Support » Plugin: Wordfence Security - Firewall & Malware Scan » PHP 7.4.x scan time

  • Resolved Attila

    (@titala)


    You closed this ticket but unfortunately it is not solved at all.
    I definitely need your help. I reinstalled Wordfence from scratch, didn’t help. I tested it already with PHP 7.4.9 also didn’t help. It only works well for me with PHP 7.3.x I can’t stay on this version forever.

    BR, Attila

    The page I need help with: [log in to see the link]

Viewing 15 replies - 1 through 15 (of 18 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @titala and thanks for reaching out!

    Just looking over your previous ticket, it seems you are having issues with scan times after updating to the newer PHP version. We can take a deeper dive into this issue.

    If you are currently on 7.3.x, do the following for me:

    • Navigate to Tools > Diagnostics > Debugging Options > Enable debugging mode and then Save the Changes
    • Run a Scan to completion.
    • Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log and paste them in the post.
    • Now if you can send over a new diagnostic and also your PHP error log (located in Tools > Diagnostics > Log Files) to wftest @ wordfence . com.

      After you finish that, upgrade your PHP back to 7.4.x, and follow the list above again. I would like to compare what is going on before and after the upgrade.

      Thanks!

    The related diagnostics and activity logs has been sent. I have sent the error logs of related periods separately since php error log was not part of diagnostics.

    Activity log parts:

    PHP 7.3.21

    
    [Sep 11 05:13:55:1599794035.509660:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=e5847f3cea03aec6d8391443cc30e19250a21dabba7aa05b9d90017d6a9ac162e1a88d8568352f3dd17cc07082235cf2d27792f5b15da79935d2400b995224f6aebeba36906609083828cae2133b4523&s=eyJ3cCI6IjUuNS4xIiwid2YiOiI3LjQuMTEiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvd3d3LnN6YW1vc2lqdWRpdC5odSIsInNzbHYiOjI2ODQ0MzgzOSwicHYiOiI3LjMuMjEiLCJwdCI6ImNnaS1mY2dpIiwiY3YiOiI3LjYyLjAiLCJjcyI6Ik9wZW5TU0xcLzEuMC4yayIsInN2IjoiQXBhY2hlXC8yLjQuNiAoKSBtcG0taXRrXC8yLjQuNy0wNCBPcGVuU1NMXC8xLjAuMmstZmlwcyBQSFBcLzUuNC4xNiIsImR2IjoiNS41LjY1LU1hcmlhREItY2xsLWx2ZSJ9&betaFeed=0&action=record_scan_metrics
    [Sep 11 05:13:55:1599794035.507164:10:info] SUM_FINAL:Scan complete. You have 1 new issue to fix. See below.
    [Sep 11 05:13:55:1599794035.506849:1:info] Scan Complete. Scanned 15111 files, 22 plugins, 3 themes, 52 posts, 0 comments and 35299 URLs in 16 minutes 58 seconds.
    [Sep 11 05:13:55:1599794035.506471:2:info] Wordfence used 19.93 MB of memory for scan. Server peak memory usage was: 114.93 MB
    [Sep 11 05:13:55:1599794035.505807:1:info] -------------------
    [Sep 11 05:13:55:1599794035.499236:10:info] SUM_ENDOK:Scanning for suspicious site options
    [Sep 11 05:13:55:1599794035.447210:2:info] Done examining URLs
    [Sep 11 05:13:55:1599794035.446474:4:info] Using MySQLi directly.
    [Sep 11 05:13:55:1599794035.445989:4:info] Gathering host keys.
    [Sep 11 05:13:55:1599794035.445159:2:info] Examining URLs found in the options we scanned for dangerous websites
    [Sep 11 05:13:55:1599794035.263614:10:info] SUM_START:Scanning for suspicious site options
    [Sep 11 05:13:55:1599794035.256226:10:info] SUM_ENDOK:Scanning for admin users not created through WordPress
    [Sep 11 05:13:54:1599794034.509747:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=e5847f3cea03aec6d8391443cc30e19250a21dabba7aa05b9d90017d6a9ac162e1a88d8568352f3dd17cc07082235cf2d27792f5b15da79935d2400b995224f6aebeba36906609083828cae2133b4523&s=eyJ3cCI6IjUuNS4xIiwid2YiOiI3LjQuMTEiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvd3d3LnN6YW1vc2lqdWRpdC5odSIsInNzbHYiOjI2ODQ0MzgzOSwicHYiOiI3LjMuMjEiLCJwdCI6ImNnaS1mY2dpIiwiY3YiOiI3LjYyLjAiLCJjcyI6Ik9wZW5TU0xcLzEuMC4yayIsInN2IjoiQXBhY2hlXC8yLjQuNiAoKSBtcG0taXRrXC8yLjQuNy0wNCBPcGVuU1NMXC8xLjAuMmstZmlwcyBQSFBcLzUuNC4xNiIsImR2IjoiNS41LjY1LU1hcmlhREItY2xsLWx2ZSJ9&betaFeed=0&action=suspicious_admin_usernames
    [Sep 11 05:13:54:1599794034.506107:10:info] SUM_START:Scanning for admin users not created through WordPress
    [Sep 11 05:13:54:1599794034.493662:10:info] SUM_ENDBAD:Scanning for old themes, plugins and core files
    [Sep 11 05:13:41:1599794021.782009:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=e5847f3cea03aec6d8391443cc30e19250a21dabba7aa05b9d90017d6a9ac162e1a88d8568352f3dd17cc07082235cf2d27792f5b15da79935d2400b995224f6aebeba36906609083828cae2133b4523&s=eyJ3cCI6IjUuNS4xIiwid2YiOiI3LjQuMTEiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvd3d3LnN6YW1vc2lqdWRpdC5odSIsInNzbHYiOjI2ODQ0MzgzOSwicHYiOiI3LjMuMjEiLCJwdCI6ImNnaS1mY2dpIiwiY3YiOiI3LjYyLjAiLCJjcyI6Ik9wZW5TU0xcLzEuMC4yayIsInN2IjoiQXBhY2hlXC8yLjQuNiAoKSBtcG0taXRrXC8yLjQuNy0wNCBPcGVuU1NMXC8xLjAuMmstZmlwcyBQSFBcLzUuNC4xNiIsImR2IjoiNS41LjY1LU1hcmlhREItY2xsLWx2ZSJ9&betaFeed=0&action=plugin_vulnerability_check
    [Sep 11 05:13:39:1599794019.279811:10:info] SUM_START:Scanning for old themes, plugins and core files
    
