Sucuri is the right choice after running the free scan and finding out that my site is clean. If not, what do you recommend?
    Thanks, again, for your help!
    Cheri

  13. Chris Reynolds
    Member
    Posted 1 year ago #

    Sucuri is the best there is. They could tell you for sure if your site is infected or not, but the scandir error sounds really fishy to me. Especially if it just randomly happened.

  14. Chris Reynolds
    Member
    Posted 1 year ago #

    Also, it's hard for any kind of automated tool to give you an absolute "yea" or "nay". Their tool is great, but it does miss some things occasionally.

  15. candrichuk
    Member
    Posted 1 year ago #

    Ok, Sucuri it is! Thanks, again, I really appreciate your help!

  16. shane pearce
    Member
    Posted 1 year ago #

    I had the
    Warning: scandir(/home/content/82/5919282/html/travelagentrevolution/wp-content/themes/Aggregate) [function.scandir]: failed to open dir: Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

    after installing wpbb plugin
    the way I fixed it was going to the wp-content/themes and setting the permissions on twentyeleven to user read

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.