Hi there everyone, I've been dealing with bot traffic crashing apache and it seems that finally something has happened that is causing apache not to respond even through running. To explain further, mysql queries on a forum were using all of the CPU causing apache to take long enough that monit would restart it. This happened hundreds of times a day. At some point, it quit recovering and every site on the server are now timing out. Sites on alternate ports, like ISPC admin, Monit, etc. are still working but sites on default port, like all domains, rspamd, etc. are timing out now. I replaced the problem forum with a plain index file with a single html line in it. Nothing is utilizing mysql on the site now. I restarted Apache, the problem persisted. I restarted the machine, the problem persisted. Looking at top, nothing is using over a couple % of the cpu. I can see in top that not many client requests are coming through(where normally tons of web7 would use php7.4). Only a couple show up and almost immediately disappear now. Apache is up and running: I have disabled monitoring in monit of apache2 so it won't keep trying to restart it. Can someone tell me what my next steps should be for finding out why the server won't serve any web pages although apache2 shows as running with no errors? I'm not sure if maybe some log files are locked causing an issue, or something else, I just have never run into this problem before and don't know where to go from here.
is your index file plain html? or is there some php still being used? i've seen instances where apache is working, but due to apache and various php-fpm versions got restarted multiple times, sometimes a php instance, eg php7.4-fpm didn't reconnect with apache properly, so any attempt to load a site would just sit there doing nothing. restarted the php*.*-fpm instance and suddenly everything was working properly. although you've said you've rebooted the server, which should also fix anything like that.
Maybe port 80 and 443 are closed by iptables. Is this server behind a proxy system or behind Cloudflare proxy? As you are using BanDaemon, which closes ports selectively when attacked, it is possible that you triggered the port to your desktop to be closed. Alternatively, if your system is behind a proxy, the proxy IP may have been banned. Use: ispp_bandaemon --showbans to get a list of all banned IP addresses.
