Unable to scan – Scan can’t continue – stored data not found after a fork.

  • Resolved darnpunk

    (@darnpunk)


    3 years, 9 months ago

    Hi,

    I have been encountering this issue for a while now. The scan doesn’t complete. I have enabled debugging and included the log below.

    I have another site with exact same settings but it works fine. Site is running on nginx.

    Also, the working site had Wordfence installed from fresh. For this site having issue, it is actually a clone of another site. But even when I tried to reinstall Wordfence from scratch, it has the same issue too.

    There is a line that mentions open_basedir restriction in effect.

    tempnam(): open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/home/mydomain/public_html/:/home/mydomain/tmp/) (2) File: /home/mydomain/public_html/wp-content/plugins/wordfence/lib/wfConfig.php Line: 620

    We have also double checked that the owner and group of the process has permissions to the tmp folder.

    More logs:

    [Jun 08 11:16:43] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=WORDFENCE_KEY_REMOVED&s=POSSIBLE_SENSITIVE_DATA_REMOVED&betaFeed=0&action=timestamp
[Jun 08 11:16:58] Ajax request received to start scan.
[Jun 08 11:16:58] Entering start scan routine
[Jun 08 11:16:58] Got value from wf config maxExecutionTime: 0
[Jun 08 11:16:58] Got max_execution_time value from ini: 30
[Jun 08 11:16:58] getMaxExecutionTime() returning half ini value: 15
[Jun 08 11:16:58] Test result of scan start URL fetch: array ( 'headers' => Requests_Utility_CaseInsensitiveDictionary::__set_state(array( 'data' => array ( 'server' => 'nginx', 'date' => 'Tue, 08 Jun 2021 03:16:58 GMT', 'content-type' => 'text/html; charset=UTF-8', 'x-robots-tag' => 'noindex', 'x-content-type-options' => array ( 0 => 'nosniff', 1 => 'nosniff', ), 'expires' => 'Wed, 11 Jan 1984 05:00:00 GMT', 'cache-control' => 'no-cache, must-revalidate, max-age=0', 'referrer-policy' => 'strict-origin-when-cross-origin', 'vary' => 'Origin,Accept-Encoding,User-Agent', 'x-xss-protection' => '1; mode=block', ), )), 'body' => 'WFSCANTESTOK', 'response' => array ( 'code' => 200, 'message' => 'OK', ), 'cookies' => array ( ), 'filename' => NULL, 'http_response' => WP_HTTP_Requests_Response::__set_state(array( 'response' => Requests_Response::__set_state(array(
[Jun 08 11:16:58] Starting cron with normal ajax at URL https://mydomain.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=custom&cronKey=113ae6045ada0eae961f6139eddef0c3&signature=497ec976c7daacd51cadc845bc9434d9092cc37b8944f0f40dec66a20a9aeeed
[Jun 08 11:16:59] Scan engine received request.
[Jun 08 11:16:59] Verifying start request signature.
[Jun 08 11:16:59] Fetching stored cronkey for comparison.
[Jun 08 11:16:59] Checking cronkey: 113ae6045ada0eae961f6139eddef0c3 (expecting 113ae6045ada0eae961f6139eddef0c3)
[Jun 08 11:16:59] Checking saved cronkey against cronkey param
[Jun 08 11:16:59] Checking if scan is already running
[Jun 08 11:16:59] Requesting max memory
[Jun 08 11:16:59] Setting up error handling environment
[Jun 08 11:16:59] Setting up scanRunning and starting scan
[Jun 08 11:16:59] Contacting Wordfence to initiate scan
[Jun 08 11:16:59] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=WORDFENCE_KEY_REMOVED&s=POSSIBLE_SENSITIVE_DATA_REMOVED&betaFeed=0&action=log_scan
[Jun 08 11:17:00] Scan process ended after forking.
[Jun 08 11:17:00] Got value from wf config maxExecutionTime: 0
[Jun 08 11:17:00] Got max_execution_time value from ini: 30
[Jun 08 11:17:00] getMaxExecutionTime() returning half ini value: 15
[Jun 08 11:17:07] Total disk space: 691.23 GB -- Free disk space: 634.37 GB
[Jun 08 11:17:07] The disk has 649591.23 MB available
[Jun 08 11:17:09] Including files that are outside the WordPress installation in the scan.
[Jun 08 11:17:09] Getting plugin list from WordPress
[Jun 08 11:17:09] Found 22 plugins
[Jun 08 11:17:09] Getting theme list from WordPress
[Jun 08 11:17:09] Found 3 themes
[Jun 08 11:17:09] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=WORDFENCE_KEY_REMOVED&s=POSSIBLE_SENSITIVE_DATA_REMOVED&betaFeed=0&action=get_known_files
[Jun 08 11:17:16] Using cached malware prefixes
[Jun 08 11:17:16] Using cached core hashes
[Jun 08 11:17:18] Forking during hash scan to ensure continuity.
[Jun 08 11:17:18] Entered fork()
[Jun 08 11:17:18] Calling startScan(true)
[Jun 08 11:17:18] Got value from wf config maxExecutionTime: 0
[Jun 08 11:17:18] Got max_execution_time value from ini: 30
[Jun 08 11:17:18] getMaxExecutionTime() returning half ini value: 15
