One website uses 100% of CPU

[mbsmt]

Hi guys.
One of my customers had a website that moved from root to a sub domain yesterday. I had not any problem before on my server performance. But after this change, his account always take about 100% of CPU and this caused other websites can not be loaded. I could not find any good reason for this problem. Can you help me please?

Untitled.png

[ikkeben]

Take a dive into all log files.

Should be some errors scripts not finding ... paths and so on
Redirect loopings and more

VERSIONS of software and what is all used, should be nice for DA to Support you with this also.

[mbsmt]

Take a dive into all log files.

Should be some errors scripts not finding ... paths and so on
Redirect loopings and more

VERSIONS of software and what is all used, should be nice for DA to Support you with this also.

Please let me know which kinds of log do you need?

[Richard G]

Please let me know which kinds of log do you need?

Not us... you need to investigate them.

Start with:
/var/log/messages
/var/log/httpd/acces_log
/var/log/httpd/error_log
/var/log/httpd/domains/userdomain.tld.error.log and
/var/log/httpd/domains/userdomain.tld.log

I would start with the error logs.

[mbsmt]

Not us... you need to investigate them.

Start with:
/var/log/messages
/var/log/httpd/acces_log
/var/log/httpd/error_log
/var/log/httpd/domains/userdomain.tld.error.log and
/var/log/httpd/domains/userdomain.tld.log

I would start with the error logs.

Note: Customer moved her website from charogh.com to agahi.charogh.com.

/var/log/messages

Code:

Oct 12 17:24:10 srv1 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:00:d3:c8:cc:e1:7f:07:dd:9f:08:00 SRC=149.202.76.111 DST=136.243.141.46 LEN=443 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=5371 DPT=5071 LEN=423
Oct 12 17:25:54 srv1 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:00:d3:c8:cc:e1:7f:07:dd:9f:08:00 SRC=39.109.178.216 DST=136.243.141.46 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=48247 PROTO=TCP SPT=22714 DPT=22 WINDOW=44578 RES=0x00 SYN URGP=0
Oct 12 17:26:19 srv1 lfd[1508]: SYSLOG check [blAfmlVtjhPNjvC39mS]
Oct 12 17:28:19 srv1 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:00:d3:c8:cc:e1:7f:07:dd:9f:08:00 SRC=109.248.9.247 DST=136.243.141.46 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=32665 PROTO=TCP SPT=48748 DPT=5058 WINDOW=1024 RES=0x00 SYN URGP=0
Oct 12 17:28:29 srv1 named[2095]: client 64.4.15.93#44061: query (cache) 'desertsandtour.com/MX/IN' denied
Oct 12 17:28:30 srv1 named[2095]: client 64.4.15.93#44061: query (cache) 'desertsandtour.com/MX/IN' denied
Oct 12 17:28:30 srv1 named[2095]: client 64.4.15.93#44061: query (cache) 'desertsandtour.com/MX/IN' denied
Oct 12 17:28:31 srv1 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:00:d3:c8:cc:e1:7f:07:dd:9f:08:00 SRC=216.158.238.186 DST=136.243.141.46 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=28827 PROTO=TCP SPT=65535 DPT=8546 WINDOW=1024 RES=0x00 SYN URGP=0

/var/log/httpd/access_log

Code:

::1 - - [12/Oct/2017:17:22:32 +0330] "OPTIONS * HTTP/1.0" 200 112
::1 - - [12/Oct/2017:17:22:33 +0330] "OPTIONS * HTTP/1.0" 200 112
5.161.246.218 - - [12/Oct/2017:17:23:06 +0330] "-" 408 145 "-" "-"
5.161.246.218 - - [12/Oct/2017:17:23:10 +0330] "-" 408 145 "-" "-"
5.125.196.197 - - [12/Oct/2017:17:23:15 +0330] "-" 408 137 "-" "-"
::1 - - [12/Oct/2017:17:26:53 +0330] "OPTIONS * HTTP/1.0" 200 112
::1 - - [12/Oct/2017:17:26:55 +0330] "OPTIONS * HTTP/1.0" 200 112
2.187.235.205 - - [12/Oct/2017:17:30:01 +0330] "-" 408 137 "-" "-"
2.187.235.205 - - [12/Oct/2017:17:30:01 +0330] "-" 408 137 "-" "-"
::1 - - [12/Oct/2017:17:30:07 +0330] "OPTIONS * HTTP/1.0" 200 112

