warn-phpd permission denied

Community support forums for the free/delayed modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the delayed modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
nobody
Forum Regular
Forum Regular
Posts: 349
Joined: Sun Mar 29, 2009 6:52 pm

warn-phpd permission denied

Unread post by nobody »

Hello guys. I got this from OSSEC and I have no idea whats going on. Mod evasive didn't block it and I don't even get what its trying to accomplish to be honest... This site is probably an old version of cs cart...

Received From: plesk->/var/log/httpd/error_log
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

[Thu Jul 05 21:41:23 2012] [warn-phpd] mmap cache can't open /var/www/vhosts/somedomain.org/httpdocs/var/compiled/mail/%%B2^B27^B27F06E6%%order_notification_subj.tpl.php - Permission denied (pid 19211)


[Thu Jul 05 21:41:23 2012] [warn-phpd] mmap cache can't open /var/www/vhosts/somedomain.org/httpdocs/var/compiled/mail/%%5A^5AF^5AFE5E7B%%order_notification.tpl.php - Permission denied (pid 19211)
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4120
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: warn-phpd permission denied

Unread post by mikeshinn »

That doesnt look like an attack, that looks like a misconfiguration. This:
mmap cache can't open /var/www/vhosts/somedomain.org/httpdocs/var/compiled/mail/%%B2^B27^B27F06E6%%order_notification_subj.tpl.php - Permission denied (pid 19211)
Looks like the domain is setup to generate php opcode and to store it in the subdirectory /var/compiled/mail/, and it cant open the compiled opcode in that directory. Are the permissions on that directory setup to allow your webserver to read (and probably also write) to/from that directory?
nobody
Forum Regular
Forum Regular
Posts: 349
Joined: Sun Mar 29, 2009 6:52 pm

Re: warn-phpd permission denied

Unread post by nobody »

mikeshinn wrote:That doesnt look like an attack, that looks like a misconfiguration. This:
mmap cache can't open /var/www/vhosts/somedomain.org/httpdocs/var/compiled/mail/%%B2^B27^B27F06E6%%order_notification_subj.tpl.php - Permission denied (pid 19211)
Looks like the domain is setup to generate php opcode and to store it in the subdirectory /var/compiled/mail/, and it cant open the compiled opcode in that directory. Are the permissions on that directory setup to allow your webserver to read (and probably also write) to/from that directory?

Changed it to 755. Probably it was a permissions issue ...
Hello IT.
Phone : Blah Blah ....
Have you tried turning it on and off again ?
Phone : Blah Blah ....
....
I'm sorry, are you from the Past ?!
http://www.youtube.com/watch?v=-E4fm4Wqego
Post Reply