Scan never finishes and now hacked

I keep getting
“Scan Failed
The current scan looks like it has failed. Its last status update was 1 hour 33 mins ago. You may continue to wait in case it resumes or stop and restart the scan. Some sites may need adjustments to run scans reliably.”

None of the tips offered have worked, I might have to look elsewhere as I cannot risk another SQL injection

Hey @computerdude,

Wordfence protects against a vast variety of attacks. Whether you were hacked because of an unknown attack method or because there is some other issue in your system is hard to say. Some plugins contain vulnerabilities that are so bad that Wordfence can’t protect against them. The same goes for servers.

Regarding the Scan, can you do the following so I can get the information I need to help you?

Kill the existing scan if it is still running (The “Start New Scan” button turns in to a “Stop” button while the scan is running).

Go to your Scan > Scan Options and Scheduling page and locate the “Performance Options”.

Set “Maximum execution time for each scan stage” to 20 on the options page
Click to “Save Changes”.

Go to the Tools > Diagnostics page.

In the “Debugging Options” section check the circle “Enable debugging mode”.

Click to “Save Changes”.

Start a new scan.

Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log and paste them here.

Thanks,

Gerroald

I have switched on debug, now it refuses to start

Here is the log shortened

[Sep 25 22:28:23] Scanning: /var/sites/b/bestdealsguru.co.uk/public_html/wp-content/plugins/updraftplus/includes/images/ui-icons_228ef1_256x240.png (Mem:60.0M)
[Sep 25 22:28:23] Scanning: /var/sites/b/bestdealsguru.co.uk/public_html/wp-content/plugins/updraftplus/includes/images/ui-icons_ef8c08_256x240.png (Mem:60.0M)
[Sep 25 22:28:23] Scanning: /var/sites/b/bestdealsguru.co.uk/public_html/wp-content/plugins/updraftplus/includes/images/ui-icons_ffd27a_256x240.png (Mem:60.0M)
[Sep 25 22:28:23] Scanning: /var/sites/b/bestdealsguru.co.uk/public_html/wp-content/plugins/updraftplus/includes/images/ui-icons_ffffff_256x240.png (Mem:60.0M)
[Sep 25 22:28:23] Scanning: /var/sites/b/bestdealsguru.co.uk/public_html/wp-content/plugins/updraftplus/includes/jquery-ui.custom.css (Mem:60.0M)
[Sep 25 22:28:23] Scanning: /var/sites/b/bestdealsguru.co.uk/public_html/wp-content/plugins/updraftplus/includes/jquery-ui.custom.min.css (Mem:60.0M)
[Sep 25 22:28:23] Scanning: /var/sites/b/bestdealsguru.co.uk/public_html/wp-content/plugins/updraftplus/includes/jquery-ui.custom.min.css.map (Mem:60.0M)
[Sep 25 22:28:23] Scanning: /var/sites/b/bestdealsguru.co.uk/public_html/wp-content/plugins/updraftplus/includes/jquery.blockUI.js (Mem:60.0M)
[Sep 25 22:28:23] Scanning: /var/sites/b/bestdealsguru.co.uk/public_html/wp-content/plugins/updraftplus/includes/jquery.blockUI.min.js (Mem:60.0M)
[Sep 25 22:28:23] Scanning: /var/sites/b/bestdealsguru.co.uk/public_html/wp-content/plugins/updraftplus/includes/jquery.serializeJSON/jquery.serializejson.js (Mem:60.0M)
[Sep 25 22:28:23] Scanning: /var/sites/b/bestdealsguru.co.uk/public_html/wp-content/plugins/updraftplus/includes/jquery.serializeJSON/jquery.serializejson.min.js (Mem:60.0M)
[Sep 25 22:28:24] Calling fork() from wordfenceHash with maxExecTime: 20
[Sep 25 22:28:24] Entered fork()
[Sep 25 22:28:24] Calling startScan(true)
[Sep 25 22:28:24] Got value from wf config maxExecutionTime: 20
[Sep 25 22:28:24] getMaxExecutionTime() returning config value: 20
[Sep 25 22:28:24] Starting cron via proxy at URL https://noc1.wordfence.com/scanp/www.bestdealsguru.co.uk/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=1&scanMode=standard&cronKey=578d3e5840fd614aced0dd8523a120b2
[Sep 25 22:28:25] Scan process ended after forking.
[Sep 25 22:42:39] Calling Wordfence API v2.26:https://noc1.wordfence.com/v2.26/?k=958b1d5223ca3b0429d6afa8378978c1e1a49aa98356057cd2960cbfb62992eb539b09d6e22aa31dd5a7e8577ad9f5a1481614c7b2073785b55a13c83b5ec480df721d66e9b01

• This reply was modified 5 years, 5 months ago by computerdude.
• This reply was modified 5 years, 5 months ago by computerdude.

There is also a message

Connecting back to this site
wp_remote_post() test back to this server failed! Response was: cURL error 28: Operation timed out after 10000 milliseconds with 0 bytes received

Hey @computerdude,

Regarding the error, this is an error related to the cURL library installed on your hosting server. You can ask your hosting provider to investigate this for you.
?
From what I have seen in the past is that the error is often intermittent so it may come and go.
?
Some hosting providers also deliberately prevent a WordPress website from connecting back to itself which will generate this error so they can confirm if this is the case or not.

This may resolve the scanning issue. Once you’ve resolved the error please let me know if it helps.

https://www.wordfence.com/help/scan/troubleshooting/#scan-process-ended-after-forking

Thanks,

Gerroald

I have requested more memory on the server and that seems to have fixed it. Still not sure what the SQL injection malware was or where it came from but it looks like it has gone

• This reply was modified 5 years, 5 months ago by computerdude.