Ok, since Talemans script made the server finally useable again, I can also update. Thanks for the reply and help everybody.
Hi, Will it fix the flooded tmp folders ? I'm supporting like 12 vps'es with 450 clients and 600-700 sites alltogether. Will it be cleaned after update as well ?
Great, thanks for info ! Just two more questions : 1. When this gonna be implemented in normal STABLE release ? 2. If i update to GIT-STABLE can i get back to STABLE later on ? thanks
See my comments above, it is implemented in stable-3.1 branch, which is the stable rolling release of ISPConfig. Yes, you can always update to the next stable release when it gets tagged.
I have the lastest version of ISP 3.2 installed but I still have this huge tmp sessions file issue, please advise.
This loops through all tmp folders for the websites that belong to that client (client1) (e.g. web1/tmp, web4/tmp), finds files older than 7 days, and deletes them.
i installed 3.2.4 last week, s but have not touched any configs, only checked that my custom dns templete was still intact. how to I check that the two crons are enabled?
I did not install the script to cron. I ran it once, or maybe another time later, until I could upgrade to 3.2 version of ISPConfig. The lingering session files issue is definitely fixed in ISPConfig 3.2, so if you updated yesterday and the files did not get cleared overnight something is wrong. I believe there is even a backport to ISPConfig 3.1, if upgrading really is impossible.
The cleanup ISPConfig runs at midnight and removes files named 'sess_*' from website 'tmp' directories - what are sample filenames/paths you're seeing?
Yes cron is working, and checked the logs in panel, so thats is not where issue is. It was too large so i could not get a reading because of timeout, but I had to cd to tmp folder then used Code: find . -name '*' | xargs rm in-order to clear files, maybe it was a ddos attack or something, i will monitor the sess_ files which is currently 5000+ and see if it clears at midnight.
If you just removed all of those and already have 5000 more, something unusual (for any non-huge site) is going on. Might check your logs for php requests, and and see what processes are running.
No it is a mid size media site so i do get alot of visits, but the sessions that i removed most have been afew days worth of build up, but lets wait and see what happend at midnight, thanks for help so far.
One thing that currently annoys me is that the more sophisticated script kiddies have figured out how to inject 'fake' sessions on many of those */tmp/ directories — I'm almost certain that they're exploiting some kind of WordPress vulnerability that remains unpatched. These scripts are actually reasonably dangerous (i.e. some have originated, more than a decade ago, on military cyber warfare units — these days, they are all over GitHub and other free repositories, since they're considered obsolete...), but, of course, placing them inside tmp make them perfectly harmless unless one has made a very serious configuration mistake on the web server configuration, since, by default, nothing can be run/viewed/loaded from tmp. It's still annoying because it seems to be reasonably simple to create those fake session files, and so a regular cleanup is required — note that some of these do not start with sess* so they aren't caught by the ISPConfig cron jobs. Instead, they start with things like php* or pose themselves as image thumbnails, whatever.
auto clean up is Not working!! is this any advice, Cron is running but seems to not to its job for removing sess_ files, are there some config or dependencies i need to check?
