From the screenshot it appears that it is awstats which is keeping the cpu busy. In Edit Servers, uncheck the box for awstats to see if the problem goes away.
I will test this tomorrow. There are nearly 80 domains where I need to disable AWStats, so it will take a while. Is there a Linux command to disable AWStats for all domains in Virtualmin?
If I disable the cron job for each domain, is that sufficient?
Also, I’ve always used Matomo (formerly Piwik), and having both Matomo and AWStats is redundant. I never use AWStats, so I might as well disable it permanently.
You can see what domain is being processed in the process list. It seems to just be one of them.
virtualmin disable-feature --domain <domain name> --virtualmin-awstats
If you want to do it for all domains, you can use list-domains to get a list of domains to operate on, and iterate over it in a for loop. Can be done in a one-liner pretty easily, or in a few lines if you want to put it in a file.
Thank you, I didn’t know it was possible to use a Virtualmin command via the console. I disabled Awstats on all domains and even removed Awstats from the list of plugins. I also have 2 or 3 very long SQL queries, with one of them containing two selections from two other tables, and this table quickly grows to 200,000 rows (in just 15 days). Additionally, it’s not very clear with its classic select (the one before), as it loads on average once every 10 seconds and contains 45,000 rows. I’m having trouble organizing this system sql; it works, but it causes lag.
Hi
For about the past 5 days, every day OVH has been putting my dedicated server into Anti-DDoS protection for approximately 20 minutes. I’ve also noticed that the server has been slow during the same period, particularly each evening.
Please take a look at this:
Jul 17 21:22:36 ns.……com saslauthd[656]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jul 17 21:22:36 ns.……com saslauthd[656]: pam_unix(smtp:auth): check pass; user unknown
Jul 17 21:22:35 ns.……com saslauthd[655]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jul 17 21:22:35 ns.……com saslauthd[655]: pam_unix(smtp:auth): check pass; user unknown
Jul 17 21:22:34 ns.……com saslauthd[651]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jul 17 21:22:34 ns.……com saslauthd[651]: pam_unix(smtp:auth): check pass; user unknown
Jul 17 21:22:33 ns.……com saslauthd[654]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jul 17 21:22:33 ns.……com saslauthd[654]: pam_unix(smtp:auth): check pass; user unknown
Jul 17 21:22:30 ns.……com saslauthd[653]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jul 17 21:22:30 ns.……com saslauthd[653]: pam_unix(smtp:auth): check pass; user unknown
Jul 17 21:22:29 ns.……com saslauthd[656]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jul 17 21:22:29 ns.……com saslauthd[656]: pam_unix(smtp:auth): check pass; user unknown
Jul 17 21:22:28 ns.……com saslauthd[655]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jul 17 21:22:28 ns.……com saslauthd[655]: pam_unix(smtp:auth): check pass; user unknown
Jul 17 21:22:27 ns.……com saslauthd[651]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jul 17 21:22:27 ns.……com saslauthd[651]: pam_unix(smtp:auth): check pass; user unknown
Jul 17 21:22:27 ns.……com saslauthd[654]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jul 17 21:22:27 ns.……com saslauthd[654]: pam_unix(smtp:auth): check pass; user unknown
Jul 17 21:22:26 ns.……com saslauthd[653]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jul 17 21:22:26 ns.……com saslauthd[653]: pam_unix(smtp:auth): check pass; user unknown
Jul 17 21:22:24 ns.……com saslauthd[656]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Jul 17 21:22:24 ns.……com saslauthd[656]: pam_unix(smtp:auth): check pass; user unknown
Jul 17 21:22:20 ns.……com saslauthd[655]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Currently it is 9:23 p.m., do you know if this is an attack? If so, how can you protect yourself?
This log comes from journalctl --lines 100 -p notice…warning
It is probably just a dumb spambot trying to send mail through your server, and being rejected because it isn’t providing authentication information. (So, “attack” is probably too strong of a word. It’s not trying very hard, but it does seem persistent.)
I believe fail2ban can/will block those kinds of thing if several come from the same IP in a short period of time.
But, also, please make new topics for new questions. Mail authentication is wholly unrelated to Apache, PHP, or Mariadb.
Okay, I will create a new topic because I don’t know how to use fail2ban to block this. Before creating the topic, I will check on Google.
I will write here, it is related to this: How to configure Fail2ban to blacklist an attack with postfix/smtpd (I am a novice) - #3 by Madrix
Today is the first time I’ve seen the processor running at 4% to 20% (viewed on Webmin). It changes often. Yesterday and the days before, it would spike to 100% but then drop to 50%, etc. I didn’t understand why.
The only two things I’ve fixed are:
- An issue with a malfunctioning Fail2ban filter, which was causing me to be attacked.
- I also learned, for the first time in my life, that it is possible to create indexes on columns SQL where a value needs to be searched en masse across thousands of rows. Now, pages load at lightning speed, and I even have an admin panel to manage complaints. I access it three times a day, and it used to lag heavily on the first load, but not anymore since I indexed a frequently searched column. This indexing thing is impressive. Despite having over 15 years of experience with SQL, I wasn’t aware of it. What tipped me off was that many people were telling me, “You need to create indexes,” so last night I investigated, “What is this indexing in MySQL, how do you do it, and what is it for?” Then I created the index, and I was amazed. I still need to monitor to see if it truly helps.
1 Like
My SQL skills are basically as minimal as you can get but I seem to remember ‘reindex’ was the fix to a lot of problems some time back. (Think over a decade. 
)
2 Likes
So are you running a custom app with a custom database?
@shoulders Yes, many customized tables sql, and all my sites php are built from scratch. I’ve always done it this way since 2005/2006; I’ve never really adapted to things like WordPress. I also have a NodeJS application that I’ve been maintaining for several years, with very frequent updates. Since the summer holidays, it has reached 600 simultaneous connections. It’s a general chat application, and it’s the only site on the dedicated server that achieves such a high number of connected users.
@ID10T This is going to be very useful. I need to do it gradually since I’m not sure which ones I should index. I’ve activated it on a few columns across approximately four large tables. I know there are others, so I’ll handle it slowly to avoid making mistakes.
Your dB, and possibly your app, are definitely the issue.
If you don’t know about indexing in SQL you need to got and do some studying before making any changes, lots have changed.
You might might also look into the dB engine Innodb which allows row locking rather than table locking.
Check the mysql cache size is big enough.
Db collation and connection collation might be an issue. Utfmb4_unicode_ci is a good start. This one might of just got replaced as the standard.
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.