Hi, I have very strange case, at the first I was thinking there was intrusion, password leak or something similar. Now I finally found what is happening. This is ispconfig debug log 10.05.2026-17:29 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 10.05.2026-17:29 - DEBUG - Found 1 changes, starting update process. 10.05.2026-17:29 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 10.05.2026-17:29 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 10.05.2026-17:29 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client140/web347' - return code: 0 10.05.2026-17:29 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client140/web347' - return code: 0 10.05.2026-17:29 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client140/web347'|awk 'END{print $2,$NF}' - return code: 0 10.05.2026-17:29 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0 10.05.2026-17:29 - DEBUG - safe_exec cmd: setquota -u 'web347' '5120000' '5121024' 0 0 -a &> /dev/null - return code: 0 10.05.2026-17:29 - DEBUG - safe_exec cmd: setquota -T -u 'web347' 604800 604800 -a &> /dev/null - return code: 0 10.05.2026-17:29 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client140/web347' - return code: 0 10.05.2026-17:29 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 10.05.2026-17:29 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 10.05.2026-17:29 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0 10.05.2026-17:29 - DEBUG - safe_exec cmd: chattr -i '/var/www/php-fcgi-scripts/web347/.php-fcgi-starter' - return code: 0 10.05.2026-17:29 - DEBUG - Creating fastcgi starter script: /var/www/php-fcgi-scripts/web347/.php-fcgi-starter 10.05.2026-17:29 - DEBUG - safe_exec cmd: chattr +i '/var/www/php-fcgi-scripts/web347/.php-fcgi-starter' - return code: 0 10.05.2026-17:29 - DEBUG - Enable SSL for: ........com 10.05.2026-17:29 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/........com.vhost 10.05.2026-17:29 - DEBUG - Creating symlink: /etc/apache2/sites-enabled/100-........com.vhost->/etc/apache2/sites-available/........com.vhost 10.05.2026-17:29 - WARNING - No awstats base config found. Either awstats.conf or awstats.model.conf must exist in /etc/awstats. 10.05.2026-17:29 - DEBUG - Processed datalog_id 69192 10.05.2026-17:29 - DEBUG - Calling function 'restartHttpd' from module 'web_module'. 10.05.2026-17:29 - DEBUG - Trying to use Systemd to restart service 10.05.2026-17:29 - DEBUG - safe_exec cmd: systemctl is-enabled 'apache2' 2>&1 - return code: 0 10.05.2026-17:29 - DEBUG - Restarting httpd: systemctl reload apache2.service When this finishes a website is disabled (marked as inactive in ispconfig) and after angry call from customer I have to enable is back manually. This is happening every few days and it starts to annoy me a lot. Any idea how this happened and how to prevent it ?
You probably have set a traffic quota for the website and this traffic quota is reached, which means the site must get disabled. Set the traffic quota to -1 for the site to disable it.
I have no idea how I missed that. This was obviously set by mistake. Thanks for support, everything ok now.
