Unable to Start Scan – Scan stop request received.

  • Resolved TheBusinessCat

    (@thebusinesscat)


    4 months, 3 weeks ago

    Hi there,

    I am unable to start a scan and get the following error:

    Scan Stage Failed
    A scan stage has failed to start. This is often because the site either cannot make outbound requests or is blocked from connecting to itself. Wordfence will make up to 2 attempts to resume each failed scan stage. This scan may recover if one of these attempts is successful. Click here for steps you can try.

    I have tried to follow the steps mentioned in the link but that did not fix my issue.

    Here is the what the log says:

    Nov 05 16:46:40] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=e1b8dab8d1f78ddf422424c85a6a9bb7f0c68f4459b647e514d9153a6b4f1318ce810fdb645f01b06ddda91a7c685d208d59b51f4683e007e4e6c7fd7f65e630&s=eyJ3cCI6IjYuNi4yIiwid2YiOiI4LjAuMCIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC9zZWN0ZWNzYS5jby56YSIsInNzbHYiOjI2OTQ4ODUxMSwicHYiOiI4LjIuMjQiLCJwdCI6ImZwbS1mY2dpIiwiY3YiOiI3Ljc0LjAiLCJjcyI6Ik9wZW5TU0xcLzEuMS4xdyIsInN2IjoiQXBhY2hlIiwiZHYiOm51bGwsImxhbmciOiJlbl9aQSJ9&action=timestamp
    [Nov 05 16:46:59] Scan stop request received.
    [Nov 05 16:47:03] Ajax request received to start scan.
    [Nov 05 16:47:03] Entering start scan routine
    [Nov 05 16:47:03] Got value from wf config maxExecutionTime: 0
    [Nov 05 16:47:03] Got max_execution_time value from ini: 120
    [Nov 05 16:47:03] ini value of 120 is higher than value for WORDFENCE_SCAN_MAX_INI_EXECUTION_TIME (90), reducing
    [Nov 05 16:47:03] getMaxExecutionTime() returning half ini value: 45
    [Nov 05 16:47:03] Test result of scan start URL fetch: array ( 'headers' => \WpOrg\Requests\Utility\CaseInsensitiveDictionary::__set_state(array( 'data' => array ( 'date' => 'Tue, 05 Nov 2024 14:47:03 GMT', 'content-type' => 'text/html', 'last-modified' => 'Thu, 05 Dec 2019 08:59:02 GMT', 'etag' => 'W/"258e582f971749b8aaa31b02c22cda3c"', 'server' => 'AmazonS3', 'x-cache' => 'Error from cloudfront', 'via' => '1.1 0f44ec62b3d90b580e58e15644be3c2c.cloudfront.net (CloudFront)', 'x-amz-cf-pop' => 'CPT52-C1', 'x-amz-cf-id' => 'Ah8hsxy9FZV_Zgrv58MrHxA2bSmX8j1Csj7rbKV0wEKCkX5nEEpw4A==', 'age' => '8426', 'set-cookie' => 'captcha=true;Domain=sectecsa.co.za;Path=/', 'content-encoding' => 'gzip', ), )), 'body' => ' Checking Your Browser

    I also see the following under Diagnostics > Connecting back to this site:

    wp_remote_post() test back to this server failed! Response was:
    200 OK

    This additional info may help you diagnose the issue. The response headers we received were:

    HTTP/1.1 200 OK

    Date: Tue, 05 Nov 2024 15:04:37 GMT

    Content-Type: text/html

    Transfer-Encoding: chunked

    Connection: close

    Last-Modified: Thu, 05 Dec 2019 08:59:02 GMT

    ETag: W/"258e582f971749b8aaa31b02c22cda3c"

    Server: AmazonS3

    X-Cache: Error from cloudfront

    Via: 1.1 69f169f3294c5ce608536b2293ca46ba.cloudfront.net (CloudFront)

    X-Amz-Cf-Pop: CPT52-C1

    X-Amz-Cf-Id: QfqsVxlgMfjCXVPDxRRMm8RoV47YVNZIsq42y--jt7rMvXzZdPqSng==

    Age: 9480

    Set-Cookie: captcha=true;Domain=sectecsa.co.za;Path=/

    Content-Encoding: gzip

    Please could you assist.

