Question Extremely high traffic via http/s

[JogoVogo]

Server operating system version

os_Debian 12.0

Plesk version and microupdate number

Plesk Obsidian v18.0.65_build1800241106.13

Good day everyone!

On our server, a domain generates about two terabytes of traffic daily.

It is a WP website whose graphics are quite small. There are also no unknown files in the directory(s).

In addition, the WA statistics do not make a reasonable statement about traffic. What is the most effective way to analyze them?

Cheers
Ron

 

[Bitpalast]

Have you checked the access_ssl_log lines for the occurrence of " 404 " and " 301 " entries? Do you find any and if so, could you post an example here?

 

[JogoVogo]

Hi, I just checked, there are no 404 or 301 included.

 

[Bitpalast]

I didn't expect that. A WP websites without any 301 or 404 entries in the log sounds rare, because normally bad bots are trying the website. Is your question then where the traffic originates? You could find the top sources with
cat access_ssl_log | awk '{print $1}' | sort -n | uniq -c | sort -n

 

[JogoVogo]

When outputting "cat" there are 17 IPs.

In the access_ssl_log.processed are many "57995 access forbidden by rule, client:" entries.

 

[Bitpalast]

And do the 17 source IP make sense? And why are there only 17? There should be hundreds. Is there an IP address that creates most traffic? What source is that (look it up on centralops.net maybe)? Which IP address is hitting files that are not for public access? Why is it not being banned by your Fail2Ban? Or is it?

 

[JogoVogo]

In the proxy_access_ssl_log Are significantly more entries.
There are none of them at ipban.

The one with the most hits I have checked at talos everything in order...

 

[Raul A.]

If you use a CDN, the IP address seen by Fail2Ban is not the visitor IP address that might be logged.

Did you check the Web Statistics?

You will have to use the system user and password to access the page.

 

[JogoVogo]

Here are the statistics for November, 3.4GB compared to the traffic of 14.3GB

,

 

[Raul A.]

That doesn't look very bad. How does it compare to previous months?

Where do you see the 14.3GB? Do you have multiple domains in the same webspace/subscription? The Statistics from the screenshot are solely for that domain while the Traffic this month refers to all the websites in that webspace/subscription.

What disk space and traffic show?

 

[JogoVogo]

Here...

 

[Bitpalast]

You mentioned 2 TB/day, but this traffic is only 14 GB/month.

 

[JogoVogo]

Oh yes, I was really mistaken. Despite all this, 14GB is too much for this one domain so far.

2TB/month is for the entire subscription/customers. (36 Domains)

Ron

 

[Raul A.]

You will have to check all 36 domains to identify the domain that receives all that traffic. It can't be the one you are currently looking at.

 

[Bitpalast]

You will have to check all 36 domains to identify the domain that receives all that traffic. It can't be the one you are currently looking at.

Easy to to: Click the "Domains" menu and let it sort by traffic.

 

[JogoVogo]

Thank you very much for your quick help I think we were able to locate it.

Cheers
Ron