globetrots

Forum Replies Created

Viewing 12 replies - 1 through 12 (of 12 total)
  • Thread Starter globetrots

    (@globetrots)

    No, neither of those excuses seems to be correct in this case. I’m not asking it to be my analytics program. I’m just wondering why it’s continually giving false positives on two particular posts and not any others. It’s a factor of 10 going back for two months now, so it’s not an isolated incident. Because of this, the ranking from your plug-in does not seem to be a reflection of the most popular posts, which is the whole point of having one of these on the site. If this is all you can come up with, let me know and I’ll switch to one I have on another site that is showing an almost exact match of what’s coming out of GA. They don’t seem to be having a problem with tracking script interference.

    Thread Starter globetrots

    (@globetrots)

    This is from my hosting company:

    I can confirm that the Wordfence servers are NOT blocked by our network.

    Just as a test, I installed a fresh copy of WordPress on your account in a temporary location and installed Wordfence (see attached screenshot) to rule out that their servers are blocked and that Cloudflare is causing issues. The scan was completed without issue.

    I left the test installation in the event you want to share it with Wordfence support.

    https://cheapestdestinationsblog.com/phtest377331/wp-admin/
    Username: admin
    Password: Qi8Yi78KaTFb`

    Thread Starter globetrots

    (@globetrots)

    No, zero progress still. I whitelisted the host’s generic IP address and added to the firewall rules at Cloudflare. We turned off WP Fastest Cache since its caching was what was getting the address flagged by Wordfence for some reason. None of those things helped: the scan still stopped immediately. I turned the cache plug-in back on and it didn’t make a difference either way. Any other ideas why Wordfence is blocking itself from scanning?

    Thread Starter globetrots

    (@globetrots)

    Also, I don’t know if this is connected, but Wordfence is sending thousands of blocked warnings that are flagging my host’s IP and my host says it’s coming from WP Fastest Cache. They advised me to turn off that plug-in (potentially slowing down my site quite a bit) to test. So does that mean what’s being flagged as bot traffic is coming from my own site/host and perhaps that’s why your scan won’t run? Why would it flag cache activity as bot traffic?

    Examples from the log, all blocked by Wordfence as suspicous: 

    172.70.82.13 - - [29/Jun/2021:10:34:32 -0700] "GET /tag/colorado-springs-luxury/ HTTP/1.1" 503 7111 "https://www.hotel-scoop.com/tag/colorado-springs-luxury/" "WP Fastest Cache Preload iPhone Mobile Bot"
172.70.82.95 - - [29/Jun/2021:10:39:13 -0700] "GET /tag/the-broadmoor/ HTTP/1.1" 503 7111 "https://www.hotel-scoop.com/tag/the-broadmoor/" "WP Fastest Cache Preload iPhone Mobile Bot"
172.70.54.89 - - [29/Jun/2021:10:39:13 -0700] "GET /tag/colorado-resorts/ HTTP/1.1" 503 7111 "https://www.hotel-scoop.com/tag/colorado-resorts/" "WP Fastest Cache Preload iPhone Mobile Bot"
172.70.82.95 - - [29/Jun/2021:10:44:18 -0700] "GET /tag/colorado-lodging/ HTTP/1.1" 503 7111 "https://www.hotel-scoop.com/tag/colorado-lodging/" "WP Fastest Cache Preload iPhone Mobile Bot"
172.70.82.141 - - [29/Jun/2021:10:44:18 -0700] "GET /tag/colorado-springs-luxury-resort/ HTTP/1.1" 503 7111 "https://www.hotel-scoop.com/tag/colorado-springs-luxury-resort/" "WP Fastest Cache Preload iPhone Mobile Bot"
172.70.82.13 - - [29/Jun/2021:10:49:23 -0700] "GET /tag/victoria/ HTTP/1.1" 503 7111 "https://www.hotel-scoop.com/tag/victoria/" "WP Fastest Cache Preload iPhone Mobile Bot"
172.70.54.89 - - [29/Jun/2021:10:49:24 -0700] "GET /tag/vancouver-island/ HTTP/1.1" 503 7111 "https://www.hotel-scoop.com/tag/vancouver-island/" "WP Fastest Cache Preload iPhone Mobile Bot"
172.70.82.95 - - [29/Jun/2021:10:54:16 -0700] "GET /tag/san-antonio/ HTTP/1.1" 503 7111 "https://www.hotel-scoop.com/tag/san-antonio/" "WP Fastest Cache Preload iPhone Mobile Bot"
172.70.82.161 - - [29/Jun/2021:10:54:16 -0700] "GET /tag/texas/ HTTP/1.1" 503 7111 "https://www.hotel-scoop.com/tag/texas/" "WP Fastest Cache Preload iPhone Mobile Bot"
    Thread Starter globetrots

    (@globetrots)

    Added all six of them as Firewall rules to allow, purged the cache, and same result as always. Immediately stopped itself.