[Jun 08 11:17:18] Test result of scan start URL fetch: array ( 'headers' => Requests_Utility_CaseInsensitiveDictionary::__set_state(array( 'data' => array ( 'server' => 'nginx', 'date' => 'Tue, 08 Jun 2021 03:17:18 GMT', 'content-type' => 'text/html; charset=UTF-8', 'x-robots-tag' => 'noindex', 'x-content-type-options' => array ( 0 => 'nosniff', 1 => 'nosniff', ), 'expires' => 'Wed, 11 Jan 1984 05:00:00 GMT', 'cache-control' => 'no-cache, must-revalidate, max-age=0', 'referrer-policy' => 'strict-origin-when-cross-origin', 'vary' => 'Origin,Accept-Encoding,User-Agent', 'x-xss-protection' => '1; mode=block', ), )), 'body' => 'WFSCANTESTOK', 'response' => array ( 'code' => 200, 'message' => 'OK', ), 'cookies' => array ( ), 'filename' => NULL, 'http_response' => WP_HTTP_Requests_Response::__set_state(array( 'response' => Requests_Response::__set_state(array(
[Jun 08 11:17:18] Starting cron with normal ajax at URL https://mydomain.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&scanMode=custom&cronKey=8a0231ee3dc40621acd125eb0b35e4fa&signature=1cbda508425027399a80cbfcec3ad743c725236715a6ced33a1cc95827ffc49e
[Jun 08 11:17:18] Scan engine received request.
[Jun 08 11:17:18] Verifying start request signature.
[Jun 08 11:17:18] Fetching stored cronkey for comparison.
[Jun 08 11:17:18] Checking cronkey: 8a0231ee3dc40621acd125eb0b35e4fa (expecting 8a0231ee3dc40621acd125eb0b35e4fa)
[Jun 08 11:17:18] Checking saved cronkey against cronkey param
[Jun 08 11:17:18] Requesting max memory
[Jun 08 11:17:19] Setting up error handling environment
[Jun 08 11:17:19] Setting up scanRunning and starting scan
[Jun 08 11:17:19] tempnam(): open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/home/mydomain/public_html/:/home/mydomain/tmp/) (2) File: /home/mydomain/public_html/wp-content/plugins/wordfence/lib/wfConfig.php Line: 620
[Jun 08 11:17:19] fopen(): Filename cannot be empty (2) File: /home/mydomain/public_html/wp-content/plugins/wordfence/lib/wfConfig.php Line: 621
[Jun 08 11:17:19] fwrite() expects parameter 1 to be resource, bool given (2) File: /home/mydomain/public_html/wp-content/plugins/wordfence/lib/wfConfig.php Line: 630
[Jun 08 11:17:19] fwrite() expects parameter 1 to be resource, bool given (2) File: /home/mydomain/public_html/wp-content/plugins/wordfence/lib/wfConfig.php Line: 630
[Jun 08 11:17:19] fseek() expects parameter 1 to be resource, bool given (2) File: /home/mydomain/public_html/wp-content/plugins/wordfence/lib/wfConfig.php Line: 635
[Jun 08 11:17:19] fread() expects parameter 1 to be resource, bool given (2) File: /home/mydomain/public_html/wp-content/plugins/wordfence/lib/wfConfig.php Line: 636
[Jun 08 11:17:19] fclose() expects parameter 1 to be resource, bool given (2) File: /home/mydomain/public_html/wp-content/plugins/wordfence/lib/wfConfig.php Line: 637
[Jun 08 11:17:19] unlink(): open_basedir restriction in effect. File() is not within the allowed path(s): (/home/mydomain/public_html/:/home/mydomain/tmp/) (2) File: /home/mydomain/public_html/wp-content/plugins/wordfence/lib/wfConfig.php Line: 638
[Jun 08 11:17:19] Scan can't continue - stored data not found after a fork. Got type: boolean
[Jun 08 11:17:20] Scan process ended after forking.
[Jun 08 11:17:20] Scan terminated with error: Scan can't continue - stored data not found after a fork.
[Jun 08 11:17:20]  Warning: tempnam(): open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/home/mydomain/public_html/:/home/mydomain/tmp/) in /home/mydomain/public_html/wp-content/plugins/wordfence/lib/wfConfig.php on line
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @darnpunk, thanks for getting in touch!

    Often, a problem with open_basedir would be that you have set a path like /home/mydomain/public_html/:/home/mydomain/tmp/, but with the way the web server is running, Wordfence picks up /home/mydomain/public_html/. If one of those directories is a symlink to the other, they may actually point to the same file/location, but open_basedir checks the path as it’s written, without resolving symlinks.

    The temp directory could be set to somewhere else that users are allowed to write to, or /tmp could be added to the list of directories in open_basedir. If this is configured by a hosting provider rather than yourself, you could reach out to their support channels to see if they can rectify the issue.

    Peter.

    Thread Starter darnpunk

    (@darnpunk)

    Hi @wfpeter,

    Thanks for sharing. It seems setting sys_temp_dir = /home/mydomain/tmp in php.ini resolves the issue.

    Would there be any issues setting the same path for both sys_temp_dir and upload_tmp_dir?

    Plugin Support wfpeter

    (@wfpeter)

    Hi @darnpunk,

    I don’t believe there is a fundamental issue in pointing these to the same place, especially if it fixes your issue. To my understanding, both of these php.ini directives are configurable should you wish to pick separate destinations in your filesystem.

    Thanks again,

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Unable to scan – Scan can’t continue – stored data not found after a fork.’ is closed to new replies.