Scans stalling

Resolved

(@keysnparrots)

More background in this Reddit post, but let’s start fresh here.

I have three WordPress sites on DreamHost with the free version of WordFence installed. Since Tuesday (2017-05-02), none of them will complete a scan. This coincides approximately with installation of the WordPress 4.7.4 update and WordFence 6.3.7 and 6.3.8 updates. Scans stall at different points each time.

I first investigated through DreamHost support and they told me my processes are being killed for high memory usage; i.e. not CPU usage and not for running too long. I don’t know if that’s the only issue involved.

In my PHP error log, I’m seeing errors like this during scans:

[Thu May 04 13:21:40 2017] [error] [client [server IP]] Premature end of script headers: php70.cgi, referer: https://[my domain].com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronKey=46d6271345c2507b55ff100
[Thu May 04 13:22:31 2017] [error] [client [server IP]] Premature end of script headers: php70.cgi, referer: https://[my domain].com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronKey=2df0e08f78e3c3704c0a7fa0
[Thu May 04 13:22:31 2017] [error] [client [server IP]] Premature end of script headers: php70.cgi, referer: https://[my domain].com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronKey=5da542ff7de5c210203950f6

All three of those errors occurred during one scan. The scan didn’t stall until after the third error occurred.

In case it’s relevant, Sucuri scans and UpdraftPlus backups are succeeding on all three sites.

The sites are running on PHP 7. I’ve tried both CGI and FastCGI.

I’ve tried enabling the low resource scanning option. These options are disabled, as recommended by wfasa:

Scan files outside your WordPress installation
Scan images, binary, and other files as if they were executable
Enable HIGH SENSITIVITY scanning (may give false positives)

Below are the last few lines (most recent at top) of the activity log for a scan I attempted just now. Note that the scan doesn’t always stall at the same stage.


[May 04 14:57:54:1493931474.041259:4:info] Entered fork()
[May 04 14:57:46:1493931466.689383:4:info] Got a true deserialized value back from 'wfsd_engine' with type: object
[May 04 14:57:44:1493931464.945533:4:info] Setting up scanRunning and starting scan
[May 04 14:57:44:1493931464.944940:4:info] Setting up error handling environment
[May 04 14:57:44:1493931464.944311:4:info] Requesting max memory
[May 04 14:57:44:1493931464.943762:4:info] Done become admin
[May 04 14:57:44:1493931464.943200:4:info] Scan authentication complete.
[May 04 14:57:44:1493931464.940837:4:info] Scan will run as admin user 'admin' with ID '1' sourced from: singlesite get_users() function
[May 04 14:57:44:1493931464.927877:4:info] Becoming admin for scan
[May 04 14:57:44:1493931464.918306:4:info] Checking saved cronkey against cronkey param
[May 04 14:57:44:1493931464.917639:4:info] Exploding stored cronkey
[May 04 14:57:44:1493931464.917062:4:info] Fetching stored cronkey for comparison.
[May 04 14:57:44:1493931464.916217:4:info] Checking cronkey
[May 04 14:57:44:1493931464.914976:4:info] Scan engine received request.
[May 04 14:57:42:1493931462.329106:4:info] Starting cron with normal ajax at URL https://[my domain].com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&cronKey=6223f15a1682ba844f2a19ab
[May 04 14:57:42:1493931462.326767:4:info] Test result of scan start URL fetch: array ( 'headers' => Requests_Utility_CaseInsensitiveDictionary::__set_state(array( 'data' => array ( 'date' => 'Thu, 04 May 2017 20:57:40 GMT', 'server' => 'Apache', 'x-robots-tag' => 'noindex', 'x-content-type-options' => 'nosniff', 'expires' => 'Wed, 11 Jan 1984 05:00:00 GMT', 'cache-control' => 'no-cache, must-revalidate, max-age=0', 'x-frame-options' => 'SAMEORIGIN', 'set-cookie' => 'wfvt_2029678028=590b95c5804bc; expires=Thu, 04-May-2017 21:27:41 GMT; Max-Age=1800; path=/; HttpOnly', 'content-type' => 'text/html; charset=UTF-8', ), )), 'body' => 'WFSCANTESTOK', 'response' => array ( 'code' => 200, 'message' => 'OK', ), 'cookies' => array ( 0 => WP_Http_Cookie::__set_state(array( 'name' => 'wfvt_2029678028', 'value' => '590b95c5804bc', 'expires' => 1493933261, 'path' => '/', 'domain' => '[my domain].com',
[May 04 14:57:40:1493931460.411480:4:info] getMaxExecutionTime() returning half ini value: 15
[May 04 14:57:40:1493931460.410865:4:info] Got max_execution_time value from ini: 30
[May 04 14:57:40:1493931460.405907:4:info] Got value from wf config maxExecutionTime:
[May 04 14:57:40:1493931460.403036:4:info] Calling startScan(true)
[May 04 14:57:39:1493931459.963596:4:info] Entered fork()
[May 04 14:57:39:1493931459.962810:4:info] Calling fork() from wordfenceHash with maxExecTime: 15
[May 04 14:57:39:1493931459.949584:4:info] Scanning: /home/[username]/[my domain].com/wp-content/plugins/jetpack/modules/protect/protect-dashboard-widget.min.css (Mem:24.0M)
[May 04 14:57:39:1493931459.936184:4:info] Scanning: /home/[username]/[my domain].com/wp-content/plugins/jetpack/modules/protect/protect-dashboard-widget.css (Mem:24.0M)
[May 04 14:57:39:1493931459.924288:2:info] Analyzed 1200 files containing 17.91 MB of data so far

