• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Issue Slow Web Speed + occasional 524 timeout

S

Senatri

New Pleskian
Server operating system version
Ubuntu 20.04.6 LTS
Plesk version and microupdate number
18.0.54
Hello,

since today my website started to be unresponsive.
Every few requests the website takes forever to load (30+ sec). Sometimes it shows a CF 524 - timeout error after 30 or 60sec and then loads the website.
Sometimes it loads for 10-15 sec and after pressing F5 lets the website load instantly.

I changed nothing on the website, nor did I update Plesk or something else.

I noticed that before this issue happened, the Memory Usage dropped significantly, especially the MySQL memory usage halved. Nginx memory usage on the other hand 5x for a short period and is now tripled.


1692754989519.png
 
This situation can have many reasons.

One very common reason are attacks against a website. It will be best to start of checking your logs/access_ssl_log and logs/error_log files on your server for suspicious activity such as frequent visits of bad bots. You can exclude bad bots in a variety of ways from visiting your server or site, e.g. by a fail2ban jail, by Nginx settings or very simple .htaccess Apache rules. Apache is the most costly solution in terms of cpu time, but it is also the easiest to implement, for example this is a segment you could put on top of other rules in your .htaccess file. It is proven to block the most common trouble makers:
Code: 
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} (PetalBot|UptimeRobot|seocompany|LieBaoFast|SEOkicks|Uptimebot|Cliqzbot|ssearch_bot|domaincrawler|AhrefsBot|spot|DigExt|Sogou|MegaIndex.ru|majestic12|80legs|SISTRIX|HTTrack|Semrush|MJ12|MJ12|Ezooms|CCBot|TalkTalk|Ahrefs|BLEXBot) [NC] 
RewriteRule .* - [F]

It is also thinkable that some sources are checking your website for security holes. These checks can come from a variety of IPs. Maybe you can identify the most frequent visitors by running
awk '{ print $1}' access_ssl_log | sort | uniq -c | sort -nr | head -n 20
and then check in detail what these are doing. You could consider blocking visitor IPs that are bad for your server, e.g.
plesk bin ip_ban --ban <ip address of bad visitor>,recidive
 
You must log in or register to reply here.
Back
Top