Recent content by Bitpalast

Thank you for the link! Very interesting. So it seems we've been very lucky that the web servers did not start hanging due to an impossible OCSP verification process as the verification servers went offline? Plesk should consider to update the extension and to remove the OCSP option from it.

On # nginx -t we are seeing lots of these lately: nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/usr/local/psa/var/certificates/scftPr4m0" It means that the web server is configured to use OCSP stapling, but the SSL/TLS certificate used does not include an OCSP...

Username: TITLE ImunifyAV files frequently in update list while in reality the updates have been auto-installed PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE 18.0.69 #3 Alma 8 and 9 PROBLEM DESCRIPTION Since the new Imunify extension replaced the old, Imunify files are very...

We are seeing an increasing number of random server crashes on Alma 8 and 9 systems since about April 2025. It seems that the load on servers strongly increases within seconds so that the system becomes unresponsive. However, there is no traffic increase seen, no suspicious log entries, just...

MariaDB will occupy up to so many GB as you grant it in my.cnf for the innodb_buffer_pool_size variable. Once it comes close to the limit, it will clear some RAM to reuse it for new data. So if you lower the value to for example 2 GB you should see usage limited to no more than 2 GB. However...

I could imagine it is an incomplete Fail2Ban installation or an installation that was done without (outside of) Plesk. As Plesk says that Jails are missing, they are either located in a wrong path or they are indeed simply missing, because they naturally could not be installed if Fail2Ban was...

/opt/drweb/update.pl worked without issues and returned Dr.Web update details: Update server: http://update.geo.drweb.com/plesk/1100/unix Update has begun at Tue Apr 22 22:21:45 2025 Update has finished at Tue Apr 22 22:21:48 2025 Following files have been updated...

What's the problem with updates.drweb.com? For weeks we've been getting frequent update errors. Yet the server itself is online, but it responds with a 503 error. Example: Email message: /etc/cron.daily/drweb-update: ERROR: Dr.Web Updater: failed to download files ! On the console...

Maybe. But if the infected files are all in the same webspace subscription, it is more likely that a process in that subscription is causing the problem. We've only ever seen it this way here. Unless a user would have disabled chrooting. So maybe removing and recreating the subscription will fix...

This is for sure a hacked server or hacked website. If other scripts reside in the same webspace subscription, they are probably infected with malware that scans the directory tree and writes itself (or some other malicious code) into the files that it finds that are suitable for infection but...

None! What you see there are options entered by either Wordpress or plugins or a theme. Removing any of them will probably damage the website. Instead, check how many plugins you are using and reduce the number of plugins.

Example: /var/www/vhosts/system/<domainname>/logs has -rw-r--r--. 1 root root 0 Mar 28 05:10 access_ssl_log.webstat /var/www/vhosts/<domainname>/logs has -rw-r--r--. 1 root root 21901421 Mar 28 03:31 access_ssl_log.webstat However, when I rotate...

In a subscription /logs/access_ssl_log.webstat has grown to a large size where the nightly AWStats maintenance starts hanging. The only solution we could find was to remove the access_ssl_log.webstat file so that further processing by AWStats is done with a much smaller file. As AWStats stores...

Another cause for this could be that the plesk-postfix jail is configured to look too far into the past. It will then find and ban IPs from the past that are long blocked by the recidive jail (= it might not ban actually new attempts to attack the server, but old attempts, because these still...

It does work like this, but once the address is banned, no further login attempts should be logged by the plesk-postfix jail, because the recidive ban should prohibit access to the server for that IP address. If it is listed in the recidive jail, but not actually banning the IP, something is...