Warning: session_start errors

I noticed today that I am getting the following warning on my site www.kb5bfa.com. I have made no recent changes so I am not sure what has caused this. I get the following warnings:

Warning: session_start() [function.session-start]: open(/home/content/73/3462373/tmp/sess_h73cqtkvre69ima7me205qk3v3, O_RDWR) failed: No such file or directory (2) in /home/content/73/3462373/html/Settings.php on line 316

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/73/3462373/html/Settings.php:316) in /home/content/73/3462373/html/Settings.php on line 316

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/73/3462373/html/Settings.php:316) in /home/content/73/3462373/html/Settings.php on line 316

Warning: Cannot modify header information - headers already sent by (output started at /home/content/73/3462373/html/Settings.php:316) in /home/content/73/3462373/html/top.php on line 38

I checked line 316 of my settings.php and it contains the following:
session_start(); // for preservation of language settings.

Line 38 of top.php contains:
header(“Content-Type: text/html; charset=”.strtoupper($SITE[‘charset’]));

Regards,
Kerstan

That is caused by your hoster’s PHP setup – the ./tmp/ directory may be missing on your filesystem. Call their tech support to get it resolved.

I called the hosting company and they checked what you suggested and found nothing. They are now telling me the site has been compromised. I am going to build a Linux VM and setup my own server and see if I get the same errors. Not sure where to go from here.

They are now telling me the site has been compromised.

Oooh… that is NOT GOOD… have they given any details about the ‘compromise’?

Your current PHP setup (by the hoster) has the session files directed to /home/content/73/3462373/tmp/
If that directory /tmp/ doesn’t exist, that would cause the issues. Can you use your FTP connection to look at /home/content/73/3462373/ and see what directories exist? If there isn’t a tmp/ directory shown, try creating one.

Well I am proud to say this if fixed. I use an FTP client to access my server and discovered that all the folders had a new date of yesterday at 7pm. So I called back for the 3rd time and finally got someone with some skills and he confirmed my site was migrated to a new host last night and the new box could not access the file system where the temp php files are stored. This guy fixed it and then I spent 15 minutes telling the floor supervisor that employee number 1 told me my site was hacked, employee #2 checked something and then told me my site was hacked BUT for 200$ per year they have a service that would identify the malicious code, remove it and protect my site from hackers. Employee number 3 actually listened to me and took the time and actually discovered the file system was not accessible and actually fixed it. I am going to send them an invoice for IT consulting and see if they will pay it.

Thanks for the help!

Glad it’s sorted out now. Yes, migration by hoster to new (unprepared) server will do it every time. Too bad the first-level folks have ‘compromise’ as the stock answer when ‘unprepared server’ is an easy thing to check. Glad there was employee #3 to actually diagnose and fix the issue(s).