• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Slow Web Speed + occasional 524 timeout

S

Senatri

New Pleskian
Server operating system version
Ubuntu 20.04.6 LTS
Plesk version and microupdate number
18.0.54
Hello,

since today my website started to be unresponsive.
Every few requests the website takes forever to load (30+ sec). Sometimes it shows a CF 524 - timeout error after 30 or 60sec and then loads the website.
Sometimes it loads for 10-15 sec and after pressing F5 lets the website load instantly.

I changed nothing on the website, nor did I update Plesk or something else.

I noticed that before this issue happened, the Memory Usage dropped significantly, especially the MySQL memory usage halved. Nginx memory usage on the other hand 5x for a short period and is now tripled.


1692754989519.png
 
This situation can have many reasons.

One very common reason are attacks against a website. It will be best to start of checking your logs/access_ssl_log and logs/error_log files on your server for suspicious activity such as frequent visits of bad bots. You can exclude bad bots in a variety of ways from visiting your server or site, e.g. by a fail2ban jail, by Nginx settings or very simple .htaccess Apache rules. Apache is the most costly solution in terms of cpu time, but it is also the easiest to implement, for example this is a segment you could put on top of other rules in your .htaccess file. It is proven to block the most common trouble makers:
Code: 
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} (PetalBot|UptimeRobot|seocompany|LieBaoFast|SEOkicks|Uptimebot|Cliqzbot|ssearch_bot|domaincrawler|AhrefsBot|spot|DigExt|Sogou|MegaIndex.ru|majestic12|80legs|SISTRIX|HTTrack|Semrush|MJ12|MJ12|Ezooms|CCBot|TalkTalk|Ahrefs|BLEXBot) [NC] 
RewriteRule .* - [F]

It is also thinkable that some sources are checking your website for security holes. These checks can come from a variety of IPs. Maybe you can identify the most frequent visitors by running
awk '{ print $1}' access_ssl_log | sort | uniq -c | sort -nr | head -n 20
and then check in detail what these are doing. You could consider blocking visitor IPs that are bad for your server, e.g.
plesk bin ip_ban --ban <ip address of bad visitor>,recidive
 
You must log in or register to reply here.
Back
Top