    Thank you.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfmargaret

    (@wfmargaret)

    Hi @thebusinesscat,

    Thanks for reaching out. The site shows a 403 error for me currently. If on your configuration there’s an external load-balancer or firewall that is stopping the connection test between your site and our servers, you may need to add your site’s IP address (found in?Wordfence > Tools > Diagnostics > IP(s) used by this server) to its allowlist along with ours, which can be found here:?https://www.wordfence.com/help/advanced/#servers-and-ip-range

    If this doesn’t help, please do the following for me:

    • Stop any running scan by pressing the STOP SCAN button.
    • Click on Scan Options and Scheduling.
    • In Performance Options, set Maximum execution time for each scan stage to 20.
    • In Advanced Scan Options, enable the option Use only IPv4 to start scans.
    • Hit the SAVE CHANGES button.
    • Go to Wordfence > Tools > Diagnostics and expand the Debugging Options section.
    • Enable the option Enable debugging mode.
    • Disable the option Start all scans remotely if it is enabled.
    • Hit the SAVE CHANGES button.
    • Start a new scan.
    • Copy the last 20 lines or so of the activity log (click the “Show Log” link) once the scan finishes and paste them in this post.

    Remember to disable Enable debugging mode after you have finished.

    Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

    Thanks,
    Margaret

    Thread Starter TheBusinessCat

    (@thebusinesscat)

    Hi @wfmargaret,

    Thanks for your message and assistance.

    I see the client uses CloudBric, and added the IP addresses to the Allowed List, but still had the same issue.

    Below, please find the last 20 lines of the activity log:

