[Solved] Hosting quarantined for so-far unused wordpress install initiated from Plesk

[ohmycabaretclub]

Hi there.

Quote

The following WordPress installations are quarantined:
Website "ohmy*****" (https://*****): Unable to finish running an operation on this site in 60 seconds. Operation was canceled. This is most likely caused by a server load spike, uncommon directives in wp-config.php, or a malware infection. Try running the operation again later. If this problem persists, make sure there are no customizations in wp-config.php that could slow down parsing this file, and consider checking the website for viruses and malware.

I installed this via Plesk and included a few plugins (I think it was Elementor, Wordfence, Updraft and a caching plugin).  I don't even have a domain attached to this yet so it's extremely unlikely anyone could have been attacking it or anything, or frankly even accessing it.  I haven't even logged in myself I don't think and yet I got this message today so I don't really understand what's going on.  On that particular one, I haven't enabled the "take-over wp cron" so I don't even thing upgrade/background maintenance scripts should have been running.

Is the hosting not suitable for basic wordpress sites, despite offering them via Plesk?  I realise this is a free-ish service (although I did make an additional donation) and my intention was to go to a paid package with Heliohost once I'd gotten everything setup and tested for resilience, but this is so far proving too unstable.

Additionally I have Avast virus scanner constantly popping up and warning me about a phishing threat related to l1s.saturn.ms whenever I have a Helio site open (not 100% sure about hosted sites but maybe even then too).

I'd really appreciate some clarity here as I'd love to be able to use Helio and support the project financially but can't when it is like this.

Many thanks

[wolstech]

WP Toolkit timed out...which is unsurprising. With the WP toolkit in Plesk, it's best to install WP manually then import it into the toolkit to manage it afterwards. The load on our servers means that the toolkit can struggle with installations at times.

 

Also, be aware that WP is the #1 leading cause of high server load and poor performance that users experience here. Extensions are usually the issue with most installs, and short of using different software entirely, the usual solution to WP being slow or causing too much load is to remove extensions. WooCommerce, Wordfence, and Elementor are 3 of the worst performers that we know of, but many others can cause load as well.

This user also found Cloudflare and caching extension for WP to be helpful at managing resource usage: https://helionet.org/index/topic/57606-handling-cpu-load-spikes-or-high-load-using-cloudflare/?do=getNewComment

I would start by installing a vanilla WP site with no extensions and see how it performs. Add themes and extensions one at a time, and monitor your load. https://heliohost.org/dashboard/load/ 

Also, other than VPSes, we don't even offer paid hosting at the moment. We are working on offering that down the road, and because it will not have the load restrictions of our current offerings, it should handle WP better than the free servers once it's available.

 

 

 

[ohmycabaretclub]

Actually I just checked on WP Toolkit and I haven't imported the site in question to it, so presumably that shouldn't be having any effect on things.  As I said this is just a plain install with no traffic and hence no cron jobs or background tasks running either.

Could you also answer about the saturn.ms issue?  I'm concerned especially given just how often it is being called.

[wolstech]

The saturn.ms message is a false positive related to a CDN, in our case it's used by Arc.io. I was getting the same alert from my Malwarebytes web protection as well until I whitelisted it. Your own site should not be generating these alerts as we don't implement any of the Arc CDN stuff on user websites, only pn our website/forums/Plesk.

It's part of IPFS, which is widely used to host static content including phishing websites. Being decentralized and semi-immutable has been an attractive aspect of IPFS for cybercriminals as it makes removal of their phishing content difficult, there's nobody to send an abuse report to...

As for WP, you don't really need much traffic to make it generate load. WP toolkit scanning it likely caused the server to make a request to the site, which caused it to generate tons of load because you installed Wordfence and Elementor (2 of the 3 most common troublemakers we see, the third is WooCommerce). WP is extremely inefficient and badly coded, and its extensions aren't much better. If you install plain WP, without those extensions, it should run acceptably, though we discourage the use of Wordpress.

I'll escalate this to Krydos, who can probably give you a better idea of what the load numbers look like with Wordpress and what exactly happened here.

 

[Krydos]

6 hours ago, ohmycabaretclub said:

hence no cron jobs or background tasks running either.

Except you do have a cron job running every 30 minutes.

5,35    *       *       *       *       /opt/plesk/php/8.0/bin/php -f 'httpdocs/wp-cron.php'

8 hours ago, ohmycabaretclub said:

this is so far proving too unstable.

We only recommend running Wordpress on VPS because it uses so much memory and CPU. You'll find that Wordpress, especially with all the worst plugins you could possibly install, will run quite slowly on Tommy, plus you'll slow down everyone else's websites, and we'll have to suspend you to keep everyone else's websites online. Here's some numbers to help you visualize the load that Wordpress causes