• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question Extremely high traffic via http/s

JogoVogo

JogoVogo

Basic Pleskian
Server operating system version
os_Debian 12.0
Plesk version and microupdate number
Plesk Obsidian v18.0.65_build1800241106.13
Good day everyone!

On our server, a domain generates about two terabytes of traffic daily.

It is a WP website whose graphics are quite small. There are also no unknown files in the directory(s).

In addition, the WA statistics do not make a reasonable statement about traffic. What is the most effective way to analyze them?

Cheers
Ron
 
Have you checked the access_ssl_log lines for the occurrence of " 404 " and " 301 " entries? Do you find any and if so, could you post an example here?
 
I didn't expect that. A WP websites without any 301 or 404 entries in the log sounds rare, because normally bad bots are trying the website. Is your question then where the traffic originates? You could find the top sources with
cat access_ssl_log | awk '{print $1}' | sort -n | uniq -c | sort -n
 
When outputting "cat" there are 17 IPs.

In the access_ssl_log.processed are many "57995 access forbidden by rule, client:" entries.
 
And do the 17 source IP make sense? And why are there only 17? There should be hundreds. Is there an IP address that creates most traffic? What source is that (look it up on centralops.net maybe)? Which IP address is hitting files that are not for public access? Why is it not being banned by your Fail2Ban? Or is it?
 
In the proxy_access_ssl_log Are significantly more entries.
There are none of them at ipban.

The one with the most hits I have checked at talos everything in order...
 
If you use a CDN, the IP address seen by Fail2Ban is not the visitor IP address that might be logged.

Did you check the Web Statistics?
1732104368644.png
You will have to use the system user and password to access the page.
 
That doesn't look very bad. How does it compare to previous months?

Where do you see the 14.3GB? Do you have multiple domains in the same webspace/subscription? The Statistics from the screenshot are solely for that domain while the Traffic this month refers to all the websites in that webspace/subscription.

What disk space and traffic show?
1732107992217.png
 
Oh yes, I was really mistaken. Despite all this, 14GB is too much for this one domain so far.

2TB/month is for the entire subscription/customers. (36 Domains)

Ron
 
You will have to check all 36 domains to identify the domain that receives all that traffic. It can't be the one you are currently looking at.
 
You must log in or register to reply here.

Similar threads

B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
8
Views
1K
HHawk
HHawk
E
How to Set up Your WordPress Website Security
Replies
0
Views
2K
Elvis Plesky
E
V
Varnish for WordPress in a Docker container
Replies
5
Views
6K
Laurence@
Laurence@
E
Varnish for WordPress in a Docker container in Plesk Onyx
2
Replies
25
Views
14K
Andrew_Pa
A
custer
Important Removing deadweight in Plesk Onyx 17.8
Replies
3
Views
8K
Laurence@
Laurence@
Back
Top