/var/log/httpd/error_log

Code:

[Thu Oct 12 16:57:33.079964 2017] [ssl:warn] [pid 17806] AH01909: farhange-boursei.ir:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 16:57:33.092055 2017] [ssl:warn] [pid 17806] AH01909: bluebelltour.ir:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 16:57:33.092942 2017] [ssl:warn] [pid 17806] AH01909: bluebell.ir:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 16:57:33.093799 2017] [ssl:warn] [pid 17806] AH01909: bbtravel.ir:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 16:57:33.104724 2017] [ssl:warn] [pid 17806] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 16:57:33.105618 2017] [ssl:warn] [pid 17806] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 16:57:33.107111 2017] [lbmethod_heartbeat:notice] [pid 17806] AH02282: No slotmem from mod_heartmonitor
[Thu Oct 12 16:57:33.107296 2017] [:notice] [pid 17806] mod_ruid2/0.9.8 enabled
[Thu Oct 12 16:57:33.147766 2017] [mpm_prefork:notice] [pid 17806] AH00163: Apache/2.4.28 (Unix) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Thu Oct 12 16:57:33.147866 2017] [core:notice] [pid 17806] AH00094: Command line: '/usr/sbin/httpd'

/var/log/httpd/domains/charogh.com.agahi.error.log

Code:

[Thu Oct 12 14:56:05.240577 2017] [ssl:warn] [pid 12637] AH01909: www.agahi.charogh.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 14:56:06.075429 2017] [ssl:warn] [pid 12657] AH01909: www.agahi.charogh.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 15:24:07.135232 2017] [ssl:warn] [pid 12657] AH01909: www.agahi.charogh.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 15:29:04.107237 2017] [ssl:warn] [pid 12657] AH01909: www.agahi.charogh.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 16:30:37.142956 2017] [ssl:warn] [pid 16534] AH01909: www.agahi.charogh.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 16:30:38.095797 2017] [ssl:warn] [pid 16535] AH01909: www.agahi.charogh.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 16:57:32.105139 2017] [ssl:warn] [pid 17805] AH01909: www.agahi.charogh.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 16:57:33.090286 2017] [ssl:warn] [pid 17806] AH01909: www.agahi.charogh.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Oct 12 16:59:10.022218 2017] [:error] [pid 17808] [client 94.177.77.253:10520] PHP Notice:  Undefined variable: title in /home/charoghc/domains/charogh.com/public_html/agahi/index.php on line 0, referer: http://agahi.charogh.com/article/143/%DB%8C%DA%A9-%D9%82%D8%A7%D9%84%DB%8C-%DA%86%DA%AF%D9%88%D9%86%D9%87-%D8%A8%D8%A7%D9%81%D8%AA%D9%87-%D9%85%DB%8C-%D8%B4%D9%88%D8%AF/
[Thu Oct 12 16:59:17.555137 2017] [:error] [pid 17836] [client 94.177.77.253:26834] PHP Notice:  Undefined variable: title in /home/charoghc/domains/charogh.com/public_html/agahi/index.php on line 0, referer: http://agahi.charogh.com/pages/10/%D8%B1%D8%A7%D9%87%D9%86%D9%85%D8%A7%DB%8C-%D8%AE%D8%B1%DB%8C%D8%AF-%D8%A7%D8%B2-%DA%86%D8%A7%D8%B1%D9%82/

/var/log/httpd/domains/charogh.com.error.log

Code:

