there may be some more relevant logs than just that line. assuming the site doesn't doesn't get lots of traffic from elsewhere, perhaps the easiest way to find out which bits of log are relevant is to open a couple of ssh sessions to the server, and run: tail -f /var/www/<domainname.tld>/log/error.log in one ssh session and in the other: tail -f /var/www/<domainname.tld>/web/wp-content/debug.log press enter a couple of times in each one to create some blank lines so it's easy to see where the relevant bit of log starts. then try to make the failing api call again. you can then be pretty confident (unless someone else accesses the site in extremely bad timing) that anything new logged in those tails is related to your problem.
did as you said, for the debug.log i get an error no such file for the first error.log here is what is in there [Wed May 06 14:00:49.873549 2020] [proxy_fcgi:error] [pid 24780] [client 71.38.223.185:23605] AH01071: Got error 'e 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168PHP message: PHP Warning: chmod(): Operation not permitted in /var/www/clients/client0/web1/web/wp-admin/includes/class-wp-filesystem-direct.php on line 168', referer: https://domain.com/wp-admin/plugins.php?plugin_status=upgrade [Wed May 06 16:06:07.651725 2020] [authz_core:error] [pid 617] [client 34.229.141.32:49790] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/wp-includes/css/index.php [Wed May 06 16:06:07.853350 2020] [authz_core:error] [pid 5384] [client 34.229.141.32:49828] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/wp-content/themes/ciyashop/index.php, referer: http://sucuri.net [Wed May 06 16:07:29.387979 2020] [proxy_fcgi:error] [pid 4456] [client 71.38.223.185:27421] AH01071: Got error 'PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/clients/client0/web1/web/wp-content/plugins/sucuri-scanner/src/integrity.lib.php on line 124', referer: https://domain.com/wp-admin/admin.php?page=sucuriscan [Wed May 06 16:10:13.928911 2020] [authz_core:error] [pid 617] [client 71.38.223.185:54186] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/wp-content/themes/ciyashop/index.php, referer: https://domain.com/wp-login.php?interim-login=1&wp_lang=en_US [Wed May 06 16:10:18.480879 2020] [authz_core:error] [pid 32019] [client 71.38.223.185:47379] AH01630: client denied by server configuration: /var/www/clients/client0/web1/web/wp-content/themes/ciyashop/index.php, referer: https://domain.com/wp-login.php [Wed May 06 16:25:03.345072 2020] [proxy_fcgi:error] [pid 5842] [client 35.188.123.253:32376] AH01071: Got error 'PHP message: PHP Notice: Undefined index: HTTP_USER_AGENT in /var/www/clients/client0/web1/web/wp-content/plugins/woo-variation-gallery/includes/functions.php on line 11'
in my status for woocommerce, i see this Server info: Apache/2.4.38 (Debian) PHP version: 7.3.14-1~deb10u1 PHP post max size: 100 MB PHP time limit: 30 PHP max input vars: 1000 cURL version: 7.64.0, OpenSSL/1.1.1d SUHOSIN installed: – MySQL version: 5.5.5-10.3.22-MariaDB-0+deb10u1 Max upload size: 100 MB however i changed the php.ini files in /etc/php/7.3/apache and also in php-fpm to alot more but its not reflecting here, is there somewhere else i need to change this? i read that memory limits migt cause a 401 error as well
if you're changing those php.ini files, you need to run systemctl restart apache2 or systemctl reload apache2 or systemctl restart php7.3-fpm or systemctl reload php7.3-fpm depending on which php handler you changed settings for. did you edit this to hide the referrer domain or is this request really coming from this domain?
hhm.. those errors start with a lot of the same error which indicates that the file/folder owner/permissions are not right. which is odd, since I posted how to do that on the first page and you said it had been done. can you post the output of ls -la from within the web folder, and just to be sure, from the folder above web as well. also, check the website details in the control panel as well, double check that it's set to use php-fpm and that suexec is enabled.