    PHP 7.4.9
    
    [Sep 11 04:12:43:1599790363.356873:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/stats.json
    [Sep 11 04:07:24:1599790044.715162:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=e5847f3cea03aec6d8391443cc30e19250a21dabba7aa05b9d90017d6a9ac162e1a88d8568352f3dd17cc07082235cf2d27792f5b15da79935d2400b995224f6aebeba36906609083828cae2133b4523&s=eyJ3cCI6IjUuNS4xIiwid2YiOiI3LjQuMTEiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvd3d3LnN6YW1vc2lqdWRpdC5odSIsInNzbHYiOjI2ODQ0MzgzOSwicHYiOiI3LjQuOSIsInB0IjoiY2dpLWZjZ2kiLCJjdiI6IjcuNjIuMCIsImNzIjoiT3BlblNTTFwvMS4wLjJrIiwic3YiOiJBcGFjaGVcLzIuNC42ICgpIG1wbS1pdGtcLzIuNC43LTA0IE9wZW5TU0xcLzEuMC4yay1maXBzIFBIUFwvNS40LjE2IiwiZHYiOiI1LjUuNjUtTWFyaWFEQi1jbGwtbHZlIn0&betaFeed=0&action=timestamp
    [Sep 11 04:06:52:1599790012.958989:10:info] SUM_KILLED:A request was received to stop the previous scan.
    [Sep 11 04:06:52:1599790012.957542:1:info] Scan stop request received.
    [Sep 11 04:01:13:1599789673.237937:2:error] Scan terminated with error: The scan time limit of 3 hours has been exceeded and the scan will be terminated. This limit can be customized on the options page. <a href="https://www.wordfence.com/help/?query=scan-time-limit" target="_blank" rel="noopener noreferrer">Get More Information</a>
    [Sep 11 04:01:13:1599789673.237370:2:info] Wordfence used 19.93 MB of memory for scan. Server peak memory usage was: 51.93 MB
    [Sep 11 04:01:12:1599789672.403989:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=e5847f3cea03aec6d8391443cc30e19250a21dabba7aa05b9d90017d6a9ac162e1a88d8568352f3dd17cc07082235cf2d27792f5b15da79935d2400b995224f6aebeba36906609083828cae2133b4523&s=eyJ3cCI6IjUuNS4xIiwid2YiOiI3LjQuMTEiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvd3d3LnN6YW1vc2lqdWRpdC5odSIsInNzbHYiOjI2ODQ0MzgzOSwicHYiOiI3LjQuOSIsInB0IjoiY2dpLWZjZ2kiLCJjdiI6IjcuNjIuMCIsImNzIjoiT3BlblNTTFwvMS4wLjJrIiwic3YiOiJBcGFjaGVcLzIuNC42ICgpIG1wbS1pdGtcLzIuNC43LTA0IE9wZW5TU0xcLzEuMC4yay1maXBzIFBIUFwvNS40LjE2IiwiZHYiOiI1LjUuNjUtTWFyaWFEQi1jbGwtbHZlIn0&betaFeed=0&action=record_scan_metrics
    [Sep 11 04:01:12:1599789672.283754:10:info] SUM_FINAL:Scan interrupted. You have 1 new issue to fix. See below.
    [Sep 11 04:01:12:1599789672.283383:1:info] Scan interrupted. Scanned 15086 files, 22 plugins, 3 themes, 0 posts, 0 comments and 22090 URLs in 3 hours 21 seconds.
    [Sep 11 04:01:12:1599789672.282927:1:info] -------------------
    [Sep 11 04:00:42:1599789642.261410:4:info] Resuming malware scan at rule 909.
    [Sep 11 04:00:42:1599789642.256306:4:info] Scanning contents: wp-content/cache/swift-performance/www.szamosijudit.hu/cimke/nyugalom/css/e989ac7d5c29d9e64b499f05dd34878d.css (Size: 1.59 MB Mem: 40 MB)
