Yet another cURL error

  • Resolved Thought Nozzle

    (@thought-nozzle)


    8 years, 11 months ago

    Hi, folks. Getting that old cURL error 28; I can’t connect to your servers.

    Diagnostics say everything is correct except for the timeout.

    But this is happening on every website hosted on one particular server, and apparently started about a month ago. There are no other security plugins common to all of the sites on this machine, and WordFence on all of my clients’ sites on my other hosts with similar plugins can scan just fine. And as I said, scanning only started failing after having worked for between 3 and 16 months.

    My suspicion is that your servers are using an ancient blocklist, and blocking my server’s cURL requests. I’ve seen this before with another plugin author. I inherited this IP which apparently was used for some long-term abuse. Not fun. The IP has been clean for the last couple of years except for a period around 1yr8mo ago during the 2015 XSS debacle.

    WordFence has been failing silently for more than a month, and that’s bad; I had no idea no scans of these half-dozen have been done in that long, and I’m afraid of what I’ll find when this is fixed.

    How can I get my server IP to you so you can check your tables?

    Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • wfalaa

    (@wfalaa)

    8 years, 11 months ago

    Hi,
    Please let me know what you can see in “Connectivity” section under (Wordfence > Tools => Diagnostics), screenshot would be helpful. Also, do you have both “Start all scans remotely” and “Enable SSL Verification” options disabled in the same diagnostics page?

    Thanks.

    Thread Starter Thought Nozzle

    (@thought-nozzle)

    8 years, 11 months ago

    Start all scans remotely – Disabled
    Enable SSL Verification – Enabled

    I disabled SSL Verification and tried a new scan. It failed with the same error, and the diagnostics are identical.

    Thread Starter Thought Nozzle

    (@thought-nozzle)

    8 years, 11 months ago

    And here’s a redacted dump of a log, with diagnostics on. I have also tried setting the per-stage max execution time to 30, with no luck.
    – – – –

    [Jun 16 23:56:45] Ajax request received to start scan.
[Jun 16 23:56:45] Entering start scan routine
[Jun 16 23:56:45] Got value from wf config maxExecutionTime:
[Jun 16 23:56:45] Got max_execution_time value from ini: 0
[Jun 16 23:56:45] getMaxExecutionTime() returning default of: 15
[Jun 16 23:56:45] Test result of scan start URL fetch: array ( 'headers' => Requests_Utility_CaseInsensitiveDictionary::__set_state(array( 'data' => array ( 'content-type' => 'text/html; charset=UTF-8', 'x-robots-tag' => 'noindex', 'x-content-type-options' => 'nosniff', 'expires' => 'Wed, 11 Jan 1984 05:00:00 GMT', 'cache-control' => 'no-cache, must-revalidate, max-age=0', 'x-frame-options' => 'SAMEORIGIN', 'content-length' => '32', 'content-encoding' => 'gzip', 'vary' => 'Accept-Encoding', 'date' => 'Fri, 16 Jun 2017 23:56:45 GMT', 'accept-ranges' => 'bytes', 'server' => 'LiteSpeed', ), )), 'body' => 'WFSCANTESTOK', 'response' => array ( 'code' => 200, 'message' => 'OK', ), 'cookies' => array ( ), 'filename' => NULL, 'http_response' => WP_HTTP_Requests_Response::__set_state(array( 'response' => Requests_Response::__set_state(array( 'body' => 'WFSCANTESTOK',
[Jun 16 23:56:45] Starting cron with normal ajax at URL http://[REDACTED].com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&cronKey=[REDACTED]
[Jun 16 23:56:45] Scan engine received request.
[Jun 16 23:56:45] Checking cronkey
[Jun 16 23:56:45] Fetching stored cronkey for comparison.
[Jun 16 23:56:45] Exploding stored cronkey
[Jun 16 23:56:45] Checking saved cronkey against cronkey param
[Jun 16 23:56:45] Becoming admin for scan
[Jun 16 23:56:45] Scan will run as admin user '[REDACTED]' with ID '[REDACTED]' sourced from: singlesite get_users() function
[Jun 16 23:56:45] Scan authentication complete.
[Jun 16 23:56:45] Done become admin
[Jun 16 23:56:45] Checking if scan is already running
[Jun 16 23:56:45] Requesting max memory
[Jun 16 23:56:45] Setting up error handling environment
[Jun 16 23:56:45] Setting up scanRunning and starting scan
[Jun 16 23:56:45] Got value from wf config maxExecutionTime:
[Jun 16 23:56:45] Got max_execution_time value from ini: 0
[Jun 16 23:56:45] getMaxExecutionTime() returning default of: 15
[Jun 16 23:56:51] Contacting Wordfence to initiate scan
[Jun 16 23:56:51] Calling Wordfence API v2.23:https://noc1.wordfence.com/v2.23/?v=4.8&s=[REDACTED]&openssl=[REDACTED]&phpv=5.6.23&betaFeed=0&cacheType=disabled&action=log_scan
[Jun 16 23:56:58] Scan process ended after forking.
[Jun 16 23:57:01] Calling Wordfence API v2.23:https://noc1.wordfence.com/v2.23/?v=4.8&s=[REDACTED]&openssl=[REDACTED]&phpv=5.6.23&betaFeed=0&cacheType=disabled&action=record_scan_metrics
[Jun 16 23:57:11] Scan terminated with error: There was an error connecting to the the Wordfence scanning servers: cURL error 28: Connection timed out after 10001 milliseconds
    Thread Starter Thought Nozzle

    (@thought-nozzle)

    8 years, 11 months ago

    Looks like my support people found the issue. noc1.wordfence.com is on a blocklist, supposedly for malicious traffic. They tell me they have notified both the blocklist managers and your company.

    They removed the IP address from their graylist tables, so that issue is gone.

    WordFence is still choking on two sites on that server with large file counts, but that’s a separate issue.

    Thanks.

    wfasa

    (@wfasa)

    8 years, 11 months ago

    Hi Thought Nozzle,
    just following up here with a quick note. If you would like to share which blocklist this is, please send an email to asa@wordfence.com. Please mention your username @thought-nozzle in the email.

    Glad to hear the issue was resolved. Hope you have a great day!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Yet another cURL error’ is closed to new replies.