• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Extremely high traffic via http/s

JogoVogo

JogoVogo

Basic Pleskian
Server operating system version
os_Debian 12.0
Plesk version and microupdate number
Plesk Obsidian v18.0.65_build1800241106.13
Good day everyone!

On our server, a domain generates about two terabytes of traffic daily.

It is a WP website whose graphics are quite small. There are also no unknown files in the directory(s).

In addition, the WA statistics do not make a reasonable statement about traffic. What is the most effective way to analyze them?

Cheers
Ron
 
Have you checked the access_ssl_log lines for the occurrence of " 404 " and " 301 " entries? Do you find any and if so, could you post an example here?
 
I didn't expect that. A WP websites without any 301 or 404 entries in the log sounds rare, because normally bad bots are trying the website. Is your question then where the traffic originates? You could find the top sources with
cat access_ssl_log | awk '{print $1}' | sort -n | uniq -c | sort -n
 
When outputting "cat" there are 17 IPs.

In the access_ssl_log.processed are many "57995 access forbidden by rule, client:" entries.
 
And do the 17 source IP make sense? And why are there only 17? There should be hundreds. Is there an IP address that creates most traffic? What source is that (look it up on centralops.net maybe)? Which IP address is hitting files that are not for public access? Why is it not being banned by your Fail2Ban? Or is it?
 
In the proxy_access_ssl_log Are significantly more entries.
There are none of them at ipban.

The one with the most hits I have checked at talos everything in order...
 
If you use a CDN, the IP address seen by Fail2Ban is not the visitor IP address that might be logged.

Did you check the Web Statistics?
1732104368644.png
You will have to use the system user and password to access the page.
 
That doesn't look very bad. How does it compare to previous months?

Where do you see the 14.3GB? Do you have multiple domains in the same webspace/subscription? The Statistics from the screenshot are solely for that domain while the Traffic this month refers to all the websites in that webspace/subscription.

What disk space and traffic show?
1732107992217.png
 
Oh yes, I was really mistaken. Despite all this, 14GB is too much for this one domain so far.

2TB/month is for the entire subscription/customers. (36 Domains)

Ron
 
You must log in or register to reply here.

Similar threads

V
Varnish for WordPress in a Docker container
Replies
5
Views
5K
Laurence@
Laurence@
E
Varnish for WordPress in a Docker container in Plesk Onyx
2
Replies
25
Views
13K
Andrew_Pa
A
custer
Important Removing deadweight in Plesk Onyx 17.8
Replies
3
Views
7K
Laurence@
Laurence@
R
qmail log analysis tools
Replies
0
Views
17K
rjshelq
R
Back
Top