• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question High traffic website, but from where?

S

SalvadorS

Regular Pleskian
Hello,

I have a website with 20Gb of http traffic everyday. But I check the logs and all seems to be normal not such that traffic at all. I don´t see from where these stats comes. Also web-stats are active in this domain and numbers does not match at all.

Anybody can tell me how I can know from where that http traffic comes?

Thank you
 
Hi there,
if you want to find the ip addresses which are connected to the server right now, just run
Code: 
ss -tan state established | grep ":80\|:443" | awk '{print $4}'| cut -d':' -f1 | sort -n | uniq -c | sort -nr
This output counts the connections to the whole server right now.

If you want to know the count for a special website in a special time range, just do this:
Code: 
mkdir /root/datastats
cd /var/www/vhosts/system/<yourdomain>/logs
for i in *; do find $i -mtime -3 -type f -exec cp -a {} /root/datastats \;; done
To copy all logs from <yourdomain> in a temporary folder. Please replace <yourdomain> with your domain name.
You also can replace the -3 with any number you want, it represents the days you wanna check.

Code: 
cd /root/datastats
for i in *; do [[ ${i:(-3)} == ".gz" ]] && gunzip $i ; done
for i in *; do grep -rh "\[19/Dec/2021" ./$i > $i.accessed; done
cut -f 1 -d ' ' *.accessed | sort -n | uniq -c | sort -nr | less
To check the files. Replace 19/Dec/2021 with the day you wanna check. The last command shows you the count and ip connected to the website.
 
Dear Fabian,

Thanks a lot for this. It helped a lot. I checked all the IPs but I don´t find any "out of normal" ... most visits are from google... nothing strange found with the IPs, still don´t know why the traffic are so high...
 
SalvadorS said:
Dear Fabian,

Thanks a lot for this. It helped a lot. I checked all the IPs but I don´t find any "out of normal" ... most visits are from google... nothing strange found with the IPs, still don´t know why the traffic are so high...
Click to expand...
How do you measure the traffic from the website? Within Plesk itself?
 
So, the traffic is measured by month.
You checked above the log of one single day.
You could modify the commands above to the following:
Code: 
mkdir /root/datastats
cd /var/www/vhosts/system/<yourdomain>/logs
for i in *; do find $i -mtime -30 -type f -exec cp -a {} /root/datastats \;; done
cd /root/datastats
for i in *; do [[ ${i:(-3)} == ".gz" ]] && gunzip $i ; done
cut -f 1 -d ' ' * | sort -n | uniq -c | sort -nr | less
Don't forget to delete the /root/datastats folder first.
With this commands, you will get the stats of the last 30 days (if stored).
Please note that the commands can last a little time running.
 
You must log in or register to reply here.

Similar threads

E
Question Optimize a high traffic website
Replies
5
Views
6K
ChristophRo
ChristophRo
O
Issue Statistics is not updated for suspended accounts
Replies
0
Views
613
orenk
O
M
Issue Disk speed slowed down from plesk?
Replies
5
Views
8K
nmdpa3
N
michaeljoseph01
Question How to block non-mail traffic to certain ip?
Replies
1
Views
917
MarkM
MarkM
A
Issue Firewall enabled but rules still gray
Replies
8
Views
688
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top