Error received when trying to access outside dirs

  • Resolved barrychapman

    (@barrychapman)


    5 years, 5 months ago

    Warning: file_exists(): open_basedir restriction in effect. File(/var/www/html/xxxx.com/.htaccess) is not within the allowed path(s): (/var/www/html/xxxx.com/html/:/usr/lib/php/:/tmp/:/data/sucuri) in /var/www/html/xxxx.com/html/wp-content/plugins/sucuri-scanner/src/base.lib.php on line 387

    We have our php restricting access to $basedir which is defined as in this case: /var/www/html/xxxx.com with root being set to $basedir/html

    Why is sucuri trying to access the parent folders? This smells a lot like something bad

Viewing 1 replies (of 1 total)
  • yorman

    (@yorman)

    5 years, 5 months ago

    Line 387 in the “base.lib.php” file is part of this function [1].

    The function tries to locate the main “.htaccess” file to check if it has been infected with any piece of malicious code. Because of how WordPress works, this file can be located in three different directories:

    • rtrim(ABSPATH, '/'),
    • dirname(ABSPATH),
    • dirname(dirname(ABSPATH)),

    If your website is installed at /var/www/html/example.com/html/ then ABSPATH will be equal to that path and then the plugin will try to find the access control file in these three different locations (and stops once it finds it):

    • /var/www/html/example.com/html/.htaccess
    • /var/www/html/example.com/.htaccess
    • /var/www/html/.htaccess

    It seems that you don’t have any access control file at the root of your WordPress installation or the file is not readable, that’s why the plugin is trying to read the content of the parent directory. You can either create an empty file in the first location, or you can force the file scanner to ignore these directories from the “Scanner” panel located in the plugin’ settings page.

    Let me know if you need more information.

    [1] https://github.com/Sucuri/sucuri-wordpress-plugin/blob/ceaf0d2e4ff46c4ec32a2c069f2138643809e52e/src/base.lib.php#L370-L394

Viewing 1 replies (of 1 total)
  • The topic ‘Error received when trying to access outside dirs’ is closed to new replies.