yes suexec is enabled, here is the output total 236 drwxr-xr-x 9 web1 client0 4096 May 6 16:07 . drwxr-xr-x 11 root root 4096 Apr 30 00:06 .. drwxr-xr-x 2 web1 client0 4096 May 3 00:06 error -rw-r--r-- 1 web1 client0 1812 May 3 00:14 .htaccess -rw-r--r-- 1 web1 client0 625 May 1 09:49 .htaccess.bk -rw-r--r-- 1 web1 client0 405 Apr 13 02:33 index.php -rw-r--r-- 1 web1 client0 19915 Apr 30 21:04 license.txt drwxr-xr-x 3 web1 client0 4096 May 7 00:04 stats drwxr-xr-x 2 web1 client0 4096 May 6 14:04 .well-known -rw-r--r-- 1 web1 client0 6912 Apr 13 02:33 wp-activate.php drwxr-xr-x 9 web1 client0 4096 Apr 13 02:32 wp-admin -rw-r--r-- 1 web1 client0 351 Apr 13 02:33 wp-blog-header.php -rw-r--r-- 1 web1 client0 2275 Apr 13 02:33 wp-comments-post.php -rw-r--r-- 1 web1 client0 3402 May 6 16:42 wp-config.php -rw-r--r-- 1 web1 client0 2913 Apr 13 02:33 wp-config-sample.php drwxr-xr-x 8 web1 client0 4096 May 6 16:34 wp-content -rw-r--r-- 1 web1 client0 3940 Apr 13 02:33 wp-cron.php drwxr-xr-x 21 web1 client0 12288 Apr 14 11:16 wp-includes -rw-r--r-- 1 web1 client0 2496 Apr 13 02:33 wp-links-opml.php -rw-r--r-- 1 web1 client0 3300 Apr 13 02:33 wp-load.php -rw-r--r-- 1 web1 client0 47874 Apr 13 02:33 wp-login.php -rw-r--r-- 1 web1 client0 8509 Apr 30 21:04 wp-mail.php -rw-r--r-- 1 web1 client0 19396 Apr 30 21:04 wp-settings.php -rw-r--r-- 1 web1 client0 31111 Apr 13 02:33 wp-signup.php drwxr-xr-x 3 web1 client0 4096 Apr 13 02:34 wp-snapshots -rw-r--r-- 1 web1 client0 4755 Apr 13 02:33 wp-trackback.php -rw-r--r-- 1 web1 client0 3133 Apr 13 02:33 xmlrpc.php
i will restart all of them as you indicated. as for the error to hide the referrer, no i didnt do anything, maybe the web securi plugin named sucuri did that? ciyashop is my web theme that i bought
owner/permissions look ok. so I don't see anything there that should cause problems with chmod. i'm assuming that 71.38.223.185 is your ip? i'm concerned about where all those references to domain.com are coming from, I hope that's not the domain you're using for the site? if not, what is the domain for this site? as for the final error, I believe there's some code in that plugin like that needs to be changed to although that's not really a change that you should make manually. perhaps make sure wordpress, the theme, and all the plugins are the latest versions.... if it'll allow you to update successfully... it may be worth disabling the woo-variations-gallery and secure plugins and see how it goes then, see it any errors change/go away. they could be interfering with the sites correct behaviour.
no my IP is 65.113.18.164 as for domain.com, its not the real domain, i put that, as my domain has the word he-rb-al (without the -) in it and this forum blocks my posts saying its a spam post. so i changed it to domain.com. my domain is https://bhh-erb-al-solutions.com (without the -, again cant post with real name) also yes i disabled yesterday the variation gallery, and deleted it. all my plugins are up to date. i will try to disable all plugins and see if somehow i can run a curl properly
65.113.18.164 is the server ip. when I asked about the ip, I was asking if it's the ip that your browsing to the site from. those bits of log show 3 ip's connecting to the site, 71.38.223.185, 34.229.141.32, and 35.188.123.253 I was just trying to determine which of those bits of log was your testing, and which are just random public access. and there's still no debug.log in wp-content? have you changed anything in /etc/apache2/apache2.conf?
still no debug.log no i did not change apache2.conf, should i? i don tknow those ip address, maybe their random public ones
no the apache conf shouldn't have been changed. but that was one possible reason. is this your own server? is it a physical server or vps you have complete control over? or does some hosting/server company give you access and they may update/upgrade it themselves? did you install Debian on it yourself? or was it already installed? i'm just wondering if someone/something else may have altered that config, or maybe the suexec module isn't installed/enabled. did you install this following the perfect server tutorial? if so, did you type it in, or cut & paste. essentially, i'm just wondering if it's worth going back through the tutorial and repeating the bits for installing/configuring apache and php, in case something there got missed or mistyped. or maybe something failed and didn't get spotted. it's those errors about php not being able to use chmod, and the debug log not being created in wp-content that keep bugging me. it just seems to point to something off about the owner/group id/permissions, the files/directories permissions and ownsership look ok, and if you changed them from /web using the commands I posted before, they should be ok through all the subdirectories, which leaves the id's that the apache/php processes are using as the culprits. have you got an ftp user and ssh user configured for that website? if so, ssh in as that user and create a file in the wp-content folder, and upload any file using ftp. either way should confirm that the file permissions are fine and if the apache/php processes are using the correct permissions then they should have created the debug.log file.