    [Nov 11 18:22:40] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=e1b8dab8d1f78ddf422424c85a6a9bb7f0c68f4459b647e514d9153a6b4f1318ce810fdb645f01b06ddda91a7c685d208d59b51f4683e007e4e6c7fd7f65e630&s=eyJ3cCI6IjYuNi4yIiwid2YiOiI4LjAuMCIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC9zZWN0ZWNzYS5jby56YSIsInNzbHYiOjI2OTQ4ODUxMSwicHYiOiI4LjIuMjQiLCJwdCI6ImZwbS1mY2dpIiwiY3YiOiI3Ljc0LjAiLCJjcyI6Ik9wZW5TU0xcLzEuMS4xdyIsInN2IjoiQXBhY2hlIiwiZHYiOm51bGwsImxhbmciOiJlbl9aQSJ9&action=plugin_vulnerability_check
    [Nov 11 18:49:11] Calling Wordfence API v2.26:https://noc1.wordfence.com/stats.json
    [Nov 11 18:49:22] Scan stop request received.
    [Nov 11 18:49:38] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=e1b8dab8d1f78ddf422424c85a6a9bb7f0c68f4459b647e514d9153a6b4f1318ce810fdb645f01b06ddda91a7c685d208d59b51f4683e007e4e6c7fd7f65e630&s=eyJ3cCI6IjYuNi4yIiwid2YiOiI4LjAuMCIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC9zZWN0ZWNzYS5jby56YSIsInNzbHYiOjI2OTQ4ODUxMSwicHYiOiI4LjIuMjQiLCJwdCI6ImZwbS1mY2dpIiwiY3YiOiI3Ljc0LjAiLCJjcyI6Ik9wZW5TU0xcLzEuMS4xdyIsInN2IjoiQXBhY2hlIiwiZHYiOm51bGwsImxhbmciOiJlbl9aQSJ9&action=timestamp
    [Nov 11 18:59:30] Scan stop request received.
    [Nov 11 18:59:56] Scan stop request received.
    [Nov 11 19:01:48] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=e1b8dab8d1f78ddf422424c85a6a9bb7f0c68f4459b647e514d9153a6b4f1318ce810fdb645f01b06ddda91a7c685d208d59b51f4683e007e4e6c7fd7f65e630&s=eyJ3cCI6IjYuNi4yIiwid2YiOiI4LjAuMCIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC9zZWN0ZWNzYS5jby56YSIsInNzbHYiOjI2OTQ4ODUxMSwicHYiOiI4LjIuMjQiLCJwdCI6ImZwbS1mY2dpIiwiY3YiOiI3Ljc0LjAiLCJjcyI6Ik9wZW5TU0xcLzEuMS4xdyIsInN2IjoiQXBhY2hlIiwiZHYiOm51bGwsImxhbmciOiJlbl9aQSJ9&action=timestamp
    [Nov 11 19:02:20] Ajax request received to start scan.
    [Nov 11 19:02:20] Entering start scan routine
    [Nov 11 19:02:20] Got value from wf config maxExecutionTime: 20
    [Nov 11 19:02:20] getMaxExecutionTime() returning config value: 20
    [Nov 11 19:02:20] Test result of scan start URL fetch: array ( 'headers' => \WpOrg\Requests\Utility\CaseInsensitiveDictionary::__set_state(array( 'data' => array ( 'date' => 'Mon, 11 Nov 2024 17:02:20 GMT', 'content-type' => 'text/html', 'last-modified' => 'Thu, 05 Dec 2019 08:59:02 GMT', 'etag' => 'W/"258e582f971749b8aaa31b02c22cda3c"', 'server' => 'AmazonS3', 'x-cache' => 'Error from cloudfront', 'via' => '1.1 0f44ec62b3d90b580e58e15644be3c2c.cloudfront.net (CloudFront)', 'x-amz-cf-pop' => 'CPT52-C1', 'x-amz-cf-id' => '0iRI89jOg-scxOt_H4qUaL8FMh9Q7XW_S6Ka1FMoO2n_x4sDmrmixQ==', 'age' => '18703', 'set-cookie' => 'captcha=true;Domain=sectecsa.co.za;Path=/', 'content-encoding' => 'gzip', ), )), 'body' => ' Checking Your Browser <link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css
    [Nov 11 19:02:20] Starting cron via proxy at URL https://noc1.wordfence.com/scanp/sectecsa.co.za/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=standard&cronKey=7afcd5045157290c29f7d8e626802a36&k=e1b8dab8d1f78ddf422424c85a6a9bb7f0c68f4459b647e514d9153a6b4f1318ce810fdb645f01b06ddda91a7c685d208d59b51f4683e007e4e6c7fd7f65e630&ssl=1&signature=fd30f89da6fd07c070137cb144d82605824cc6e966239a808af5d533596fe60f
    [Nov 11 19:02:21] Scan process ended after forking.

    I’ve sent the report via email as well.

    Thank you.

    Plugin Support wfmargaret

    (@wfmargaret)

    Hi @thebusinesscat,

    Thanks for sending the diagnostics! When you allowlisted our IPs, did you also allowlist your site’s IP address as well? The site needs to be able to connect back to itself, however, it’s currently being presented with a browser verification from Cloudbric. The Cloudbric browser verification is preventing the connection from being made normally. You can see this in Wordfence > Tools > Diagnostics > Connectivity > Connecting back to this site.

    Once you’ve allowlisted the site IP and the site can connect normally, please run a new scan. Let me know how it goes!

    Thanks,
    Margaret

    Thread Starter TheBusinessCat

    (@thebusinesscat)

    Hi @wfmargaret,

    Thanks for your message.

    I did add my website IP address to the whitelist, but am still having the same issue.

    Plugin Support wfmargaret

    (@wfmargaret)

    Hi @thebusinesscat,

    Thanks for following up. Do you still see the same message under Wordfence > Tools > Diagnostics > Connectivity > Connecting back to this site? If so, please reach out to Cloudbric to ensure the site’s IP is allowlisted and that it can connect back to itself without needing to pass their browser verification.

    Thanks,
    Margaret

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.