    [Sep 11 04:00:42:1599789642.227372:4:info] Got a true deserialized value back from 'wfsd_engine' with type: object
    [Sep 11 04:00:42:1599789642.175948:4:info] Setting up scanRunning and starting scan
    [Sep 11 04:00:42:1599789642.175539:4:info] Setting up error handling environment
    [Sep 11 04:00:42:1599789642.174954:4:info] Requesting max memory
    [Sep 11 04:00:42:1599789642.173596:4:info] Checking saved cronkey against cronkey param
    [Sep 11 04:00:42:1599789642.173177:4:info] Checking cronkey: e9dcf19c68c86815d9883e1fa678f787 (expecting e9dcf19c68c86815d9883e1fa678f787)
    [Sep 11 04:00:42:1599789642.172624:4:info] Fetching stored cronkey for comparison.
    [Sep 11 04:00:42:1599789642.171771:4:info] Verifying start request signature.
    [Sep 11 04:00:42:1599789642.171105:4:info] Scan engine received request.
    [Sep 11 04:00:40:1599789640.602037:4:info] Scan process ended after forking.
    [Sep 11 04:00:39:1599789639.595965:4:info] Starting cron with normal ajax at URL https://www.szamosijudit.hu/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&scanMode=custom&cronKey=e9dcf19c68c86815d9883e1fa678f787&signature=1919688bab586121b4d71e089ed1c93b46a95d2307ce48c5d58dd5219ffbb336
    
    Plugin Support WFAdam

    (@wfadam)

    Thanks for sending everything @titala

    The only thing I am missing is the diagnostic from after you updated your PHP version. Could you send that over when you get a chance?

    Thanks!

    I sent you all in all 5 mails.

    PHP 7.4.9 Diag (Very first)
    PHP 7.4.9 Activity log
    PHP 7.3.21 Activity log
    PHP 7.3.21 Diag
    Extra file with Error log

    probably in this order. Which one is missing?

    I resent PHP 7.4.9 Diag right now

    Plugin Support WFAdam

    (@wfadam)

    Thanks @titala I got them now!

    It looks like while on PHP 7.4.9, your site is getting a Scan terminated with error, which can sometimes be caused by the Max execution timer. Let’s try this as a first step:

    • Kill the existing scan if it is still running (The “Start New Scan” button turns in to a “Stop” button while the scan is running)
    • Go to your Scan > Scan Options and Scheduling page and locate the “Performance Options”
      Set “Maximum execution time for each scan stage” to 20 on the options page
    • Click to “Save Changes”
    • Run another Scan to test

    Let’s start here and see what we get.

    Thanks again!

    Would you like to send the results of the new scan the same way as earlier? Do you need the results of the PHP 7.4.9 run or should I repeat the scan with PHP 7.3.21 too?

    Plugin Support WFAdam

    (@wfadam)

    @titala

    Let’s just stick to 7.4.9 because that’s what your end goal is, correct?

    We can do all our future tests there.