[Thu Oct 12 15:50:31.362237 2017] [:error] [pid 14736] [client 182.77.18.93:18811] script '/home/charoghc/domains/charogh.com/public_html/wp-login.php' not found or unable to stat
[Thu Oct 12 16:05:42.715172 2017] [:error] [pid 15399] [client 41.82.113.50:63537] script '/home/charoghc/domains/charogh.com/public_html/wp-login.php' not found or unable to stat
[Thu Oct 12 16:32:54.008486 2017] [:error] [pid 16610] [client 207.46.13.190:23798] [client 207.46.13.190] ModSecurity: collection_retrieve_ex: Failed deleting collection (name "ip", key "207.46.13.190_4f1ba30e7e0a1348a60fa661e5bb8b958e7f7aa5"): Internal error (specific information not available) [hostname "www.charogh.com"] [uri "/product/908/%C3%98%C2%AF%C3%98%C2%B3%C3%98%C2%AA%C3%98%C2%A8%C3%99%E2%80%A0%C3%98%C2%AF-%C3%99%E2%80%A6%C3%99%E2%80%A1%C3%98%C2%B1%C3%99%E2%80%A1-%C3%98%C2%B5%C3%99%CB%86%C3%98%C2%B1%C3%98%C2%AA%C3%9B%C5%92-_-%C3%99%E2%80%A6%C3%98%C2%B1%C3%99%CB%86%C3%98%C2%A7%C3%98%C2%B1%C3%9B%C5%92%C3%98%C2%AF/"] [unique_id "Wd9nvIjzjS4AAEDi1yUAAAAd"]
[Thu Oct 12 16:32:54.008602 2017] [:error] [pid 16761] [client 207.46.13.190:4314] [client 207.46.13.190] ModSecurity: collection_retrieve_ex: Failed deleting collection (name "ip", key "207.46.13.190_4f1ba30e7e0a1348a60fa661e5bb8b958e7f7aa5"): Internal error (specific information not available) [hostname "www.charogh.com"] [uri "/product/893/%C3%98%C2%B3%C3%9B%C5%92%C3%99%E2%80%A0%C3%9B%C5%92-%C3%98%C2%B3%C3%99%E2%80%A0%C3%98%C2%AA%C3%9B%C5%92-%C3%99%E2%80%A6%C3%9B%C5%92%C3%99%E2%80%A0%C3%9B%C5%92%C3%98%C2%A7%C3%98%C2%AA%C3%99%CB%86%C3%98%C2%B1/"] [unique_id "Wd9n14jzjS4AAEF5qm0AAAAW"]
[Thu Oct 12 16:32:54.008689 2017] [:error] [pid 16558] [client 69.30.198.186:47414] [client 69.30.198.186] ModSecurity: collection_retrieve_ex: Failed deleting collection (name "ip", key "69.30.198.186_b269f08746c8a5f5cbc288e8ff9a86e28458a673"): Internal error (specific information not available) [hostname "www.charogh.com"] [uri "/product/1032/%DA%AF%D9%84%D8%AF%D8%A7%D9%86-%D8%B3%D9%81%D8%A7%D9%84%DB%8C/"] [unique_id "Wd9nq4jzjS4AAECuT4EAAAAD"]
[Thu Oct 12 16:32:54.012584 2017] [:error] [pid 16584] [client 69.30.198.186:54116] [client 69.30.198.186] ModSecurity: collection_retrieve_ex: Failed deleting collection (name "ip", key "69.30.198.186_b269f08746c8a5f5cbc288e8ff9a86e28458a673"): Internal error (specific information not available) [hostname "www.charogh.com"] [uri "/product/1030/%D8%AC%D8%A7%D8%B4%D9%85%D8%B9%DB%8C-%D8%B3%D9%81%D8%A7%D9%84%DB%8C-%D8%A7%D9%86%D8%A7%D8%B1/"] [unique_id "Wd9ngIjzjS4AAEDIa9gAAAAP"]
[Thu Oct 12 16:32:54.014827 2017] [:error] [pid 16777] [client 207.46.13.190:13754] [client 207.46.13.190] ModSecurity: collection_retrieve_ex: Failed deleting collection (name "ip", key "207.46.13.190_4f1ba30e7e0a1348a60fa661e5bb8b958e7f7aa5"): Internal error (specific information not available) [hostname "www.charogh.com"] [uri "/product/881/%C3%9A%C2%A9%C3%99%CB%86%C3%98%C2%B3%C3%99%E2%80%A0-%C3%98%C2%A2%C3%98%C2%AA%C3%98%C2%A7%C3%98%C2%B1%C3%9B%C5%92/"] [unique_id "Wd9n9ojzjS4AAEGJW9sAAAAf"]
[Thu Oct 12 16:32:54.029817 2017] [:error] [pid 16753] [client 207.46.13.190:15127] [client 207.46.13.190] ModSecurity: collection_retrieve_ex: Failed deleting collection (name "ip", key "207.46.13.190_4f1ba30e7e0a1348a60fa661e5bb8b958e7f7aa5"): Internal error (specific information not available) [hostname "www.charogh.com"] [uri "/product/880/%C3%98%C2%AA%C3%9B%C5%92%C3%98%C2%B4%C3%98%C2%B1%C3%98%C2%AA-%C3%99%E2%80%A6%C3%98%C2%A7%C3%99%E2%80%A1-%C3%99%CB%86-%C3%99%E2%80%A6%C3%98%C2%A7%C3%99%E2%80%A1%C3%9B%C5%92/"] [unique_id "Wd9n@IjzjS4AAEFxA90AAAAQ"]
[Thu Oct 12 16:46:15.814213 2017] [:error] [pid 17231] [client 31.218.115.138:61712] script '/home/charoghc/domains/charogh.com/public_html/wp-login.php' not found or unable to stat
[Thu Oct 12 17:18:47.237297 2017] [:error] [pid 18310] [client 175.140.187.212:35474] script '/home/charoghc/domains/charogh.com/public_html/wp-login.php' not found or unable to stat

