Scan stopping

Wordfence team. I need your help here. I already send my activity reports you

Hello @livingstonewere and thanks for reaching out!

Can you do the following so I can get the information I need to help you?

• Kill the existing scan if it is still running (The “Start New Scan” button turns in to a “Stop” button while the scan is running)
• Go to your Scan > Scan Options and Scheduling page and locate the “Performance Options”
  Set “Maximum execution time for each scan stage” to 20 on the options page
• Click to “Save Changes”
• Go to the Tools > Diagnostics page
• In the “Debugging Options” section check the circle “Enable debugging mode”
• Click to “Save Changes”.
• Start a new scan
• Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log and paste them in the post.

On occasion, this fixes it straight away. That’s because adding 20 for the “Maximum execution time for each scan stage” tells the scan to pause every 20 seconds and start again where it left off. If this fixes the issue and scans run again, you can leave all the settings above except for “Enable Debugging Mode”.

Also, if you could send a diagnostic report to wftest @ wordfence . com? You can find the diagnostic tool at the top of the Wordfence Tools > Diagnostics page. Make sure to add your forum username in the subject line.

Let me know how this works for you or if you have sent a diagnostic report over.

Thanks!

I have sent you the report via mail

• This reply was modified 4 years, 4 months ago by Livingstone.

Hello again @livingstonewere and thanks for sending the activity logs.

We were not able to see anything out of the ordinary on the activity logs. We could get a better understand if you sent over the diagnostic reports though. Sending them directly from the tools page via email is the best way to ensure we get them directly.

To send the diagnostic report directly from the Wordfence plugin:
Click on Tools > Diagnostics > Send Report by Email

Make sure to put in wftest @ wordfence . com and your forum username in the text field. Post once you have sent them via that button and we will take a look at them.

Thanks again!

@livingstonewere

I actually responded to you in the other thread about 8 days ago.

You initially showed this error message shown on the diagnostics page:

<em>HTTP/1.1 403 Forbidden
Date: Sat, 18 Jul 2020 17:15:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: __cfduid=ddd7d327144dd88d4e0113cbd9350d1321595092556; expires=Mon, 17-Aug-20 17:15:56 GMT; path=/; domain=.sydoncleaning.com; HttpOnly; SameSite=Lax
CF-Chl-Bypass: 1
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Frame-Options: SAMEORIGIN
cf-request-id: 040485f1230000bbeee802b200000001
Expect-CT: max-age=604800, report-uri=”https://report-uri.<strong>cloudflare.com</strong>/cdn-cgi/beacon/expect-ct”
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 5b4dd8fb6989bbee-LHR
Content-Encoding: gzip </em>

I bolded the important part. That means that any request from the server to do a job (like scheduled scans or backups or anything) which call back to the WordPress ajax handler to start are probably failing. Have you tried whitelisting the server IP address in Cloudflare? Requests from the server to itself should not be blocked by Cloudflare.

Tim

@wfsupport @wfadam Please note that I sent you 4 reports of 4 websites whose scan is not starting. What advice can you give now?

• This reply was modified 4 years, 3 months ago by Livingstone.

My advice is again “Have you whitelisted your server IP at Cloudflare?” because Cloudflare is blocking requests from the server.

Tim

I was advised to share diagnostic reports via Wordfence tool and I have done so. 4 websites and 2 subdomains

And have you whitelisted your own server in Cloudflare? Because that’s what you need to do first.

Tim

If you look on the wordfence > tools > diagnostics page in the connectivity section you’ll see this:

wp_remote_post() test back to this server failed! Response was: 403 Forbidden
This additional info may help you diagnose the issue.

The additional details there show this the response sent when the server tries to do things like start a scan. I’m bolding several Cloudflare related parts so you can see that it is their block.

<em>HTTP/1.1 403 Forbidden
Date: Thu, 30 Jul 2020 18:31:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: <strong>__cf</strong>duid=d4ccebfd96bd1205e6396e48c94e51f751596133879; expires=Sat, 29-Aug-20 18:31:19 GMT; path=/; domain=.jabulanews.com; HttpOnly; SameSite=Lax; Secure
<strong>CF-Chl-Bypass</strong>: 1
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Frame-Options: SAMEORIGIN
cf-request-id: 04429747b30000e608cb3da200000001
Expect-CT: max-age=604800, report-uri="https://<strong>report-uri.cloudflare.com</strong>/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
<strong>Server: cloudflare</strong>
<strong>CF-RAY: 5bb127ec5c72e608-LHR</strong>
Content-Encoding: gzip