    It is even worse. Activity log sent.
    [Sep 11 18:32:30:1599841950.060935:10:info] SUM_KILLED:A request was received to stop the previous scan.
    [Sep 11 18:32:30:1599841950.059676:1:info] Scan stop request received.
    [Sep 11 18:18:48:1599841128.345205:4:info] Scan process ended after forking.
    [Sep 11 18:18:47:1599841127.339914:4:info] Starting cron via proxy at URL https://noc1.wordfence.com/scanp/www.szamosijudit.hu/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&scanMode=custom&cronKey=65fae5c2c853d4646deae6977dd222d7&k=e5847f3cea03aec6d8391443cc30e19250a21dabba7aa05b9d90017d6a9ac162e1a88d8568352f3dd17cc07082235cf2d27792f5b15da79935d2400b995224f6aebeba36906609083828cae2133b4523&ssl=1&signature=41532af75071dabf953161396fd20612fd1101e770042877752bd93d3332954d
    [Sep 11 18:18:47:1599841127.338044:4:info] Test result of scan start URL fetch: WP_Error::__set_state(array( ‘errors’ => array ( ‘http_request_failed’ => array ( 0 => ‘cURL error 28: Operation timed out after 18000 milliseconds with 0 bytes received’, ), ), ‘error_data’ => array ( ), ))
    [Sep 11 18:18:29:1599841109.158311:4:info] getMaxExecutionTime() returning config value: 20
    [Sep 11 18:18:29:1599841109.157687:4:info] Got value from wf config maxExecutionTime: 20
    [Sep 11 18:18:29:1599841109.156520:4:info] Calling startScan(true)
    [Sep 11 18:18:28:1599841108.046763:4:info] Entered fork()
    [Sep 11 18:18:28:1599841108.046024:4:info] Forking during malware scan (5777) to ensure continuity.
    [Sep 11 18:18:06:1599841086.832866:4:info] Resuming malware scan at rule 3554.
    [Sep 11 18:18:06:1599841086.827561:4:info] Scanning contents: wp-content/cache/swift-performance/www.szamosijudit.hu/testunk-van-csak-idonk-nincs-ra-hogyan-segithet-ha-kozelebb-kerulunk-hozza/css/c18d398ebdba03622687c754a17d00b9.css (Size: 1.58 MB Mem: 40 MB)
    [Sep 11 18:18:06:1599841086.801651:4:info] Got a true deserialized value back from ‘wfsd_engine’ with type: object
    [Sep 11 18:18:06:1599841086.744397:4:info] Setting up scanRunning and starting scan
    [Sep 11 18:18:06:1599841086.743971:4:info] Setting up error handling environment
    [Sep 11 18:18:06:1599841086.743362:4:info] Requesting max memory
    [Sep 11 18:18:06:1599841086.741613:4:info] Checking saved cronkey against cronkey param
    [Sep 11 18:18:06:1599841086.740975:4:info] Checking cronkey: 8895e4e375d99be0a6686c455f009563 (expecting 8895e4e375d99be0a6686c455f009563)
    [Sep 11 18:18:06:1599841086.740515:4:info] Fetching stored cronkey for comparison.
    [Sep 11 18:18:06:1599841086.739665:4:info] Verifying start request signature.
    [Sep 11 18:18:06:1599841086.738952:4:info] Scan engine received request.
    [Sep 11 18:17:57:1599841077.049803:4:info] Scan process ended after forking.

    Plugin Support WFAdam

    (@wfadam)

    After taking a deeper look at your diagnostic and error logs, I noticed that your opcache.interned_strings_buffer is set to 8. Try setting that to 16. This can usually be set in .user.ini or in .htaccess with php_value or in php.ini you have access to it.

    Could you also send me a screenshot of your scan settings to wftest @ wordfence . com?
    All Options > Scan Options > General Options and also Performance Options

    Hope this helps!

    Thanks again!

    Unfortunately I cannot change it. I tried both .htaccess and php.ini. but the value stays 8.
    The requested screenshots are sent.

    Plugin Support WFAdam

    (@wfadam)

    @titala Thanks again!

    If it won’t let you set it yourself, try reaching out to your host to see if they can change the value for you.

    There may be more than one php.ini, so it’s possible the one you can edit isn’t being used. You might also need to set it in .user.ini instead of .htaccess if PHP is running by CGI. You may still be able to do that without the host’s help.

    If you are able to successfully get it changed, try a scan and let me know the results.

    Hope this helps!

    Thanks!

    Hi Adam,
    It took for a week but te operator could set it up. Unfortunately it did not help. I also sent you the activity log.

