Forwarded this to the dev team to be looked at. I’ll let you know.
tim
Hi,
I’ve done some investigation on our end but I need more info from you:
Your description worries me. You’re saying that your server is crashing due to lack of memory. I’d like to learn more about exactly what is happening when you see this “crash”.
Is your server swapping heavily and becoming unresponsive?
Is the Linux kernel OOM process killer killing a process for being too large?
How large are the Apache processes that are being killed?
Are you sure you don’t have your server misconfigured to allow too many apache processes or threads for the amount of memory you have?
You jumped to the conclusion that Wordfence is not closing connections correctly and that is the cause of what you’re describing as a memory leak in Apache or PHP. I’m not sure we can jump to this conclusion yet. The operating system is actually responsible for closing TCP connections to remote hosts (it sends the FIN or RST TCP flags), so tell me more about how you drew this conclusion please.
I’m going to make a leap of my own: Is it possible that you’re not running out of memory and your server is not crashing. But instead all your apache threads or processes are busy because of a timeout condition when Wordfence is trying to establish a connection? So if you look at your mod_status page what you would see is all Apache processes stuck in the “W” or “Sending Reply” state?
It sounds like you’re fairly technical so if you can reproduce the issue, please post the output of netstat, top and any kernel logs that may help us understand what’s happening to your server. But make sure you sanitize any sensitive info before you do that.
Regards,
Mark.
I would point to a misconfiguration of the server. I’ve been working with the IT team, and we’ve resolved the issue. My original post was rather unclear and didn’t point to the actual issue at hand. The problem stemmed from the php5-curl package not being installed.
I was running New Relic on the server (Ubuntu 12.04 VM on Azure), and this was the pattern I was seeing:
1. On bootup, Apache would come up with 10 processes
2. Wordfence would contact noc1.wordfence.com and fail because php5-curl was not installed
3. Apache would start ~6 more processes,
4. This would repeat until Apache was killed due to lack of memory.
After installing php5-curl, the issue has not presented itself. I’m not sure why php5-curl was not installed during the initial setup of WordPress, and there is little official documentation about this requirement. Either WordPress needs to specify the PHP extensions that are expected to be installed (they already do it with GD) or Wordfence could check to see if the php5-curl extension is enabled and warn the user if it isn’t.
Anyways, thanks for your help!
Hi there,
php5-curl is not a dependency for Wordfence and it’s designed to work without the cURL library. What we do is we fall back to using file_get_contents library. When you posted this I tested that file_get_contents works by disabling cURL on one of our lab systems. And it works great.
So if you have any more information from your web server error logs showing why file_get_contents() was not working for you when you did not have curl installed that would help us diagnose this. But on my end it seems to work great without curl, although I should add for anyone else reading this that curl is preferred by us because it’s more configurable.
I understand you want to move on, but I’m also posting this for anyone else who arrives here via google.
Regards,
Mark.