so this is my setup I'm on a dedicated fiber, and i use pfsense firewall. i have a dedicated server. my server is centos 8, this ispconfig is a virtual server image that i installed following this tutorial https://www.howtoforge.com/tutorial/debian-10-buster-minimal-server/ then i installed ispconfig following this tutorial https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/ i have a second virtual server (an older one with centos 7) and that one is also having the same issue, hence i believe i followed the tutorial for my new virtual server running debian correctly and i also rechecked it today. i ran this command and it says systemctl status suexec Unit suexec.service could not be found. does this mean its not installed? i did do this apt-get -y install apache2 apache2-doc apache2-utils libapache2-mod-php php7.3 php7.3-common php7.3-gd php7.3-mysql php7.3-imap php7.3-cli php7.3-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear mcrypt imagemagick libruby libapache2-mod-python php7.3-curl php7.3-intl php7.3-pspell php7.3-recode php7.3-sqlite3 php7.3-tidy php7.3-xmlrpc php7.3-xsl memcached php-memcache php-imagick php-gettext php7.3-zip php7.3-mbstring memcached libapache2-mod-passenger php7.3-soap php7.3-fpm php7.3-opcache php-apcu a2enmod suexec rewrite ssl actions include dav_fs dav auth_digest cgi headers actions proxy_fcgi alias if i run apachectl -M AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73 Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) logio_module (static) version_module (static) unixd_module (static) access_compat_module (shared) actions_module (shared) alias_module (shared) auth_basic_module (shared) auth_digest_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) dav_module (shared) dav_fs_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) fcgid_module (shared) filter_module (shared) headers_module (shared) include_module (shared) mime_module (shared) mpm_prefork_module (shared) negotiation_module (shared) passenger_module (shared) php7_module (shared) proxy_module (shared) proxy_fcgi_module (shared) python_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) socache_shmcb_module (shared) ssl_module (shared) status_module (shared) suexec_module (shared) i did upload all files originally with with root user, but then changed permissions as per your instructions. now i created an FTP user and an ssh user, when i try to upload using this user i get this error Listing directory /var/www/clients/client0/web1/web/wp-content Command: put "C:\Users\binya\Downloads\b2dcd885.html" "b2dcd885.html" Error: /var/www/clients/client0/web1/web/wp-content/b2dcd885.html: open for write: permission denied Error: File transfer failed Status: Retrieving directory listing of "/var/www/clients/client0/web1/web/wp-content"... Status: Listing directory /var/www/clients/client0/web1/web/wp-content Status: Directory listing of "/var/www/clients/client0/web1/web/wp-content" successful should i backup my site, download files, and then reuplaod using this new user and maybe permissions will be fixed?
also if i try to create a file using ssh, i get this error on the NON root user [ Error writing 1.php: Permission denied ]
So indeed sounds like a simple file (and/or directory) ownership/permissions problem. You show things owned by web1:client0, can you confirm that is the correct user/group? Maybe you succeeded in changing ownership, but to the wrong user or such? (Although your file paths do read client0 and web1.) Maybe there's some other restriction going on, eg. selinux or apparmor? Check that your mount point is read-write ... you can create a new file as root?
yes web1:client0 is correct i don't think there is selinux, i think the tutorial had us disabled that. yes root can create a file
actually in the debian tutorial, i don't see that we disabled selinux, How do i check if selinux or apparmur are running on debian?
On debian server, they are not active unless you activated them yourself. Further info using Internet Search Engines with Code: How do i check if selinux or apparmor are running on debian?
well. i'm stumped. selinux and apparmor seem to be the only things left, but as @Taleman says, they're not active by default. since you haven't mentioned anything about multiple disks/partitions or mount points yet, which would be an obvious thing to look at with permissions issues, I'm assuming that this is a vps with a single disk/partition. i suppose it's possible that the os is finding a filesystem/disk issue and remounting / read-only, but then you wouldn't be able to create files as root, and the amount of errors it'd throw up on screen, you'd definitely know about it by now. since you say this Debian vps is running on a centos host, and another centos guest vps on that host is displaying the same issue, i'd be inclined to say that something on the host or the pfsense firewall is interfering and causing the problem. but for the life of me, I can't think of any way that something like that can interfere with the guest vps's ability to create a file within an ssh session. but if selinux and apparmor can be ruled out, and since ftp and ssh are not affected by any apache/php misconfiguration or missing modules. there's nothing else left that I can think of. when all other options have been eliminated then whatever remains, however improbable, must be the truth.
