Block wp-login and xmlrpc brute force attacks with CSF / DirectAdmin

[Kyo]

This is what I am meaning , maybe the OP thinks that the cores are dedicated and assumes that he can host many (heavy) sites but that is not true here .
As said if this an Contabo box dont expect high performance with 500+ sites on one single VPS.

actually, i don't want to host more sites on this system or i can upgrade VPS to VDS and later dedicated i just want to understand how many normal sites i can host with the best optimization once i have understood that my server is cannot more optimized or its in the best optimization then i will upgrade on number of sites if increase you guys are excellent and helpful thank you very much please suggest me how much i can host on this server with the best optimization and share some tips for optimization i will be really thankful to you

 

[Zhenyapan]

install opcache for all PHP versions (hope all websites compatible with it)
then with mysqltuner try to optimize mysql.
also check is there "expires" headers for static files, you can add it to custom template or set globally at least 1m (month)
if you have php-fpm - check is there enough childs/workers
check vm.swappiness - if it =60 - change to 10.

 

[BillyS]

While the amount of information in this link might seem overwhelming, it doesn't take very long to go through and depending on your operating system, some of these settings already exist. I think it took me like 2 hours to run through all these sections.

Optimization and Tuning

mariadb.com

 

[Kyo]

While the amount of information in this link might seem overwhelming, it doesn't take very long to go through and depending on your operating system, some of these settings already exist. I think it took me like 2 hours to run through all these sections.

Optimization and Tuning

mariadb.com

install opcache for all PHP versions (hope all websites compatible with it)
then with mysqltuner try to optimize mysql.
also check is there "expires" headers for static files, you can add it to custom template or set globally at least 1m (month)
if you have php-fpm - check is there enough childs/workers
check vm.swappiness - if it =60 - change to 10.

Thank You Guys its very useful information that you guys sharing with me, i am using Cloudlinux on CentOS

my php mode is lsphp its work better with CL vm.swappiness already 10
can you share link best practice with opcache


here is mysqltuner.pl result

Reduce or eliminate persistent connections to reduce connection usage Configure your accounts with ip or subnets only, then update your configuration with skip-name-resolve=1 We will suggest raising the 'join_buffer_size' until JOINs not using indexes are found. See https://dev.mysql.com/doc/internals/en/join-buffer-size.html (specially the conclusions at the bottom of the page). When making adjustments, make tmp_table_size/max_heap_table_size equal Reduce your SELECT DISTINCT queries which have no LIMIT clause Before changing innodb_log_file_size and/or innodb_log_files_in_group read this: https://bit.ly/2TcGgtU Variables to adjust: max_connections (> 151) wait_timeout (< 28800) interactive_timeout (< 28800) skip-name-resolve=1 join_buffer_size (> 256.0K, or always use indexes with JOINs) tmp_table_size (> 16M) max_heap_table_size (> 16M) table_definition_cache(1400) > 22904 or -1 (autosizing if supported) key_buffer_size (~ 4M) innodb_buffer_pool_size (>= 7.2G) if possible. innodb_log_file_size should be (=16M) if possible, so InnoDB total log files size equals 25% of buffer pool size.

this is my current my.cnf file result

[username@eu ~]# cat /etc/my.cnf [mysqld] max_allowed_packet = 64M local-infile = 0 innodb_file_per_table sql_mode= STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION [username@eu ~]#

as i can see mysqltunner suggesting me lot of things i am not sure where are these settings available if all settings present in /etc/my.cnf then i must replace as its suggested, can you please check all these settings and suggest me where i have to past or replace these settings

there is no file in /etc/my.cnf.d/ directory empty

Thank you

 

[BillyS]

Depends on how big the database is at this point. I have a much smaller machine, with only 8 Gigs of memory and these are my settings:

max_allowed_packet=48M
local-infile=0
innodb_file_per_table

bind-address = 127.0.0.1
skip-name-resolve
max_connections=95
Because of my memory, I have lowered this from the default of 150 to prevent swapping. You can keep yours at 150 and monitor the max number of connections to see if you need to increase this beyond 150.