/var/log/httpd/domains/charogh.com.log

Code:

69.30.205.218 - - [12/Oct/2017:17:24:11 +0330] "GET /articles/16/%D8%A7%DB%8C%D8%AF%D9%87-%D9%87%D8%A7%DB%8C%DB%8C-%D8%A8%D8%B1%D8%A7%DB%8C-%D9%85%D8%B1%D8%A7%D8%B3%D9%85-%D8%B9%D8%B1%D9%88%D8%B3%DB%8C/ HTTP/1.1" 404 703 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.7; http://mj12bot.com/)"
151.243.210.226 - - [12/Oct/2017:17:24:18 +0330] "GET /images/products/1__67.jpg HTTP/1.1" 404 545 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 6.0.1; ******* SM-N920C Build/MMB29K) AppleWebKit/537.36 (KHTML, like Gecko) *******Browser/5.4 Chrome/51.0.2704.106 Mobile Safari/537.36"
69.30.205.218 - - [12/Oct/2017:17:24:19 +0330] "GET /articles/17/%D8%A2%D9%85%D9%88%D8%B2%D8%B4-%D8%B3%D8%A7%D8%AE%D8%AA-%DA%AF%D9%84%D8%AF%D8%A7%D9%86-%DA%AF%D8%AA%D8%A7%D8%A8%DB%8C/ HTTP/1.1" 404 518 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.7; http://mj12bot.com/)"
69.30.205.218 - - [12/Oct/2017:17:24:23 +0330] "GET /articles/17/%D8%A2%D9%85%D9%88%D8%B2%D8%B4-%D8%B3%D8%A7%D8%AE%D8%AA-%DA%AF%D9%84%D8%AF%D8%A7%D9%86-%DA%AF%D8%AA%D8%A7%D8%A8%DB%8C/ HTTP/1.1" 404 687 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.7; http://mj12bot.com/)"
69.30.205.218 - - [12/Oct/2017:17:24:28 +0330] "GET /articles/18/%D8%A2%D9%85%D9%88%D8%B2%D8%B4-%D8%A8%D8%B3%D8%AA%D9%86-%D9%85%D9%88-%D8%A8%D9%87-%D8%B4%DA%A9%D9%84-%DA%AF%D9%84-%D8%B1%D8%B2/ HTTP/1.1" 404 687 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.7; http://mj12bot.com/)"
69.30.205.218 - - [12/Oct/2017:17:24:31 +0330] "GET /articles/19/%D8%A2%D9%85%D9%88%D8%B2%D8%B4-%D8%B3%D8%A7%D8%AE%D8%AA-%D8%B9%D8%B1%D9%88%D8%B3%DA%A9-%D8%A8%D8%A7-%D8%AC%D9%88%D8%B1%D8%A7%D8%A8/ HTTP/1.1" 404 523 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.7; http://mj12bot.com/)"
69.30.205.218 - - [12/Oct/2017:17:24:34 +0330] "GET /articles/19/%D8%A2%D9%85%D9%88%D8%B2%D8%B4-%D8%B3%D8%A7%D8%AE%D8%AA-%D8%B9%D8%B1%D9%88%D8%B3%DA%A9-%D8%A8%D8%A7-%D8%AC%D9%88%D8%B1%D8%A7%D8%A8/ HTTP/1.1" 404 687 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.7; http://mj12bot.com/)"
69.30.205.218 - - [12/Oct/2017:17:24:37 +0330] "GET /articles/2/8/%D8%AA%D8%B2%D8%A6%DB%8C%D9%86%D8%A7%D8%AA/ HTTP/1.1" 404 492 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.7; http://mj12bot.com/)"
69.30.205.218 - - [12/Oct/2017:17:24:41 +0330] "GET /articles/2/8/%D8%AA%D8%B2%D8%A6%DB%8C%D9%86%D8%A7%D8%AA/ HTTP/1.1" 404 671 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.7; http://mj12bot.com/)"