    
    [Sep 18 18:11:21:1600445481.974633:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/stats.json
    [Sep 18 17:10:35:1600441835.039142:2:error] Scan terminated with error: The scan time limit of 3 hours has been exceeded and the scan will be terminated. This limit can be customized on the options page. <a href="https://www.wordfence.com/help/?query=scan-time-limit" target="_blank" rel="noopener noreferrer">Get More Information</a>
    [Sep 18 17:10:35:1600441835.038529:2:info] Wordfence used 21.84 MB of memory for scan. Server peak memory usage was: 51.84 MB
    [Sep 18 17:10:34:1600441834.173207:4:info] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=e5847f3cea03aec6d8391443cc30e19250a21dabba7aa05b9d90017d6a9ac162e1a88d8568352f3dd17cc07082235cf2d27792f5b15da79935d2400b995224f6aebeba36906609083828cae2133b4523&s=eyJ3cCI6IjUuNS4xIiwid2YiOiI3LjQuMTEiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvd3d3LnN6YW1vc2lqdWRpdC5odSIsInNzbHYiOjI2ODQ0MzgzOSwicHYiOiI3LjQuOSIsInB0IjoiY2dpLWZjZ2kiLCJjdiI6IjcuNjIuMCIsImNzIjoiT3BlblNTTFwvMS4wLjJrIiwic3YiOiJBcGFjaGVcLzIuNC42ICgpIG1wbS1pdGtcLzIuNC43LTA0IE9wZW5TU0xcLzEuMC4yay1maXBzIFBIUFwvNS40LjE2IiwiZHYiOiI1LjUuNjUtTWFyaWFEQi1jbGwtbHZlIn0&betaFeed=0&action=record_scan_metrics
    [Sep 18 17:10:34:1600441834.053209:10:info] SUM_FINAL:Scan interrupted. You have 1 new issue to fix. See below.
    [Sep 18 17:10:34:1600441834.052754:1:info] Scan interrupted. Scanned 13180 files, 17 plugins, 3 themes, 0 posts, 0 comments and 23020 URLs in 3 hours 29 seconds.
    [Sep 18 17:10:34:1600441834.052064:1:info] -------------------
    

    BR, Attila

    • This reply was modified 2 months, 2 weeks ago by Yui.
    • This reply was modified 2 months, 2 weeks ago by Yui. Reason: please use CODE button for proper formatting
    Plugin Support WFAdam

    (@wfadam)

    Just as a test, navigate to All Options > Scan Options > General Options, and disable Scan file contents for backdoors, trojans and suspicious code. Now run another scan and see if it completes. Either way, could you send your full scan log to wftest @ wordfence . com. Make sure to put your forum user name @titala in the subject line so I can find it easier.

    Thanks!

    It has been finished very fast with no error. Activity log sent, but I cannot edit the subject.

    Fri, 18 Sep 20 20:06:23 +0000::1600452383.4844:4:info::Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=e5847f3cea03aec6d8391443cc30e19250a21dabba7aa05b9d90017d6a9ac162e1a88d8568352f3dd17cc07082235cf2d27792f5b15da79935d2400b995224f6aebeba36906609083828cae2133b4523&s=eyJ3cCI6IjUuNS4xIiwid2YiOiI3LjQuMTEiLCJtcyI6ZmFsc2UsImgiOiJodHRwczpcL1wvd3d3LnN6YW1vc2lqdWRpdC5odSIsInNzbHYiOjI2ODQ0MzgzOSwicHYiOiI3LjQuOSIsInB0IjoiY2dpLWZjZ2kiLCJjdiI6IjcuNjIuMCIsImNzIjoiT3BlblNTTFwvMS4wLjJrIiwic3YiOiJBcGFjaGVcLzIuNC42ICgpIG1wbS1pdGtcLzIuNC43LTA0IE9wZW5TU0xcLzEuMC4yay1maXBzIFBIUFwvNS40LjE2IiwiZHYiOiI1LjUuNjUtTWFyaWFEQi1jbGwtbHZlIn0&betaFeed=0&action=record_scan_metrics
    Fri, 18 Sep 20 20:06:23 +0000::1600452383.4822:10:info::SUM_FINAL:Scan complete. You have 1 new issue to fix. See below.
    Fri, 18 Sep 20 20:06:23 +0000::1600452383.4819:1:info::Scan Complete. Scanned 13190 files, 17 plugins, 3 themes, 52 posts, 0 comments and 32835 URLs in 5 minutes 19 seconds.
    Fri, 18 Sep 20 20:06:23 +0000::1600452383.4815:2:info::Wordfence used 16.09 MB of memory for scan. Server peak memory usage was: 48.09 MB
    Fri, 18 Sep 20 20:06:23 +0000::1600452383.4808:1:info::——————-

Viewing 15 replies - 1 through 15 (of 18 total)
  • You must be logged in to reply to this topic.