These two variables go together... the log file size should be 25% of the buffer pool. With a machine your size, the buffer pool should be much larger (at least 4x) than mine, which would mean the log file would be 4x larger.

innodb_buffer_pool_size=1024M
innodb_log_file_size=256M

key_buffer_size=8M
table_open_cache=4000
table_definition_cache=4000
open_files_limit=6000
max_heap_table_size=48M
tmp_table_size=48M
sort_buffer_size=4M
join_buffer_size=4M
innodb_log_file_size=256M
innodb_flush_log_at_trx_commit=0
innodb_flush_method=O_DIRECT

 

[Zhenyapan]

if there is no file in /etc/my.cnf.d/ directory empty - but there is /etc/my.cnf - use it.
max_connections=200
wait_timeout=60
interactive_timeout=60
skip-name-resolve=1
tmp_table_size=256M
max_heap_table_size=256M
table_definition_cache=25000
key_buffer_size=8M
innodb_buffer_pool_size=6G
----
to change innodb_log_file_size - you must stop mysql from DA panel, rename old log-files, put new value like:
innodb_log_file_size=256M
to my.cnf - then start mysql from panel. If you will stop it from ssh - DA will start it via cron while you will modify confs and all can crash.
---
it's my own recommendation, you need to configure/check/configure/check till monitoring will show better values

 

[Kyo]

max_connections=200
wait_timeout=60
interactive_timeout=60
skip-name-resolve=1
tmp_table_size=256M
max_heap_table_size=256M
table_definition_cache=25000
key_buffer_size=8M
innodb_buffer_pool_size=6G

simple copy past these value in /etc/my.cnf ?

innodb_log_file_size=256M

where i can change these value in DA

thanks

 

[Zhenyapan]

not in DA - it's must be added to my.cnf:
1. stop mysql from DA
2. add/modify all values
3. rename old log(s)
4. start mysql from DA
------
when I say logs - I mean
/var/lib/mysql/ib_logfile0
and
/var/lib/mysql/ib_logfile1
depend on your mysql version/os/configuration - there can be only one log, also it may have another name.
list your /var/lib/mysql/ and check files.
----
this log files must be renamed after mysql stopped, because if you change their size - and try to start mysql - it will not able to replace logs (old versions, new maybe can - I forot, better to rename them). If mysql normally start - you will see new logs with new size, then you can remove old logs.

 

[Zhenyapan]

also you can add:
innodb_flush_log_at_trx_commit=0
innodb_flush_method=O_DIRECT
like @BillyS advice

 

[johannes]

As you wrote lsphp, that means you have litespeed. This together with OpCache and SSD/NVMe is good for speed. If you wanna cache whats possible, you could add Redis (works together with LS Cache Plugins, for static files - according to your still available free RAM)

 

[Kyo]

not in DA - it's must be added to my.cnf:
1. stop mysql from DA
2. add/modify all values
3. rename old log(s)
4. start mysql from DA
------
when I say logs - I mean
/var/lib/mysql/ib_logfile0
and
/var/lib/mysql/ib_logfile1
depend on your mysql version/os/configuration - there can be only one log, also it may have another name.
list your /var/lib/mysql/ and check files.
----
this log files must be renamed after mysql stopped, because if you change their size - and try to start mysql - it will not able to replace logs (old versions, new maybe can - I forot, better to rename them). If mysql normally start - you will see new logs with new size, then you can remove old logs.

okay let me confirm as it's sensitive issue already host 500+ clients sites


1. i will login DA and stop mysql
2. login server via ssh and nano /etc/my.cnf and past/override all values which i get from mysqltuner
3. mv /var/lib/mysql/lb_logfile(whatever its name)
4. start mysql from DA

is it ?

if i am wrong on pasting or overriding my values please guide me you have my my my.cnf file and all tunner values as well

thank You

 

[Kyo]

As you wrote lsphp, that means you have litespeed. This together with OpCache and SSD/NVMe is good for speed. If you wanna cache whats possible, you could add Redis (works together with LS Cache Plugins, for static files - according to your still available free RAM)

Brother i am using lsphp mode not because litespeed its because Cloudlinux suggest me to use this mode its compatible with cloudlinux version selector i wish i can use openlitespeed but i don't wanna touch my running server if it will get crashed i will get die so please suggest me accordingly i am really thankful to you

 

[johannes]

Brother i am using lsphp mode not because litespeed its because Cloudlinux suggest me to use this mode its compatible with cloudlinux version selector i wish i can use openlitespeed

Cloudlinux and Litespeed are different things. If you were suggested to use lsphp, and if it works, that means that you are already running Litespeed as OS. lsphp is part of Litespeed. So maybe you check again what OS you are running, and maybe you will find its already LS

PHP: What is lsphp?

