LFD Suspicious Process Warning For Cron After WP 4.9.1 Upgrade

  • Resolved linux4me2

    (@linux4me2)


    6 years, 11 months ago

    The day after upgrading my sites to WordPress 4.9.1, I started getting notices from ConfigServer Firewall (CSF) Login Failure Daemon (LFD) that say:

    
lfd on host.myserver.com: Suspicious process running under user iwp_user

Time:    Tue Dec  5 11:01:19 2017 -0500
PID:     15316 (Parent PID:15313)
Account: iwp_user
Uptime:  78 seconds

Executable:

/home/virtfs/iwp_user/opt/cpanel/ea-php70/root/usr/bin/php

Command Line (often faked in exploits):

/opt/cpanel/ea-php70/root/usr/bin/php /home/iwp_user/public_html/iwp/cron.php

    The warning appears to have been triggered by the time it took IWP’s cron.php to execute, which exceeds the setting (60s) I have in CSF.

    I haven’t changed that setting or added any sites. The only change seems to have been the WordPress upgrade, so all I’ve been able to figure out so far is that cron.php apparently has taken less time than the 60s limit prior to the WP 4.9.1 upgrade, but now it takes longer and is triggering the warnings.

    I know I could increase the 60 second limit, or whitelist cron.php in CSF, but I would rather not do so if this is pointing to some issue following the update. I don’t see anything in my error logs.

    The server is just coasting, so would adjustment of the App Settings in IWP reduce the time cron.php takes to run? My current settings, which I don’t think I’ve ever changed from the defaults, are:

    • MAX SIMULTANEOUS READ / WRITE REQUESTS PER IP: 2
    • MAX SIMULTANEOUS REQUESTS FROM THIS SERVER: 3
    • TIME DELAY BETWEEN REQUESTS TO WEBSITES ON THE SAME IP: 200
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author infinitewp

    (@infinitewp)

    Hi,

    Have you added any schedule tasks like backups, client reporting, WP maintenance or daily email notifications for updates? Only these tasks take more time to run/complete.
    You can easily fix the problem by whitelisting the cron.php. Since you don’t want to do it, change Max requests value to 1 which will delay any tasks you perform on the panel.

    Also, we recently changed our hook from setup_theme to wp_loaded which will wait for WordPress to load. Reload data call will wait for the WordPress to load in order to fetch the premium plugin/theme updates to your admin panel. I suspect that this could also take time to perform reload data.
    The cron.php will trigger all schedule tasks and the closing time may vary depending on your server response.

    If you still got any other questions or concerns, feel free to write us back at [email protected]

    Thread Starter linux4me2

    (@linux4me2)

    Thanks for the reply.

    No, I haven’t added any tasks.

    Do you mean reducing “MAX SIMULTANEOUS READ / WRITE REQUESTS PER IP” or “MAX SIMULTANEOUS REQUESTS FROM THIS SERVER” might help?

    In my case, all the sites are on the same server, and most are on the same shared IP address, so it seems like increasing the max simultaneous read/write requests per IP and max simultaneous requests from the server would be the direction to go to shorten the cron run time and prevent triggering LFD.

    Thread Starter linux4me2

    (@linux4me2)

    I tried increasing MAX SIMULTANEOUS READ / WRITE REQUESTS PER IP to 4 and MAX SIMULTANEOUS REQUESTS FROM THIS SERVER to 8 which I thought might decrease the process time, but I still got the LFD warning and the uptime was about the same at 79 seconds.

    Next, I’ll try reducing the MAX SIMULTANEOUS READ / WRITE REQUESTS PER IP to 1 and see if that makes any difference.

    Plugin Author infinitewp

    (@infinitewp)

    Hi,

    Yes, please try reducing the number of MAX SIMULTANEOUS REQUESTS. I am sure that this will shorten the cron run time on your server. If you still experience the same problem,
    I kindly request you to write to us at [email protected] and our tech support team will assist you further in getting this issue sorted out on your server.

    Thread Starter linux4me2

    (@linux4me2)

    With MAX SIMULTANEOUS READ / WRITE REQUESTS PER IP set to 4, the cron process took 79 seconds, and with it reduced to 1, it took 78 seconds, so the difference wasn’t significant and I still got the LFD warning since the process exceeded 60 seconds.

    I’ll email your support desk and see what they suggest.

    Thread Starter linux4me2

    (@linux4me2)

    I did contact the support desk and found out that rolling back to version 1.6.6.3 of the IWP Client plugin on all my sites resolved the warnings I was getting from LFD about a long-running script.

    The support desk provided the following information:

    I checked our development team and looks like we have changed the calling procedure of IWP client plugin from setup theme to WPLoader which is causing more time to load the plugin in the background. Especially while loading the site for update check via cron.php your site takes more time to respond than the max timeout limit set on your IWP server.
    There are two ways to go about this.

    One is to increase the timeout value or whitelist cron.php
    Second is to migrate your admin panel to an alternate server with higher timeout limits.

    Sorry, we have changed the calling procedure to support premium plugin/theme updates with InfiniteWP admin panel.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘LFD Suspicious Process Warning For Cron After WP 4.9.1 Upgrade’ is closed to new replies.