Wordfence scan failing every time

  • Resolved markholland8

    (@markholland8)


    2 weeks, 4 days ago

    I am trying to get rid of a virus on. my site, It is a redirect hack, I was advised to download and scan with wordfence however I have been trying for days to scan and and it just fails.

    Here is the latest log:

    [Nov 04 20:00:46:1730750446.666104:10:info]?SUM_ENDOK:Checking Web Application Firewall status

    [Nov 04 20:00:46:1730750446.586599:10:info]?SUM_START:Checking Web Application Firewall status

    [Nov 04 20:00:46:1730750446.460394:10:info]?SUM_ENDOK:Scanning to check available disk space

    [Nov 04 20:00:46:1730750446.454741:2:info]?The disk has 758454.73 MB available

    [Nov 04 20:00:46:1730750446.446448:2:info]?Total disk space: 1.48 TB -- Free disk space: 740.68 GB

    [Nov 04 20:00:44:1730750444.250118:10:info]?SUM_START:Scanning to check available disk space

    [Nov 04 20:00:44:1730750444.205932:10:info]?SUM_ENDSKIPPED:Checking for the most secure way to get IPs

    [Nov 04 20:00:44:1730750444.181475:10:info]?SUM_START:Checking for the most secure way to get IPs

    [Nov 04 20:00:42:1730750442.074698:10:info]?SUM_PAIDONLY:Checking if your site is on a domain blocklist is for paid members only

    [Nov 04 20:00:40:1730750440.067571:10:info]?SUM_PAIDONLY:Checking if your IP is generating spam is for paid members only

    [Nov 04 20:00:38:1730750438.045996:10:info]?SUM_PAIDONLY:Check if your site is being Spamvertized is for paid members only

    [Nov 04 20:00:38:1730750438.033289:4:info]?getMaxExecutionTime() returning half ini value: 15

    [Nov 04 20:00:37:1730750437.984834:4:info]?Got max_execution_time value from ini: 30

    [Nov 04 20:00:37:1730750437.885537:4:info]?Got value from wf config maxExecutionTime: 0

    [Nov 04 20:00:37:1730750437.049125:4:info]?Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=942ae60c17babb0e1486763c86940b42d241256894c2885b2f4fbefa201ac20116ae189a91571132ddab2a040106e9e5a9b32820d96dc419295853498d41cb2b&s=eyJ3cCI6IjYuNi4yIiwid2YiOiI4LjAuMCIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC9oZWxwaXZlYnJva2VuaXQuY28udWsiLCJzc2x2IjoyNjk0ODg1MTEsInB2IjoiNy40LjMzIiwicHQiOiJsaXRlc3BlZWQiLCJjdiI6IjguOS4xIiwiY3MiOiJPcGVuU1NMXC8xLjEuMXciLCJzdiI6IkxpdGVTcGVlZCIsImR2IjoiMTAuMy4zOS1NYXJpYURCLWNsbC1sdmUiLCJsYW5nIjoiZW5fR0IifQ&action=log_scan

    [Nov 04 20:00:37:1730750437.040394:1:info]?Contacting Wordfence to initiate scan

    [Nov 04 20:00:37:1730750437.014271:10:info]?SUM_PREP:Preparing a new scan.

    [Nov 04 20:00:36:1730750436.880203:4:info]?Setting up scanRunning and starting scan

    [Nov 04 20:00:36:1730750436.866780:4:info]?Setting up error handling environment

    [Nov 04 20:00:36:1730750436.855978:4:info]?Requesting max memory

    [Nov 04 20:00:36:1730750436.829759:4:info]?Checking if scan is already running

    [Nov 04 20:00:36:1730750436.812341:4:info]?Checking saved cronkey against cronkey param

    [Nov 04 20:00:36:1730750436.806864:4:info]?Checking cronkey: 432d4ea6c618a579ed9e5af0b78b56f6 (expecting 432d4ea6c618a579ed9e5af0b78b56f6)

    [Nov 04 20:00:36:1730750436.802251:4:info]?Fetching stored cronkey for comparison.

    [Nov 04 20:00:36:1730750436.793161:4:info]?Verifying start request signature.

    [Nov 04 20:00:36:1730750436.768587:4:info]?Scan engine received request.

    [Nov 04 20:00:36:1730750436.699696:4:info]?Scan process ended after forking.

    [Nov 04 20:00:35:1730750435.400853:4:info]?Starting cron with normal ajax at URL https://helpivebrokenit.co.uk/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=custom&cronKey=432d4ea6c618a579ed9e5af0b78b56f6&signature=57801de3e3e1b5bd21ae9bcc50f1c6a827182396ec65fc3c6d93313227b2c843

    [Nov 04 20:00:35:1730750435.373941:4:info]?Test result of scan start URL fetch: array ( 'headers' => WpOrg\Requests\Utility\CaseInsensitiveDictionary::__set_state(array( 'data' => array ( 'content-type' => 'text/html; charset=UTF-8', 'x-robots-tag' => 'noindex', 'x-content-type-options' => 'nosniff', 'expires' => 'Wed, 11 Jan 1984 05:00:00 GMT', 'cache-control' => 'no-cache, must-revalidate, max-age=0', 'referrer-policy' => 'strict-origin-when-cross-origin', 'x-frame-options' => 'SAMEORIGIN', 'content-length' => '32', 'content-encoding' => 'gzip', 'vary' => 'Accept-Encoding,User-Agent', 'date' => 'Mon, 04 Nov 2024 20:00:35 GMT', 'server' => 'LiteSpeed', 'alt-svc' => 'h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"', ), )), 'body' => 'WFSCANTESTOK', 'response' => array ( 'code' => 200, 'message' =>

    [Nov 04 20:00:28:1730750428.008180:4:info]?getMaxExecutionTime() returning half ini value: 15

    [Nov 04 20:00:28:1730750428.002465:4:info]?Got max_execution_time value from ini: 30

    [Nov 04 20:00:27:1730750427.997291:4:info]?Got value from wf config maxExecutionTime: 0

    [Nov 04 20:00:27:1730750427.773409:4:info]?Entering start scan routine

    [Nov 04 20:00:27:1730750427.753303:4:info]?Ajax request received to start scan.

    [Nov 04 20:00:23:1730750423.070442:10:info]?SUM_KILLED:A request was received to stop the previous scan.

    [Nov 04 20:00:22:1730750422.975996:1:info]?Scan stop request received.
Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @markholland8,

    As the wf config maxExecutionTime is showing as 0, which is effectively unlimited (although your ini values look fine), it could be worth setting Wordfence > Scan > Manage Scan?> Performance Options > Maximum execution time for each scan stage to a number between 10 and 20.

    I do suspect though that if the site is suffering from malware and other knock-on effects that it could be affecting communication in/out of your site and to our servers. Troubleshooting the scan might be hampered by outside factors at this point.

    Our detailed site cleaning instructions might help you out:?https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    Make sure that all your plugins and themes are updated, and WordPress core too if it’s not already. As a rule any time somebody thinks their site has been compromized, I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database in order to cover the key access points. Make sure to do this as Wordfence is an endpoint firewall so runs when PHP runs, so passwords outside of the site itself could be a factor.

    Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful. Wordfence and other providers offer paid services to clean your site for you if you’re still having trouble.

    Let us know how you’re getting on,
    Peter.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.