arcane

I experimented with the “precedence ::ffff:0:0/96 100” I mentioned above along with curl being disabled. Most page loads / post saves now take about 8 – 10 seconds in the backend, and WF scans appear to be running on their own at the moment.

I’m not quite ready to call it fixed, only because cURL used to run just fine but doesn’t on this server. (And one site had cURL disabled and one had it enabled prior to today’s testing) We have however made huge strides in the speed of things, hopefully to the point where I won’t avoid the site work now and will start to post again to both sites.

For the night, I’ve turned off Debug mode which has gotten rid of the undefined index (sslcertificates) notices in the Core Control plug-in and re-enabled my main security type plug-ins (WordFence, Akismet, Captcha) as well as Jetpack. That’s really all of them anyway other than the diagnostic plug-ins.

I will have to watch for updates and WF scans to run though to know if updates are happening properly since both my WF plug-in and WP itself updated while testing but I don’t know what was toggled when they updated automatically. Once I know that, I will update to let people know if this is “fixed” by the 2 changes above.

As mentioned above, this is a self-hosted server. I am my host. I have been notified. ??

With cURL enabled or not, interestingly that HTTPS-Tester talks about cURL.

I just followed a long rabbit hole from another thread that pointed to a TRAC ticket where someone else was talking about ipV6 causing trouble and am wondering something… my server has both ipv4 and ipv6 enabled. My ISP only uses ipv4 at this time. I’m considering enabling (uncommenting)

precedence ::ffff:0:0/96 100

in /etc/gai.conf

I’m thinking, if the issue (definitely related to cURL – based on the error messages changing while playing with enabling and disabling it and testing updates, etc) is related to ipv6 having to time out first, this may stop it? This is new territory for me though and I didn’t see a lot with I looked for wordpress related ipv6 stuff. Thoughts?

This is the output of HTTPS tester as of 3:36pm MST: (I re-enabled this plugin for this test and disabled it right after)

HTTPS Tester

Since WordPress 3.7, all communication to www.remarpro.com is attempted over HTTPS, this is to improve security and make it harder for someone to perform a MITM attack against a WordPress site.

Unfortunately, there have been reports that some hosts configurations are not allowing it to work, this plugin is used to debug it and find out what’s going on.

[PASS]: Your WordPress install claims to support HTTPS Connections
[PASS]: Checking that the HTTPS Root Certificate bundle exists and is accessible
[PASS]: cURL is installed and supports SSL communication, cURL Details: version_number=467712; age=3; features=50877; ssl_version_number=0; version=7.35.0; host=x86_64-pc-linux-gnu; ssl_version=OpenSSL/1.0.1f; libz_version=1.2.8; protocols=dict,file,ftp,ftps,gopher,http,https,imap,imaps,ldap,ldaps,pop3,pop3s,rtmp,rtsp,smtp,smtps,telnet,tftp
[PASS]: OpenSSL is installed. OpenSSL 1.0.1f 6 Jan 2014 268439663
[PASS]: Checking if stream_socket_client exists
[PASS]: Checking if openssl_x509_parse exists
[PASS]: Verifying api.www.remarpro.com resolves correctly.
[PASS]: [Streams] Communication with www.remarpro.com suceeded, it took 5.292 seconds
[PASS]: [Streams with a POST body] Communication with www.remarpro.com suceeded, it took 5.293 seconds
[PASS]: [cURL] Communication with www.remarpro.com suceeded, it took 5.792 seconds
[PASS]: [cURL with a POST body] Communication with www.remarpro.com suceeded, it took 0.276 seconds
[INFO]: PHP Version: 5.5.9-1ubuntu4.11

I’m sorry, I should have mentioned that. One site is using the 2014 theme as its default. The other was using Weaver, and I’ve temporarily changed it as well as disabling all plugins. The one using weaver is the one convinced that 4.2.3 is the latest WP version, so that’s the one I’ll work with for now.

I have wp-config.php no wp-config.sys
The setting has been changed.

URL is www dot stormi dot ca

I should note too that I had replaced the update.php from a tar file I’d downloaded straight from WP 2 weeks ago and it didn’t resolve the issue.

With debug mode enabled, I get the following when checking for updates:

Warning: An unexpected error occurred. Something may be wrong with www.remarpro.com or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to www.remarpro.com. Please contact your server administrator.) in /var/www/clients/client2/web1/web/wp-includes/update.php on line 295

Warning: An unexpected error occurred. Something may be wrong with www.remarpro.com or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to www.remarpro.com. Please contact your server administrator.) in /var/www/clients/client2/web1/web/wp-includes/update.php on line 457

Warning: An unexpected error occurred. Something may be wrong with www.remarpro.com or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to www.remarpro.com. Please contact your server administrator.) in /var/www/clients/client2/web1/web/wp-includes/update.php on line 119

Last checked on August 11, 2015 at 3:29 pm. Check Again
You have the latest version of WordPress. Future security updates will be applied automatically.

If you need to re-install version 4.2.3, you can do so here or download the package and re-install manually:

Thanks kmessinger – This isn’t specific to Wordfence though. I can put it there, for some reason, that’s where I thought I was – started the post 2 weeks ago. As the title mentions though the WF behavior is another symptom of a larger problem.

Looks good on this end too.

Thanks Mark,

This took the list of malicious executable code reports from 10 to 3, the ones still flagged are:

wp-admin/press-this.php – This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘urldecode(‘ (without quotes).

wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/datamapper/class.datamapper_driver_base.php – This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘base64_decode(‘ (without quotes).

wp-admin/includes/class-pclzip.php – This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘unpack(‘ (without quotes)

And once again, as mentioned, the sub-domain scan turns up nothing, but the main domain scan is flagging files in the sub-domain’s WP installation.

First, I should mention that perhaps I have WP installed wrong, but this is the first time I’ve seen behaviour like this.

My setup is that I have WP installed on a main domain, and then in a sub-domain. The subdomain is a folder within the main folder.

So, when scanning, the main domain reports that there are several files that may have malicious executable code – in the subdomain.

The first thing I do before taking the site offline is to scan the subdomain through it’s own installation of Wordfence.

*cue the sound of crickets chirping…*
Nothing. The scan comes back clean.

Scan again with the main domain’s installation
Immediately it comes back with all of these “infections”.

So, the next thing I do is hit the forums and find this post. I don’t think I’ll delete the files, but I will compare them to the ones in the main domain’s installation.

Mark, if required, I still have access set up for you.
Thanks
Tammi