<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
<meta name="captcha-bypass" id="captcha-bypass" />
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="<strong>cf_styles-css</strong>" href="/cdn-cgi/styles/cf.errors.css" type="text/css" media="screen,projection" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" type="text/css" media="screen,projection" /><![endif]-->
<style type="text/css">body{margin:0;padding:0}</style>

<!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/zepto.min.js"></script><!--<![endif]-->
<!--[if gte IE 10]><!--><script type="text/javascript" src="/cdn-cgi/scripts/cf.common.js"></script><!--<![endif]-->

<script type="text/javascript">
//<![CDATA[
(function(){
window._cf_chl_opt={
cvId: "1",
cType: "interactive",
cNounce: "57061",
cRay: "5bb127ec5c72e608",
cHash: "02c18b3a9036acd",
cRq: {
d: "nQdZIdxd+MAHEgcFqQUZ5tnCojeReNaKaXmLCIxl6GROMgp6SIdqnBKFRXIaQ4dMrkCgSdIoGKoTT5DAp99yGcGkINcs8RmpqvW43LrQdZbgrNIHQHghTVc92KGeKT/LF8K34bVWu1UVOgObEtERiu1MZUwxeQMOTvro8ZOMAVLw7IH1n2Nf9ZXzkQZZT89SbR9Sb6v3zVmPe0BRs/7kP2QPwLVqZbTPN4suoix8KdmykPEIo/ozGJRFU/fsco7v3mirJ5oqX5MNDMCFVbu0FEys8E4ESytp8iMUdErMtEbvbuC9vdAaOlEtFUTECG8xUdPuDKMP6NjygZglrrN+VYCrLpn//rPZ2Uu2r8DN4rE=",
t: "MTU5NjEzMzg3OS43NDYwMDA=",
m: "TVa5aSOJRbK51T0x3kW/JMmtjfW/OH9AJkPtP3J/c1I=",
i1: "X7vY7gzYm9gJVSi8Wh6VSg==",
i2: "V3rpD6m+IOVg5PLxEh8ihA==",
}
}
window._cf_chl_enter = function(){window._cf_chl_opt.p=1};
var a = function() {try{return !!window.addEventListener} catch(e) {return !1} },
b = function(b, c) {a() ? document.addEventListener("DOMContentLoaded", b, c) : document.attachEvent("onreadystatechange", b)};
b(function(){
var cookiesEnabled=(navigator.cookieEnabled)? true : false;
var cookieSupportInfix=cookiesEnabled?'/nocookie':'/cookie';
var cpo = document.createElement('script');
cpo.type = 'text/javascript';
cpo.src = "/cdn-cgi/challenge-platform/orchestrate/captcha/v1";
var done = false;
cpo.onload = cpo.onreadystatechange = function() {
if (!done && (!this.readyState || this.readyState === "loaded" || this.readyState === "complete")) {
done = true;
cpo.onload = cpo.onreadystatechange = null;
window._cf_chl_enter()
}
};
document.getElementsByTagName('head')[0].appendChild(cpo);
}, false);
})();
//]]>
</script>

<style type="text/css">
#cf-wrapper #spinner {width:69px; margin: auto;}
#cf-wrapper #cf-please-wait{text-align:center}
.attribution {margin-top: 32px;}
.bubbles { background-color: #f58220; width:20px; height: 20px; margin:2px; border-radius:100%; display:inline-block; }
#<strong>cf-wrapper</strong> #challenge-form { padding-top:25px; padding-bottom:25px; }
#<strong>cf-hcaptcha-container</strong> { text-align:center;}
#<strong>cf-hcaptcha-container</strong> iframe { display: inline-block;}
@keyframes fader { 0% {opacity: 0.2;} 50% {opacity: 1.0;} 100% {opacity: 0.2;} }
#cf-wrapper #cf-bubbles { width:69px; }
@-webkit-keyframes fader { 0% {opacity: 0.2;} 50% {opacity: 1.0;} 100% {opacity: 0.2;} }
#cf-bubbles > .bubbles { animation: fader 1.6s infinite;}
#cf-bubbles > .bubbles:nth-child(2) { animation-delay: .2s;}
#cf-bubbles > .bubbles:nth-child(3) { animation-delay: .4s;}
</style>
</head>
<body>
<div id="cf-wrapper">
<div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
<div id="cf-error-details" class="cf-error-details-wrapper">
<div class="cf-wrapper cf-header cf-error-overview">
<h1 data-translate="challenge_headline">One more step</h1>
<h2 class="cf-subheadline"><span data-translate="complete_sec_check">Please complete the security check to access</span> classifieds.jabulanews.com</h2>
</div><!-- /.header -->

