Facebook
Twitter
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
Issue Time to make changes is very long
Linulex
Silver Pleskian
Fail2ban can take a long time depending on these 2 parameters:
- the number of domains on a server
- the active jails
fail2ban doesn't "re-use" logs. If you have 2 jails that use /var/www/vhosts/system/*/access_log then it opens every log twice.
So you can do the math for your server: if you have 100 hosting accounts and 5 jails that use hosting logs = 500 logs to read.
This is the reason we don't use per domain fail2ban, only for serverwide logs like mail, smtp, ftp, ssh, etc...
Things where fail2ban would use domain access_logs or error_logs, we try to intercept with mod_security
regards
Jan
- the number of domains on a server
- the active jails
fail2ban doesn't "re-use" logs. If you have 2 jails that use /var/www/vhosts/system/*/access_log then it opens every log twice.
So you can do the math for your server: if you have 100 hosting accounts and 5 jails that use hosting logs = 500 logs to read.
This is the reason we don't use per domain fail2ban, only for serverwide logs like mail, smtp, ftp, ssh, etc...
Things where fail2ban would use domain access_logs or error_logs, we try to intercept with mod_security
regards
Jan
That ain't long, it's normal.
I'd like to add to Linulex' correct answer, that the the size the involved log files impacts Fail2Ban negatively, too.
Zardiw
Basic Pleskian
Thank you.
To Linulex. Apparently I AM using Fail2ban on a server level.....but not 100% sure of that.
It seems to be server wide, because it is on the Server settings page under Security as IP Address Banning (Fail2Ban)
Given that, does it have to read all the logs on a Domain Level????
Could you elaborate on how you do this:
"Things where fail2ban would use domain access_logs or error_logs, we try to intercept with mod_security"
z
To Linulex. Apparently I AM using Fail2ban on a server level.....but not 100% sure of that.
It seems to be server wide, because it is on the Server settings page under Security as IP Address Banning (Fail2Ban)
Given that, does it have to read all the logs on a Domain Level????
Could you elaborate on how you do this:
"Things where fail2ban would use domain access_logs or error_logs, we try to intercept with mod_security"
z
Zardiw
Basic Pleskian
Well, it's not just Fail2Ban settings that take a long time.......most other Plesk changes are very slow.......and that shouldn't be 'Normal'......imvhffo that is.......
This server has very few sites on it.......and those sites get very limited use......
As an example.....I update a DB with over 20,000 records in it..with about 6,000 transactions. and there is some SERIOUS PHP calculation and processing involved.
It takes 25 seconds on average.
z
This server has very few sites on it.......and those sites get very limited use......
As an example.....I update a DB with over 20,000 records in it..with about 6,000 transactions. and there is some SERIOUS PHP calculation and processing involved.
It takes 25 seconds on average.
z
Zardiw
Basic Pleskian
PS. Even going to different menu items is very slow.....glacial in fact.
Maybe some code optimization is in order on Plesk???
Or maybe when Plesk Onyx was the upgrade to the 12. versions, it became bloated?
Can someone who was/is on 12.x versions chime in and report how fast you can move around Plesk GUI items on the web admin edition?
Here is my CPU Usage, while moving around Plesk:
CPU usage
Last 1 minute 0.06
Last 5 minutes 0.03
Last 15 minutes 0.05
z
Maybe some code optimization is in order on Plesk???
Or maybe when Plesk Onyx was the upgrade to the 12. versions, it became bloated?
Can someone who was/is on 12.x versions chime in and report how fast you can move around Plesk GUI items on the web admin edition?
Here is my CPU Usage, while moving around Plesk:
CPU usage
Last 1 minute 0.06
Last 5 minutes 0.03
Last 15 minutes 0.05
z
Linulex
Silver Pleskian
I am sorry if i sound rude, but at the moment your post reads to me like this: my server is slow, its plesk's fault: fix it!
You don't say what OS you have, what you have already investigated and ruled out, not even what plesk version you have (onyx isn't a versionnumber, its a name).
If its fast one time and slow another, you need to log in at a moment its slow and investigate. There are some very simple but effective tools you can use for that:
top, htop, apache server-status page, ioping, apachetop, mtop, iotop, just to name a few.
a slow server can have several reasons:
on server level
- is this a vps?
- how many cpu's?
- what is the speed of those cpu's?
a vps running on an E5620 and HDD is very different then one running on an E5-2650v4 with SSD.
