MScan – Troubleshooting, questions, problems and code posting

Home Forums BulletProof Security Pro MScan – Troubleshooting, questions, problems and code posting

This topic contains 38 replies, has 10 voices, and was last updated by  Jeff 7 months, 1 week ago.

Viewing 9 posts - 31 through 39 (of 39 total)
  • Author
    Posts
  • #37106

    Henrik
    Participant

    I’m having problems running it and can se its making af PHP error when using the download_url() function in wordpress. php 7.3:

    [20-Apr-2019 17:10:28 UTC] PHP Fatal error: Uncaught Error: Call to undefined function download_url() in /home/madkalen/public_html/wp-content/plugins/bulletproof-security/includes/mscan-ajax-functions.php:650
    Stack trace:
    #0 /home/madkalen/public_html/wp-content/plugins/bulletproof-security/includes/mscan-ajax-functions.php(129): bpsPro_wp_zip_download('300')
    #1 /home/madkalen/public_html/wp-includes/class-wp-hook.php(286): bpsPro_scheduled_mscan_scan()
    #2 /home/madkalen/public_html/wp-includes/class-wp-hook.php(310): WP_Hook->apply_filters('', Array)
    #3 /home/madkalen/public_html/wp-includes/plugin.php(531): WP_Hook->do_action(Array)
    #4 /home/madkalen/public_html/wp-cron.php(133): do_action_ref_array('bpsPro_MScan_ch...', Array)
    #5 {main}
    thrown in /home/madkalen/public_html/wp-content/plugins/bulletproof-security/includes/mscan-ajax-functions.php on line 650

    And the scan log ending with DOWNLOAD:
    —-
    [MScan Scan Start: 20. april 2019 19:10]
    Scan Time Calculation: Start Count total files to scan.
    Scan Time Calculation: Max File Size Limit to Scan: 400 KB
    Scan Time Calculation: Total Website Files: 18663
    Scan Time Calculation: Total Skipped Files (larger than 400 KB): 12
    Scan Time Calculation: Total WP Core Files to Scan: 1494
    Scan Time Calculation: Total non-Image Files to Scan: 2956
    Scan Time Calculation: Total Image Files to Scan: 0
    Scan Time Calculation: Total Files to Scan (WP Core + non-Image + Image): 4450
    Scan Time Calculation: Hosting Account Root Folders to Scan: wp-admin, wp-content, wp-includes
    Scan Time Calculation: WP Hash Time Estimate: +30 Seconds
    Scan Time Calculation: WP Core Files Time Estimate: +4 Seconds
    Scan Time Calculation: non-Image Files Time Estimate: +109 Seconds
    Scan Time Calculation: Image Files Time Estimate: +0 Seconds
    Scan Time Calculation: DB Size Time Estimate: +8 Seconds
    Scan Time Calculation: Scan Time Estimate: 151 Seconds
    Scan Time Calculation Completion Time: 00:00:15
    WP Zip File Download: Start wordpress-5.1.1.zip zip file download.

    Why is downloading failing?

    #37108

    AITpro Admin
    Keymaster

    The problem appears to be that WordPress is not loading in time for the download_url() function to be seen as defined in the BPS mscan-ajax-functions.php file. This problem is specific to your host server/website.

    The download_url() function is a standard built-in WordPress function and is defined in WordPress itself when WordPress loads > https://developer.wordpress.org/reference/functions/download_url/

    Do you have a standard/normal installation of WordPress? Are you using WP CLI or ClassicPress or something else that is different than a standard/normal installation of WordPress? Are you caching WordPress at the server level with a server caching mechanism? Are you using a Load Balancer/Proxy?

    #37109

    Henrik
    Participant

    It’s a standard installation but running Litespeed cache.

    #37110

    AITpro Admin
    Keymaster

    This is a similar issue, but not the exact issue you are having > https://wordpress.stackexchange.com/questions/17805/php-fatal-error-call-to-undefined-function-download-url. The similarity is that the same PHP error is occurring. What is not similar is that since wp-load.php and admin.php should already be loaded an “include” is not needed since the BPS plugin file is an internal script that is processed after WordPress loads and is not an external script that requires including the WordPress “loading” files.

    The only logical things I can think of is something is interfering with either the BPS MScan include file or something about your WordPress installation is different/unusual or you there is something fubar about your host server. Check with your web host support folks and see if they know why this is happening on your server. Or maybe they can shed some more clues about what is different about your host server that could cause this type of problem.

    #37183

    Jeff
    Participant

    Hi,

    Having exactly the same problem.

    MScan – Time Estimation never ends.

    In the heads up at the top of the screen there is a question mark symbol next to MSCAN. Says ‘MSCAN has not been run yet.’

    When I go to Mscan page and click on ‘Scan Time Estimate Tool’ the progress bar never ends, nor does a scan. I have refreshed the page many time to check.

    I have limited the folders down to 1 wp-includes which is tiny. Default settings otherwise. Same problem.

    I am getting a log – seems to stop where it’s fetching wordpress core files.