<div class="cf-section cf-highlight cf-captcha-container">
<div class="cf-wrapper">
<div class="cf-columns two">
<div class="cf-column">

<div class="cf-highlight-inverse cf-form-stacked">
<form class="challenge-form" id="challenge-form" action="/wp-admin/admin-ajax.php?action=wordfence_testAjax&__cf_chl_captcha_tk__=55f1bf89b8b73bdaa729e12226b2ba8d6a3dd08f-1596133879-0-AeQjStWOdgYJDIzlT9YQhJ5jWQ9zx49wUSzDCrk4stflgVzFJphNwHltqo8k4eUM73RliAZp5iaQEKLgq9e3FY310Ux0xkJ6NEvPD8NaoN39l3nMo5ddIiiU1tOCTGlwoV3dmN1rH34tGDFXe8wW1aMaqX3-R809HufY8kogUjSOfDuUs_WaqAkb1TKyHhJGJ44HcV5tshQ3rLP04VLjbL4P564NWFiG5zuNMF1bJmu6dyR_hsVG5V19K6Gxgyx5jJ5RClygIcUFVITZmeL3C8OYQITYDkTRv2bp_-fcueoPM3ztzjMxwDyff094d3OJyVejVNHJ5PDPRtSd5-b4He5E83w0FRBOd84vTI1j9Z9XAUK_-HAdwxznfNYlni6EzNnF8eUnVbzDzEqc90s4UDrY1Klg53UllAMMz5Id71BYSBlQ5SyoylR6CJ-_uJiSQF-VsKZbNhymaHH955KpH4BdCnE1fNLHbV_P9KswvKRcwmFpxIwJuarp6EY4z_yE9pLrVWEXdcLtrXJnhA6Jx_wSzlgzDCrPVkjUCPHYfgBSHWzqM7Hb0dd-2Us1d9uhDg" method="POST" enctype="application/x-www-form-urlencoded">

<div id='cf-please-wait'>
<div id='spinner'>
<div id="cf-bubbles">
<div class="bubbles"></div>
<div class="bubbles"></div>
<div class="bubbles"></div>
</div>
</div>
<p data-translate="please_wait" id="cf-spinner-please-wait">Please stand by, while we are checking your browser...</p>
</div>

<input type="hidden" name="r" value="f5f71b0993da4e4049802ee408ad1cdb4e0723a9-1596133879-0-AQXoLGIKgjWaXL+RO+VsZ5VRWlyU8nv0RYHrCaqkus2vFj8mVSM610ywvP7nFJAQubyv8EXAbLATB+ZUeGqCOtRjCzQmm/tpKsiKaIKg0RC05ssuqA3sZYxgyKE0ZSG3RvsO/IgLgseAfrEMfW1vAtk9zj4f23Dvx5YiFTjEHC3ZOkxvkG0O+NAfPLNEIY26Cab8CiZQG7zGErpfVp8iElaYws7lIcJWszi3QX1gLn5u/HJ4fZG/y/VMipyshTpY79GPUNNkIM5grWYyPsVV0BOKGXgXTtstX8EHnvrLLdXbRbY1uqqfrooj5whtYXLdw6Gg7feBref1Uko14YxTIV1PJx+8AH8Y++14pvG793jI3cRMLfh9f3ILoAMBG5Zq9OvLaq1ghbIauP+CGEItDZJRE9zIHN55Gp6HFl9cmz+5fOh0qr3Coi6VcplJXfCyIdch3JM6t7O6SubYR7yvQ3HebY6/DGxC2I9N2+9hmoLLJ/tbQvwcwcQGYKuqhsalG84peqtQIv0L2cg7gDQc+HYBN+WSIFrEwSRIMHuxcx75DBpxOShIDP+RmeL7ku2TO8DmMFPOqzz039K39ZOzLIqLT6I/ieJmVEAqvuHVArYzs5KHd8BiF1sctkT/CeAIMyCNg1+9d3Fu6QRVFNQqcVvw5ZXm9gj8iZfngdxCxbS/BH+XzIP0ppYUuwQqktZYmToQegw6DEXTL7NnDsnsIBFj+MrHSQCkBcSL7IpxM8XCAWXMX4tZYNUKtsIbAvNNXqNd05OZj8ueHcrusfzZCBZbUQ7pgMXkAGF/QeQu049hwkaltp5eL0mbCHuhR2qA2wyyoeCga2baGrQ3PtyFkIZl1sLa/gx3UiarShnpI21KtpoOaozGpNXq/ftQhITVlZWnzEAJKgojtlMujg/TDn9eK6K1pB5Z7IiMWrrnO94kTQGP6ynCKQ+gFjvIsUN6alIghS9DNggEmmrxIcPtK3m+aHp8Dvg8wHrvpbLkf2qnK58zgmszt0Vx/2HUmgr6zA7fFdmb0JhTchRFeuxgHkPAvIBncI9ap+DPbj+4ska6Y316fE7rLEqAdYO3LOXPdcSH8XsXcspfZxjwx+AdqLWVm56bQkaK5537jg9NYaypby5m5Rfz50KivjHJJFy8ELSAT0l0G+FEgCnX/1PsZhrzf3HlSBEnRAw2G+C/QFk+o05jfWNno9m/Bs8vStekMngLJ5nX7BFrANx4NqSPeOvEU2gxE5JR52xUs57TqncCfZGbxuH+49Zq5zKc8k4XxfxxTFYK30Knkm9NN1OvRc2D6+sIGhxe1PBQg4+dy+RJxFuLij2akoMDl9/MVV+EjdWGVP8MkRVE0E72JNyM4gTGEeVh8rS6pmy3oeHLA/umS/agW4Yy1qZvec3MdKze6qJvzwB3lJGnouqVGS76l98yN/ak72w6xmSGfaWj0SDJZr/Vy4dwxcJrGZOAR2uNJKW/wXrWJui8Ho4wEXgiccdqYUzKBZE43k+z+oQxyqlC">
<input type="hidden" name="cf_captcha_kind" value="h">
<input type="hidden" name="vc" value="b47f8721bcff2df1f8005d9775e52381">