69.30.205.218 - - [12/Oct/2017:17:24:45 +0330] "GET /articles/2/8/%DB%8C%DA%A9-%D8%A7%DB%8C%D8%AF%D9%87-%D8%B3%D8%A7%D8%AF%D9%87-%D9%88-%D8%AC%D8%A7%D9%84%D8%A8-%D8%A8%D8%B1%D8%A7%DB%8C-%D8%B3%D8%A7%D8%AE%D8%AA-%D8%B5%D9%86%D8%AF%D9%84%DB%8C/ HTTP/1.1" 404 719 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.7; http://mj12bot.com/)"

[Arieh]

The last one might give some insight into this, bots are crawling this website. If each page takes alot of resources (often MySQL related), then one or more crawlers accessing all pages will take up a lot of resources.

This is an common problem with webshops that have no good caching solution.

I would try and look into the website software being used, and if there are caching options available, file cache, memory cache (memcache or redis) and such.

Apart from this website, you may also want to look into CloudLinux, they are specialized in deviding customers on your servers, so that 1 user can only use up is own resources instead of the whole server.

[mbsmt]

The last one might give some insight into this, bots are crawling this website. If each page takes alot of resources (often MySQL related), then one or more crawlers accessing all pages will take up a lot of resources.

This is an common problem with webshops that have no good caching solution.

I would try and look into the website software being used, and if there are caching options available, file cache, memory cache (memcache or redis) and such.

Apart from this website, you may also want to look into CloudLinux, they are specialized in deviding customers on your servers, so that 1 user can only use up is own resources instead of the whole server.

Arieh, I've moved .htaccess and robots.txt from root to subdomain. Putting new .htaccess and robots.txt in root can solve this problem?

[vlijmenlive]

For the robots.txt it will depend of they follow the rules, for the htaccess it depends what's in it. But in general if you move a website you should move all the files so would suggest to do that anyway.

If it helps, great! If not, follow the advice given before.

[mbsmt]

The problem still exists. User charoghc uses about 100% of CPU and I don't know what is this process for! On the other hand, there are multiple processes with the same user whereas I have about 70 users on this server.
Untitled.png

[ikkeben]

You have to dive in that software.

TIP maybey: redirection is not done the right way from root after changing to subdir, and or looping for redirections.

The best way to have it quickly solved is putting everything back as it was working ok before, so backup whatever.

