Scan not starting – wp_remote_post() test back failed

  • Resolved multiformeingegno

    (@lorenzone92)


    11 months ago

    I’ve recently moved my WordPress sites to a new DigitalOcean droplet (with the same config: 1vCPU, 2GB RAM) with PHP8.1-FPM and nginx.

    For some reason WordFence is unable to start scans. The scan immediately stops:

    • [Dec 24 12:35:06]?Attempting to resume scan stage (0 attempt(s) remaining)…
    • [Dec 24 12:33:42]?Attempting to resume scan stage (1 attempt(s) remaining)…
    • [Dec 24 12:32:31]?Scan stop request received.
    • [Dec 24 09:05:22]?Attempting to resume scan stage (0 attempt(s) remaining)…
    • [Dec 24 08:52:06]?Attempting to resume scan stage (1 attempt(s) remaining)…
    • [Dec 24 08:50:55]?Scheduled Wordfence scan starting at Sunday 24th of December 2023 08:50:55 AM

    I tried to change the settings to start scans remotely, but I had no luck with that. cURL is installed and enabled in my PHP installation.

    A few more details. ufw is not active, but I have set up some rules in the DigitalOcean firewall. I opened up ports 80 and 443 to the WordFence IPs listed here:

    • 44.239.130.172
    • 44.238.191.15
    • 35.155.126.231
    • 54.68.32.247
    • 44.235.211.232
    • 54.71.203.174

    I even tried disabling the firewall entirely, still no luck.

    I’ve set up PHP-FPM to use a custom pool for every site I have, and files and dirs are owned by the user running the PHP-FPM processes. I set up open_basedir to only allow access to the site’s root directory and the /tmp directory.

    Here are some PHP config parameters in case it’s helpful:

    pm.max_children = 6
pm.start_servers = 3
pm.min_spare_servers = 2
pm.max_spare_servers = 3
pm.process_idle_timeout = 10s;
pm.max_requests = 500

    There’s a 256MB memory_limit.

    I have disabled the following PHP functions (these were also disabled in my old server, where scans are working):

    disable_functions = dl,exec,expect_popen,fpaththru,getmypid,getmyuid,leak,listen,passthru,pcntl_alarm,pcntl_async_signals,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_signal_get_handler,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_unshare,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifcontinued,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,popen,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,system,system_exec

    In WordFence’s diagnostics page I see this error:

    • Connecting back to this site: wp_remote_post() test back to this server failed! Response was: cURL error 28: Operation timed out after 10002 milliseconds with 0 bytes received
    • Connecting back to this site via IPv6 (not required; failure to connect may not be an issue on some sites): wp_remote_post() test back to this server failed! Response was: cURL error 7:

    Which is strange because in Diagnostics WordFence also says:

    Checking for cURL support: ? 7.81.0 (0x75100)

    Does anyone have an idea what’s going on?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfmark

    (@wfmark)

    Hi@lorenzone92, Thank you for reaching out and sharing all the troubleshooting steps you have taken so far.

    The cURL error 28 is a common error and usually temporary. If the error is persistent, please reach out to your hosting provider so that they can take a look at the issue with the cURL library on your hosting server.

    Please do the following so I can get the information I need to help you:

    • Go to the Wordfence > Tools > Diagnostics page
    • In the “Debugging Options” section check the circle “Enable debugging mode” 
    • Click to “Save Changes”.
    • CANCEL any current scan and start a NEW scan
    • Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log once the scan finishes and paste them in this post.

    Wordfence > Tools > Diagnostic > Debugging Screenshot

    This will help me see exactly what is happening when the scan fails.

    Additionally, please send a diagnostic report to wftest @ wordfence.com. You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

    Thanks,

    Mark.

    Thread Starter multiformeingegno

    (@lorenzone92)

    Thanks Mark.

    These are the last few lines from the logs:

    [Dec 28 01:32:24] Scan process ended after forking.

[Dec 28 01:32:23] Starting cron via proxy at URL https://noc1.wordfence.com/scanp/website.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=custom&cronKey=xxxx952411016ad345b27a19bdc23509&k=b949c79685a604a808bb69a061f04xxxx92ba1a34d16dc5229cea96d46bc7f4674a291b58689a782ef72f19d3fc0e5577c43b381f7ddd891c864acd7b9001575d279ffb3a6abd4f665e3c379ea31af59&ssl=1&signature=bd9718c1a4f5ff98032714a38e15d7509c9801d5f19a1b6bd300c97487403897

[Dec 28 01:32:23] Test result of scan start URL fetch: array ( 'headers' => WpOrg\Requests\Utility\CaseInsensitiveDictionary::__set_state(array( 'data' => array ( 'date' => 'Thu, 28 Dec 2023 00:32:23 GMT', 'content-type' => 'text/html; charset=UTF-8', 'x-frame-options' => 'SAMEORIGIN', 'referrer-policy' => 'same-origin', 'cache-control' => 'max-age=15', 'expires' => 'Thu, 28 Dec 2023 00:32:38 GMT', 'report-to' => '{"endpoints":[{"url":"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FaMHYtZlukP4omAxd6Kf4d1H6WwAOpeERCQD7I6YJ6BZrQhBUsEKBoPxWm864y1oqz7FQIuECa7DWsj8np1PcQ5mfa5pmnug7KlFFoRxUs5%2FcF3%2FqQpg4tRXXDi%2F0tKrTNY%3D"}],"group":"cf-nel","max_age":604800}', 'nel' => '{"success_fraction":0,"report_to":"cf-nel","max_age":604800}', 'vary' => 'Accept-Encoding', 'strict-transport-security' => 'max-age=2592000; preload', 'x-content-type-options' => 'nosniff', 'server' => 'cloudflare', 'cf-ray' => '53c5b4b299c7b903