This topic was modified 9 years, 1 month ago by keysnparrots.
This topic was modified 9 years, 1 month ago by keysnparrots.

Viewing 7 replies - 16 through 22 (of 22 total)

← 1 2

Thread Starter keysnparrots
(@keysnparrots)

9 years ago

Thanks so much, Mika! The ticket number is 134419284.

wfalaa
(@wfalaa)

9 years ago

Thanks Mika for your offer to help in this case.

@keysnparrots “Scan process ended after forking” usually means that the scan tried to initiate next scan cycle “fork” but it failed to do so, you can read more about this process in “How do scans work internally“.

I checked both diagnostics reports, there is nothing interested there, except:
– Both sites still show “WP_MEMORY_LIMIT” set to “40MB”.
– One of them (that one starting with “pdw”) has “max_execution_time” set to “600” which is really high! I think the default in most servers is “60 or 30” and we recommend adjusting “Maximum execution time for each scan stage” option to about 90% of this value, check out “Adjusting the max execution time” for more details.

Thanks.

Thread Starter keysnparrots
(@keysnparrots)

9 years ago

Ah, so there are group memory limits on Dreamhost. I thought I was in the clear because each site is running under its own user. But all my site users are in the same group. Time for a VPS, I guess.

Moderator Ipstenu (Mika Epstein)
(@ipstenu)

🏳️‍🌈 Advisor and Activist

9 years ago

Ahh I see Rob replied in the time it took me to dig into this. So yes, you’re hitting group memory, which is there to prevent someone from making 10 accounts and noisy-neighboring the whole server and killing it for everyone 🙁

I have to contradict ONE thing he said. Cloudflare and caching won’t help this one. Since the problem happens when you scan, even with those in place you’d likely still have this issue.

Thread Starter keysnparrots
(@keysnparrots)

9 years ago

Yeah, I’m the noisy neighbour! I guess I’ve outgrown shared hosting. I’ll be with you for another year… I need time to work out migrating to a VPS and my account is about to renew. That gives me lots of time to move sites and services carefully, one at a time. If I’m not happy with Vultr, I’ll reconsider DreamCompute. I’ve had a great experience overall and will continue to recommend Dreamhost to people I won’t be hosting myself.

Moderator Ipstenu (Mika Epstein)
(@ipstenu)

🏳️‍🌈 Advisor and Activist

9 years ago

I’ve been the noisy neighbor too! Good luck, keysnparrots!

Thread Starter keysnparrots
(@keysnparrots)

9 years ago

Just got the big site moved to a Vultr VPS this morning, and it’s running great, including WordFence scans.

Viewing 7 replies - 16 through 22 (of 22 total)

← 1 2

The topic ‘Scans stalling’ is closed to new replies.