I'm using cpanel. I have a server that is hosting around 40 domains(sites). I'm having problems with bots on the server. I would like to see who is hitting the server across all the domains and not have to check each domain individually. How could I do this?
CPanel provides an Error log that's for the whole domain, but I couldn't find anything that's just for a lot of hits that aren't errors.
Related
MISP (Malware Information Sharing Platform) is built with Apache. Previously I had a publicly facing instance on Digital Ocean. No log in lag time at all.
I've now moved behind an Apache reverse proxy which is managed by our network team. When attempting to reach the site for the first time there's either a long lag time to get to the site, and if you get to the site there's long lag time when first logging in.
This seems to go away after you first log in. However, many folks are getting a 502 error unable to process /GET, or they simply can't get to the site. There's competing arguments as to which Apache is doing this.
I've looked up a bunch of items already, tried tuning the MISP server, and have had zero luck. Caveat.
I have internal MISP instances that all use the same network. These are not publicly facing and do not have this issue. Also, we are using Lets Encrypt for the certs.
Here's the basic diagram:
I was running my webserver on Plesk platform before moving to CPanel due to my perceived perception of Plesk's over-sensibility to threats to security.
After the migration, my site runs quite alright but a sister site that has my IP in its A records couldn't connect through me anymore. It only brings a default website CGI page. Please, I need help.
Have you created your second site on your cPanel server ? If yes, then there is an issues with the IP, Please check your domain IP and httpd configuration file on cPanel server and try update that IP in your DNS zone which are you using on cPanel server. Most of the time this type of issues occur due to wrong IP.
All i did was to create a wildcard subdomain which was attached to the subdomain already created on the other server i was trying to point to. That did the magic. Sorry my response seems belated.
I am on Dreamhost VPS with root access. It runs Apache, and is hosting a site "www.example.com". At the same time, I am developing a Node.js web site, and binding Node.js to port 3456 (for example). So the Node.js site is accessible by typing "www.example.com:3456".
These are two distinct websites. I don't ever want users of the "www.example.com" accessing my Node.js website (which will be migrated to Nodejitsu after development).
Will I run into any problems with this setup?
I do not believe this will be a problem, unless one of your visitors happens to end up at port 3456. To mitigate this, you should think about writing your own small piece of middleware to whitelist your IP (thus rejecting anyone else). You can see an example at: http://www.hacksparrow.com/how-to-write-midddleware-for-connect-express-js.html. I'm sure you wont have a problem modifying this to your needs.
I have list of websites (around 50 +) on my nearer hosting provider hosting package. recently many of the sites being said the below "note that your account has been suspended due to higher resource usage which causes load spikes in the server and lets the other sites gets down"
All these sites build with Joomla and regular PHP coding. Not sure What I have to do as per the hosting side? any thoughts.,
I think you should change your hosting provider, consult the problems with your current provider, or, if you have a lot of traffic comming to your site, change to better hosting solution
Our 404 error logs show a lot of /SysVol http requests on our Windows Web Server 2008 for our website. It only has a webserver role and I believe that SysVol requests are meant for Domain Controllers? What's causing this and what would be the best solution to deal with these 404 requests?
I'm using code that access employee records via Active Directory (ldap) and the server is not trusted for delegaton in case this is related to the problem.
Are these requests coming from external IPs ? They are probably trying to p0wn you
The sysvol share generally gets created and shared out when a server is promoted to a domain controller. I'm assuming that your web server is not a DC and not in an Active Directory domain?
As for how to deal with it, if you're behind a firewall, you could block everything except ports 80 and 443 for instance. I hope that your webserver is behind a firewall. Seeing traffic like that isn't all that unusual considering it's on the internet.