[Dec 28 01:32:23] getMaxExecutionTime() returning half ini value: 15

[Dec 28 01:32:23] Got max_execution_time value from ini: 30

[Dec 28 01:32:23] Got value from wf config maxExecutionTime: 0

[Dec 28 01:32:23] Entering start scan routine

[Dec 28 01:32:23] Ajax request received to start scan.

[Dec 28 01:31:13o] SUM_KILLED:A request was received to stop the previous scan.

[Dec 28 01:31:13] Scan stop request received.

[Dec 28 01:30:43] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=xxxxx79685a604a808bb69a061f042cb892ba1a34d16dc5229cea96d46bc7f4674a291b58689a782ef72f19d3fc0e5577c43b381f7ddd891c864acd7b9001575d279ffb3a6abd4f665e3c379ea31af59&s=eyJ3cCI6IjYuNC4yIiwid2YiOiI3LjExLjAiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvY2luZW1hdHJvaXNpLml0Iiwic3NsdiI6ODA1MzA2NDAwLCJwdiI6IjguMS4yLTF1YnVudHUyLjE0IiwicHQiOiJmcG0tZmNnaSIsImN2IjoiNy44MS4wIiwiY3MiOiJPcGVuU1NMXC8zLjAuMiIsInN2IjoibmdpbnhcLzEuMTguMCIsImR2IjoiOC4wLjM1LTB1YnVudHUwLjIyLjA0LjEiLCJsYW5nIjoiaXRfSVQxxx&action=timestamp

[Dec 27 10:27:19] Attempting to resume scan stage (0 attempt(s) remaining)...

[Dec 27 10:26:06] Attempting to resume scan stage (1 attempt(s) remaining)...

[Dec 27 10:23:21] Attempting to resume scan stage (2 attempt(s) remaining)...

[Dec 27 06:55:08] Attempting to resume scan stage (0 attempt(s) remaining)...

[Dec 27 06:53:37] Attempting to resume scan stage (1 attempt(s) remaining)...

[Dec 27 06:52:25] Attempting to resume scan stage (2 attempt(s) remaining)...

[Dec 27 06:50:25] Scheduled Wordfence scan starting at Wednesday 27th of December 2023 06:50:25 AM

[Dec 26 10:25:34] Attempting to resume scan stage (0 attempt(s) remaining)...

[Dec 26 10:23:28] Attempting to resume scan stage (1 attempt(s) remaining)...

[Dec 26 10:22:20] Attempting to resume scan stage (2 attempt(s) remaining)...

[Dec 25 10:25:05] Attempting to resume scan stage (0 attempt(s) remaining)...

[Dec 25 10:23:44] Attempting to resume scan stage (1 attempt(s) remaining)...

[Dec 25 10:21:53] Attempting to resume scan stage (2 attempt(s) remaining)...

[Dec 24 10:25:23] Attempting to resume scan stage (0 attempt(s) remaining)...

    I’ve also sent an email via “Send Report by Email”.

    Thread Starter multiformeingegno

    (@lorenzone92)

    Hi @wfmark any ideas?

    Plugin Support wfmark

    (@wfmark)

    Hi @lorenzone92, Thank you for sending the diagnostic report.

    From the diagnostic report, it looks like Cloudflare is blocking your site from connecting back to itself.

    You will need to update your Cloudflare settings to allow your site to connect back to itself. You should be able to do this by going to your Cloudflare control panel.

    • Login to Cloudflare
    • Go to “Firewall”
    • Click the “Firewall Rules” tab
    • Click “Create a Firewall rule”
    • Name the rule under “Rule Name”
    • Set the “Field” under “When incoming requests match…” to “IP Source Address”
    • Enter your site’s IP address under “Value”
    • At the bottom, under “Then…Choose an action” change “Block” to “Allow”
    • Click “Deploy

    Once you have added your site to the Cloudflare allowlist, head back over to your site and attempt another scan. Sometimes, the same process needs to be done for our IP addresses, which can be found here: https://www.wordfence.com/help/advanced/#servers-and-ip-range

    Instructions for allowlisting on Cloudflare are available here: https://www.wordfence.com/help/central/connect/#troubleshooting-connection-issues

    Also ensure your visitor IP detection is set up correctly for Cloudflare. Head over to your site and go to Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs. You will most likely need to select “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.”.

    Thanks, 

    Mark.

    Thread Starter multiformeingegno

    (@lorenzone92)

    Thank you for the reply @wfmark I appreciate the help.

    Manually adding WordFence IPs to the allow list did the trick. Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Scan not starting – wp_remote_post() test back failed’ is closed to new replies.