    [MScan Scan Start: May 2, 2019 8:32 pm]
    Scan Time Calculation: Start Count total files to scan.
    Scan Time Calculation: Max File Size Limit to Scan: 400 KB
    Scan Time Calculation: Total Website Files: 976
    Scan Time Calculation: Total Skipped Files (larger than 400 KB): 0
    Scan Time Calculation: Total WP Core Files to Scan: 971
    Scan Time Calculation: Total non-Image Files to Scan: 4
    Scan Time Calculation: Total Image Files to Scan: 0
    Scan Time Calculation: Total Files to Scan (WP Core + non-Image + Image): 975
    Scan Time Calculation: Hosting Account Root Folders to Scan: wp-includes
    Scan Time Calculation: WP Hash Time Estimate: +30 Seconds
    Scan Time Calculation: WP Core Files Time Estimate: +2 Seconds
    Scan Time Calculation: non-Image Files Time Estimate: +0 Seconds
    Scan Time Calculation: Image Files Time Estimate: +0 Seconds
    Scan Time Calculation: DB Size Time Estimate: +1 Seconds
    Scan Time Calculation: Scan Time Estimate: 33 Seconds
    Scan Time Calculation Completion Time: 00:00:00
    WP Zip File Download: Start wordpress-5.1.1.zip zip file download.

    Then it stops.

    Was any solution found?

    #37184

    AITpro Admin
    Keymaster

    @ Jeff – BPS 3.4 and BPS Pro 13.9 have the new code that gets the zip file download from wordpress.org.  So the BPS/BPS Pro zip download code itself cannot be the problem.  If you tried to use MScan in the last version of BPS or BPS Pro and the allow_url_fopen php.ini directive is disabled on your host server then a blank zip file will be here:  /wp-content/bps-backup/wp-hashes/.  Delete any zip files that you see in the /wp-hashes/ folder.  If that is not the problem then something else is preventing the zip file download on your website/server.  Could be something like you are out of hosting disk space or something else on your host server that does not allow zip files or zip file downloads.

    #37185

    Jeff
    Participant

    OK,

    I can confirm that allow_url_fopen is on in php.ini.

    Looking in the /wp-content/bps-backup/wp-hashes/ folder, I have 1 file ‘wp-hashes.php’.  This file contains a hash entry for each core file.  eg.

    <?php
    // WordPress 5.1.1 Hashes
    $wp_hashes = array(
    'wp-trackback.php' => 'd74b02cd709360ef78dc226cdbabce91',
    'wp-blog-header.php' => 'f3f43bcb755e7599abfd0cb56b710e81',
    'wp-settings.php' => '140b1e301fb4b33674ed035c000b032a',
    'readme.html' => '8bab7518f58bde0cb9eaee02872d8a3f',
    'license.txt' => '40fc2f39d472a1bb52f4ebe59702e0c2',
    'xmlrpc.php' => 'ec0319c65e8096c460fe78feee8b2288',
    'wp-activate.php' => '5c88f9b1e75f5db710c2dcfcdeab1d24',
    'wp-config-sample.php' => '3e42b983e0b6999d40027bada5f512e7',
    'wp-cron.php' => '0f31e7fef84445fe4f4bf7c092ec6c10',
    'wp-links-opml.php' => 'e5afa38ed5c796d43f301825975ab547',
    'index.php' => 'b9142a5f513a565bcb15430f4982000e',
    'wp-load.php' => 'b133347f6df56277b32a5405153bacb4',
    'wp-comments-post.php' => '4a98c020baeb9e82f5f577e737234f56',
    'wp-login.php' => 'ffe0a663423dad2484f6d6130c1b6cdd',
    'wp-signup.php' => 'b7deb3dbd61d082b99db157ae02a5280',
    'wp-mail.php' => 'c25ef6fbf40fbc76be342d490c0e874b',
    'wp-content/plugins/akismet/readme.txt' => 'f81aaacfc6db44deb73023bda30bd0ea',
    'wp-content/plugins/akismet/_inc/form.js' => '270f0cd7341bce6c2afacf2682e7690e',
    ...
    

    That’s the only file – no WP zip file.

    I’ll check with the hosting provider in regards to download of zip files.

    Thanks.

    #37186

    AITpro Admin
    Keymaster

    @ Jeff – MScan is just a malware scanner.  Is there a particular reason you want to use MScan?  BPS Pro comes with AutoRestore|Quarantine, which is far superior than any malware scanners > https://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/.

    Actually it looks like the zip file was successfully downloaded, extracted and the new wp-hashes.php file was successfully created for WordPress 5.1.1. The WP version indicator text in the wp-hashes.php file is > WordPress 5.1.1 Hashes.

    If you want I can login to this site and see if I can figure out the problem, but if the problem has to do with something on your host server then I would need to see host server log entries to figure out what the problem might be.

    #37187

    Jeff
    Participant

    OK.  That’s good news.

    The site was previously hacked.  I replaced all core files manually and did manual checking, but thought it good to pass it through MSCAN too just to check if I’d missed anything.

    Latest news

    MSCAN is working.  I’ve updated the settings to scan all site root folders and not just wp-includes.  Will see how it goes.

    Thanks.

Viewing 9 posts - 31 through 39 (of 39 total)

You must be logged in to reply to this topic.