Then have a look if you have to support that custommer with his/her software, if no then they should leran / find out how to move the right way to subdir, otherwise you have to do that.

If things are not solved when putting everything 100% back as before, you neede the logs files also from before that, to see it was no problem before the move to subdir.

Or call somone who knows how that software works and how to move the right way to a subdir if that is possible, let this person have a look in situation /logs files before and after the move, also the steps that are taken and so on.

As you can see redirect is not working well in the log the 404 errors sofar i can read. in /var/log/httpd/domains/charogh.com.log

Do you also see 301 and 200 code there? this log is not here /var/log/httpd/domains/charogh.com.agahi.log so i can't tell

If it was before the shop on https then the subdomain is probably not teh right way on https mabey no SSL cert the right way.

Then also if redirection was to https then now problems ofcourse you can read this also out of the logs


So your client didn't move the right way and/of didn't succeeded for a good valid ssl cert for that subdomain, maybe both i think ( if shop as shops should be was on https before). ( paths and so on) Caches cleared

If you other clients are important then place a simmple index.html in the roots for that faulty client with message working on updating website, ofcourse you have to put then a clean htaccess in that to. ( so your box is then running OK, then looking for that client probs after that)

Always backup and copy save files before doing things!

Better ask in wordpress support forum though howto

If you do a websearch you almost only find it ( guides) the other way arround ( from subdomain move to maindomain), so if they used such guide.....

( D8%A2%D9%85%D9%88%D8%B2%D8%B4-%D8%B3%D8%A7%D8%AE%D8%AA-%D8%B9%D8%B1%D9%88%D8%B3%DA) such things also almost problem with redirection somewhere wrong

Also now the shop seems to run but a lot of great bunch of errors thrown in developer console Firefox, such errors could also takes memory and CPU, looping processec and so on.

[Richard G]

I just had a look at it. The site uses a custom script created by Parniaweb and it looks like it's generating some loop or something else.
The landing page keeps loading without an end to it.

Maybe if you could show us what is in the .htaccess we might see a bit more.

You could also turn off mod_security for testing and see if that helps. Because mod_security is generating internal errors as it is looking at the www instead of the subdomain.

Edit: I see I was writing when ikkeben posted. So you have a lot of options you can check now.

[ikkeben]

They are working on with that shop now look already better.

How is your CPU now?

Please take care of your own Terms and Conditions for your custommers, so you can .....

I hope you post here what the problem was and if solved?

And let them read this!
https://developer.mozilla.org/en-US/...cure_passwords

[mbsmt]

I've put an empty index.htm in both root and sub directory, to test if those heavy processes will be stopped or not. Unfortunately again I saw those processes ...
Redirection is correct and you can check it out at https://httpstatus.io/ for both agahi.charogh.com and charogh.com. Also there was not any active SSL on the root. So SSL redirection is not an issue too.
Also I am the developer of this website and know there is not any issue with codes.
Is there not any way to know which files are in dealing the processes?

[ikkeben]

I've put an empty index.htm in both root and sub directory, to test if those heavy processes will be stopped or not. Unfortunately again I saw those processes ...
Redirection is correct and you can check it out at https://httpstatus.io/ for both agahi.charogh.com and charogh.com. Also there was not any active SSL on the root. So SSL redirection is not an issue too.
Also I am the developer of this website and know there is not any issue with codes.
Is there not any way to know which files are in dealing the processes?

empty index.html in both the root and sub then also with a htaccess everything redirecting to that empty index.html ?
So if someone call ( BOTS) urls crawled before they are redirected to that index and not ...

Please put some simple nice text in this file for customers

If not stopped then do restart / kill and start httpd and or php also, if then stopped you sure there is something wrong with code there, or but should be strange suddenly after moving heavy trafic that wasn't there before. (if yuo had some parts open / not secured at the time from the move)

It could be processes before the move as you see 404 for that rootdomain in logs so redirect to subdomain is not working for everything/urls at the time of created log file

also https://help.directadmin.com/item.php?id=91