- how much memory?
- what is the speed of that memory?
- sometimes a restart works wonders, but i guess you did that end last week because there where kernel security updates. (atleast on centos)
server but software
- do you have tuned-adm installed an the correct profile for your server?
- is /etc/sysctl.conf optimized?
on software level
- are queries optimized?
- what does the slow-querie log says?
- does php have enough recources?
- is mysql configuration optimized?
- what version of mysql? 5.6 is a lot faster then 5.1
MySQL 5.1 vs. 5.5 vs. 5.6 Performance Comparison – Liquid Web Knowledge Base
- do tables have the correct indexes?
- are there many smtp connections?
- is there many incomming mail?
- does every mailbox have spamassassin? that can eat resources too
- ....
- ....
- ....
- and a thousand other things.
depends on the jails you use. if you use jails like plesk-apache or plesk-wordpress then yes.
Have the best rules possible and active maintain them.
we use a custom rule set that is a mix of these.
Not all of it from everything, but those things that work:
asl rules
pfsence rules (converted by us to mod_sec 2.x) pfsense-packages/config/apache_mod_security/rules at master · pfsense/pfsense-packages · GitHub
flameye rules modsec-flameeyes/rules at master · Flameeyes/modsec-flameeyes · GitHub
linulex rules: whenever we see something that tries to harm sites, we create a rule of our own.
these are some examples of our own rules:
keeping mod_sec rules up-to-date is something you should spend every week at least 30 minutes on. Hackers also spend time on there scripts to find new ways to hack you and server and/or website security is nothing more then the effort of keeping ahead of the bad guys.
regards
Jan
You don't say what OS you have, what you have already investigated and ruled out, not even what plesk version you have (onyx isn't a versionnumber, its a name).
If its fast one time and slow another, you need to log in at a moment its slow and investigate. There are some very simple but effective tools you can use for that:
top, htop, apache server-status page, ioping, apachetop, mtop, iotop, just to name a few.
a slow server can have several reasons:
on server level
- is this a vps?
- how many cpu's?
- what is the speed of those cpu's?
a vps running on an E5620 and HDD is very different then one running on an E5-2650v4 with SSD.
- how much memory?
- what is the speed of that memory?
- sometimes a restart works wonders, but i guess you did that end last week because there where kernel security updates. (atleast on centos)
server but software
- do you have tuned-adm installed an the correct profile for your server?
- is /etc/sysctl.conf optimized?
on software level
- are queries optimized?
- what does the slow-querie log says?
- does php have enough recources?
- is mysql configuration optimized?
- what version of mysql? 5.6 is a lot faster then 5.1
MySQL 5.1 vs. 5.5 vs. 5.6 Performance Comparison – Liquid Web Knowledge Base
- do tables have the correct indexes?
- are there many smtp connections?
- is there many incomming mail?
- does every mailbox have spamassassin? that can eat resources too
- ....
- ....
- ....
- and a thousand other things.
depends on the jails you use. if you use jails like plesk-apache or plesk-wordpress then yes.
Have the best rules possible and active maintain them.
we use a custom rule set that is a mix of these.
Not all of it from everything, but those things that work:
asl rules
pfsence rules (converted by us to mod_sec 2.x) pfsense-packages/config/apache_mod_security/rules at master · pfsense/pfsense-packages · GitHub
flameye rules modsec-flameeyes/rules at master · Flameeyes/modsec-flameeyes · GitHub
linulex rules: whenever we see something that tries to harm sites, we create a rule of our own.
these are some examples of our own rules:
Code:
# spam
SecRule REQUEST_URI "sys09725848\.php" "phase:2,id:1070"
# stress test
SecRule REQUEST_URI "cstress\.net" "phase:2,id:1080"
SecRule REQUEST_URI "cstress\.org" "phase:2,id:1081"
SecRule REQUEST_URI "corepillar" "phase:2,id:1082"
#HTTP header semalt
SecRule HTTP_Referer|ARGS "semalt.semalt.com" "phase:2,id:1095"
SecRule HTTP_Referer|ARGS "semalt.com" "phase:2,id:1096"keeping mod_sec rules up-to-date is something you should spend every week at least 30 minutes on. Hackers also spend time on there scripts to find new ways to hack you and server and/or website security is nothing more then the effort of keeping ahead of the bad guys.
regards
Jan