<noscript id="cf-captcha-bookmark" class="cf-captcha-info">
<h1 data-translate="turn_on_js" style="color:#bd2426;">Please turn JavaScript on and reload the page.</h1>
</noscript>
<div id="no-cookie-warning" data-translate="turn_on_cookies" style="display:none">
<h1 data-translate="turn_on_cookies" style="color:#bd2426;">Please enable Cookies.</h1>
</div>
<script type="text/javascript">
//<![CDATA[
var a = function() {try{return !!window.addEventListener} catch(e) {return !1} },
b = function(b, c) {a() ? document.addEventListener("DOMContentLoaded", b, c) : document.attachEvent("onreadystatechange", b)};
b(function(){
var cookiesEnabled=(navigator.cookieEnabled)? true : false;
if(!cookiesEnabled){
var q = document.getElementById('no-cookie-warning');q.style.display = 'block';
}
});
//]]>
</script>
<div id="trk_captcha_js" style="background-image:url('/cdn-cgi/images/trace/captcha/nojs/h/transparent.gif?ray=5bb127ec5c72e608')"></div>
</form>

</div>
</div>

<div class="cf-column">
<div class="cf-screenshot-container">

<span class="cf-no-screenshot"></span>

</div>
</div>
</div><!-- /.columns -->
</div>
</div><!-- /.captcha-container -->

<div class="cf-section cf-wrapper">
<div class="cf-columns two">
<div class="cf-column">
<h2 data-translate="why_captcha_headline">Why do I have to complete a CAPTCHA?</h2>
<a href="https://sprengung.org/blocky.php?task=1"><!-- table --></a>
<p data-translate="why_captcha_detail">Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.</p>
</div>

<div class="cf-column">
<h2 data-translate="resolve_captcha_headline">What can I do to prevent this in the future?</h2>

<p data-translate="resolve_captcha_antivirus">If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.</p>

<p data-translate="resolve_captcha_network">If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.</p>

</div>
</div>
</div><!-- /.section -->

<div class="cf-error-footer cf-wrapper">
<p>
<span class="cf-footer-item">Cloudflare Ray ID: <strong>5bb127ec5c72e608</strong></span>
<span class="cf-footer-separator">?</span>
<span class="cf-footer-item"><span>Your IP</span>: 37.61.232.138</span>
<span class="cf-footer-separator">?</span>
<span class="cf-footer-item"><span>Performance & security by</span> <a>www.cloudflare.com</strong>/5xx-error-landing?utm_source=error_footer" id="brand_link" target="_blank">Cloudflare</a></span>

</p>
</div><!-- /.error-footer -->

</div><!-- /#cf-error-details -->
</div><!-- /#cf-wrapper -->

<script type="text/javascript">
window._cf_translation = {};

</script>

</body>
</html></em>

Tim

@wfsupport @wfadam Solved. Thank you team Wordfence. Close this