Our website is currently having problems and produces errors 507 and 508 (Resource Limit is Reached). I checked cPanel and saw that we've reached the number of Entry Processes available to us and w...

stackoverflow.com

 

[Zhenyapan]

okay let me confirm as it's sensitive issue already host 500+ clients sites


1. i will login DA and stop mysql
2. login server via ssh and nano /etc/my.cnf and past/override all values which i get from mysqltuner
3. mv /var/lib/mysql/lb_logfile(whatever its name)
4. start mysql from DA

is it ?

if i am wrong on pasting or overriding my values please guide me you have my my my.cnf file and all tunner values as well

thank You

correct. but first connect via ssh and go to needed dir, then from browser stop mysql - I mean prepare first, to decrease downtime.
or you can leave innodb_log_file_size as it is, it's only makes more rare writes to disk, it helps if disks overloaded on write.

 

[Kyo]

Cloudlinux and Litespeed are different things. If you were suggested to use lsphp, and if it works, that means that you are already running Litespeed as OS. lsphp is part of Litespeed. So maybe you check again what OS you are running, and maybe you will find its already LS

PHP: What is lsphp?

Our website is currently having problems and produces errors 507 and 508 (Resource Limit is Reached). I checked cPanel and saw that we've reached the number of Entry Processes available to us and w...

stackoverflow.com

lsphp is php mode like fpm, i was using fpm mode but Cloudlinux support suggest me to use lsphp for better compatibility with php version selector of cloudlinux

 

[Kyo]

correct. but first connect via ssh and go to needed dir, then from browser stop mysql - I mean prepare first, to decrease downtime.
or you can leave innodb_log_file_size as it is, it's only makes more rare writes to disk, it helps if disks overloaded on write.

okay let me try then i will run again Turner and will past result

i am sharing system notification message for higher load time which was 48+ but regularly its 10 maybe you will get something that make this load higher

 

[Kyo]

correct. but first connect via ssh and go to needed dir, then from browser stop mysql - I mean prepare first, to decrease downtime.
or you can leave innodb_log_file_size as it is, it's only makes more rare writes to disk, it helps if disks overloaded on write.

Sorry still confused should i save this file ?

[mysqld] max_allowed_packet = 64M local-infile = 0 innodb_file_per_table sql_mode= STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION max_connections (> 151) wait_timeout (< 28800) interactive_timeout (< 28800) skip-name-resolve=1 join_buffer_size (> 256.0K, or always use indexes with JOINs) tmp_table_size (> 16M) max_heap_table_size (> 16M) table_definition_cache(1400) > 22926 or -1 (autosizing if supported) key_buffer_size (~ 2M) innodb_buffer_pool_size (>= 7.2G) if possible. innodb_log_file_size should be (=16M) if possible, so InnoDB total log files size equals 25% of buffer pool size.

why i am confused because i thought this is not right format maybe to put values on the top section like local-infile = 0 so wait_timeout = 28800 instead of wait_timeout (<28800)

can you please help me

Thank You

 

[Zhenyapan]

put to my.cnf next:
max_connections=200
wait_timeout=60
interactive_timeout=60
skip-name-resolve=1
tmp_table_size=256M
max_heap_table_size=256M
table_definition_cache=25000
key_buffer_size=8M
innodb_buffer_pool_size=6G

 

[Kyo]

put to my.cnf next:
max_connections=200
wait_timeout=60
interactive_timeout=60
skip-name-resolve=1
tmp_table_size=256M
max_heap_table_size=256M
table_definition_cache=25000
key_buffer_size=8M
innodb_buffer_pool_size=6G

i cant find log file /var/lib/mysql/ in there can you please suggest me

i found in tuner result might help you

[OK] Log file /var/log/mysql.log exists [--] Log file: /var/log/mysql.log (0B) [--] Log file /var/log/mysql.log is empty. Assuming log-rotation. Use --server-log={file} for explicit file

 

[Zhenyapan]

I don't know what is your mysql data-dir.