    Scan Failed
    The scan has failed to start. This is often because the site either cannot make outbound requests or is blocked from connecting to itself. Click here for steps you can try.

    [JUN 28 21:32:02] Scan stop request received.

    Thread Starter globetrots

    (@globetrots)

    I added the site IP as a Firewall rule, but no change from that. Scan stops a second after starting.

    I’m having a tech person check over the htaccess file to make sure nothing is off there.

    This other part I don’t understand. Where would that even be to restart it twice?

    “Memcache or object-cache may also need to be restarted twice if present on your configuration. “

    Thread Starter globetrots

    (@globetrots)

    OK, I did all that, my IP address is in there (though I’ve tried from several different ones).

    Scan keeps failing, here’s the short and sweet log from the last few attempts. It only takes a second or two to fail. 

    [Jun 15 14:27:32:1623781652.808071:4:info] Scan process ended after forking.
[Jun 15 14:27:32:1623781652.355713:4:info] Starting cron via proxy at URL https://noc1.wordfence.com/scanp/www.hotel-scoop.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=standard&cronKey=9d6d7306f95cc1f5fbc5d714c88183d3&k=dc6cabc117d1d99c6cde27848b20b7a05f3eccd74201ddeb7ced2a13045a0d308ccd9ea77ab30f1265553371fbe3b6bb049014e5a7c88e6ea6b80ac46d1145343f0558825ebf65d39896b04845b12937&ssl=1&signature=1e38f49427e2fb29ef27963237546f2042714ebd9b5cafe272ba4bade988b514
[Jun 15 14:27:32:1623781652.353251:4:info] getMaxExecutionTime() returning config value: 20
[Jun 15 14:27:32:1623781652.352735:4:info] Got value from wf config maxExecutionTime: 20
[Jun 15 14:27:32:1623781652.351550:4:info] Entering start scan routine
[Jun 15 14:27:32:1623781652.349547:4:info] Ajax request received to start scan.
[Jun 15 14:27:26:1623781646.137936:10:info] SUM_KILLED:A request was received to stop the previous scan.
[Jun 15 14:27:26:1623781646.137168:1:info] Scan stop request received.
[Jun 15 14:26:06:1623781566.488058:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=dc6cabc117d1d99c6cde27848b20b7a05f3eccd74201ddeb7ced2a13045a0d308ccd9ea77ab30f1265553371fbe3b6bb049014e5a7c88e6ea6b80ac46d1145343f0558825ebf65d39896b04845b12937&s=eyJ3cCI6IjUuNy4yIiwid2YiOiI3LjUuNCIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC93d3cuaG90ZWwtc2Nvb3AuY29tIiwic3NsdiI6MjY5NDg4MzE5LCJwdiI6IjcuMy4yOCIsInB0IjoiZnBtLWZjZ2kiLCJjdiI6IjcuNzcuMCIsImNzIjoiT3BlblNTTFwvMS4xLjFrIiwic3YiOiJBcGFjaGUiLCJkdiI6IjEwLjMuMjktTWFyaWFEQiIsImxhbmciOiIifQ&betaFeed=0&action=timestamp
[Jun 15 14:26:03:1623781563.011808:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=dc6cabc117d1d99c6cde27848b20b7a05f3eccd74201ddeb7ced2a13045a0d308ccd9ea77ab30f1265553371fbe3b6bb049014e5a7c88e6ea6b80ac46d1145343f0558825ebf65d39896b04845b12937&s=eyJ3cCI6IjUuNy4yIiwid2YiOiI3LjUuNCIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC93d3cuaG90ZWwtc2Nvb3AuY29tIiwic3NsdiI6MjY5NDg4MzE5LCJwdiI6IjcuMy4yOCIsInB0IjoiZnBtLWZjZ2kiLCJjdiI6IjcuNzcuMCIsImNzIjoiT3BlblNTTFwvMS4xLjFrIiwic3YiOiJBcGFjaGUiLCJkdiI6IjEwLjMuMjktTWFyaWFEQiIsImxhbmciOiIifQ&betaFeed=0&action=resolve_ips
[Jun 15 14:26:02:1623781562.796972:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=dc6cabc117d1d99c6cde27848b20b7a05f3eccd74201ddeb7ced2a13045a0d308ccd9ea77ab30f1265553371fbe3b6bb049014e5a7c88e6ea6b80ac46d1145343f0558825ebf65d39896b04845b12937&s=eyJ3cCI6IjUuNy4yIiwid2YiOiI3LjUuNCIsIm1zIjpmYWxzZSwiaCI6Imh0dHBzOlwvXC93d3cuaG90ZWwtc2Nvb3AuY29tIiwic3NsdiI6MjY5NDg4MzE5LCJwdiI6IjcuMy4yOCIsInB0IjoiZnBtLWZjZ2kiLCJjdiI6IjcuNzcuMCIsImNzIjoiT3BlblNTTFwvMS4xLjFrIiwic3YiOiJBcGFjaGUiLCJkdiI6IjEwLjMuMjktTWFyaWFEQiIsImxhbmciOiIifQ&betaFeed=0&action=resolve_ips
[Jun 15 14:23:53:1623781433.544059:4:info] Scan process ended after forking.
[Jun 15 14:23:53:1623781433.092492:4:info] Starting cron via proxy at URL https://noc1.wordfence.com/scanp/www.hotel-scoop.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=standard&cronKey=1dc8b22f64c932e21d609b09a0668a0b&k=dc6cabc117d1d99c6cde27848b20b7a05f3eccd74201ddeb7ced2a13045a0d308ccd9ea77ab30f1265553371fbe3b6bb049014e5a7c88e6ea6b80ac46d1145343f0558825ebf65d39896b04845b12937&ssl=1&signature=f8533b664df27f1d870bafc1fc1accd6dd19d9ee01b67e6bdbaec6c8be3730ca
[Jun 15 14:23:53:1623781433.088697:4:info] getMaxExecutionTime() returning half ini value: 45
[Jun 15 14:23:53:1623781433.088154:4:info] ini value of 180 is higher than value for WORDFENCE_SCAN_MAX_INI_EXECUTION_TIME (90), reducing
[Jun 15 14:23:53:1623781433.087630:4:info] Got max_execution_time value from ini: 180
[Jun 15 14:23:53:1623781433.087034:4:info] Got value from wf config maxExecutionTime: 0
[Jun 15 14:23:53:1623781433.085843:4:info] Entering start scan routine
[Jun 15 14:23:53:1623781433.083934:4:info] Ajax request received to start scan.
    Thread Starter globetrots

    (@globetrots)

    Unless there’s some kind of delay (I cleared the cache), neither of these solutions worked. The scan is still stopping almost immediately and giving an error message. Only one of the three IP addresses was blocked in Wordfence and that one was by the request of affiliate network CJ: it was making thousands of clicks on affiliate links. They said it was a malicious IP address that was impacting multiple sites, not just mine, so they were requesting affected sites to block it. So how is it connected to my own server or WordPress’?

    Is this maybe a bug in the WordPress installation itself on this particular site? Do I need to uninstall and start over? As I said, I have the scans running on multiple others (including one on the same hosting platform) with no problems. And it is still blocking okay, just not scanning.

    • This reply was modified 3 years, 5 months ago by globetrots.
    Thread Starter globetrots

    (@globetrots)

    Yes, with no support response about the problem and two weeks of not recording any hits, I gave up on this plug-in and installed a competitor’s one that still works after the latest WP update.

    Thread Starter globetrots

    (@globetrots)

    Never mind, delete this – it seems to be using the theme one and not yours, so let me investigate.

    I had to restore the site from a back-up in the hosting panel, which was a total pain in the ass as you can imagine. I’ve learned my lesson and now ignore any messages (which are frequent) about Updraft Plus coding errors as it appears to be a buggy plug-in in this respect. Wordfence flags this frequently with what I assume are false alarms. More than all the others added together most months.

    I’ve had the same issue just pop up. I got a warning from Wordfence that the files had been modified for Wordfence by a hacker and I chose “restore the original file.” When I did, I got this cryptic message and could not log in anymore:

    Warning: require_once(/misc/16/262/059/685/user/web/luxurylatinamerica.com/blog/wp-content/plugins/updraftplus/class-updraftplus.php): failed to open stream: No such file or directory in /misc/16/262/059/685/user/web/luxurylatinamerica.com/blog/wp-content/plugins/updraftplus/updraftplus.php on line 95

    Fatal error: require_once(): Failed opening required ‘/misc/16/262/059/685/user/web/luxurylatinamerica.com/blog/wp-content/plugins/updraftplus/class-updraftplus.php’ (include_path=’.:/usr/share/pear’) in /misc/16/262/059/685/user/web/luxurylatinamerica.com/blog/wp-content/plugins/updraftplus/updraftplus.php on line 95

Viewing 12 replies - 1 through 12 (of 12 total)