Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

After upgrade from EA3 to EA4 website with SSL is very slow

Discussion in 'EasyApache' started by bipsalam, Oct 12, 2017 at 2:50 AM.

  1. bipsalam

    bipsalam Member

    Joined:
    Thursday
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    I upgraded from easyApache 3 to easyApache 4 and upgrading was smooth without any issues.
    I have four website on my vps server out of them two is using ssl (https). The website with SSL become very very slow and sometime browser is unable to fetch the website. Websites without SSL (https) are loading fine.
    Also I noticed if I access my website with https then it loads very slow and if I access the same website without https then it loads faster. This issues appears right after I upgrade to easyApache-4.
    I have also uninstall "opcache" but still same issues. My https websites are not on WordPress (it is just php with database) so I can't blame any plugins.

    Please suggest.
     
  2. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    907
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Check for errors in the address bar, is the padlock green or shows a warning? any certificate errors?
    Check your log files
    Code:
    grep username /etc/apache2/logs/error_log
     
  3. bipsalam

    bipsalam Member

    Joined:
    Thursday
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    yes the padlock is green and no any warnings.
    I checked the error_log and found this :
    [Thu Oct 12 01:26:33.450697 2017] [:error] [pid 1417:tid 139710197249792] [client 89.144.12.15:50954] File does not exist: /home/*****/public_html/c99.php.suspected
    [Thu Oct 12 01:26:30.076672 2017] [:error] [pid 1197:tid 139710239209216] [client 89.144.12.15:57395] File does not exist: /home/*****/public_html/wso2.php.suspected

    I don't understand what this "c99.php.suspected" is and I do not see any such files in my file manager (cpanel)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  5. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    327
    Likes Received:
    94
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    There are many references to php files being changed to .suspected and also to malicious web shells called c99.php (do a search using your favorite search engine for c99.php.suspected )

    There is also a thread in this forum that alludes to your site (or the server that hosts it) possibly being compromised : .php.suspected

    Remember, the log entries about the 'suspected' files do NOT signify that your server was, or is, compromised.

    Additionally, the log entries probably had nothing to do with the EA3 to EA4 migration, and the log entries may be random calls to your site to see if someone had managed to infect it with a php shell, nor does it necessarily signify that some CMS like Joomla or Wordpress (or any add-ons) are responsible as the compromise vector - it doesn't even follow that your php site was responsible, but I would take every measure to scan, and audit your code base and files and database for any exploitable code and/or any files you are not expecting. Remember that root shells can be triggered from pretty much anywhere and it would be prudent to run a scan with rkhunter, or something similar, on the server.



    If you are in any doubt at all that the server has been compromised, set up a new one and migrate the sites across to it ensuring that each one has been adequately sanitized before the transfer. There is an excellent article in the cPanel documentation that you may like to study : Why can't I clean a hacked machine - cPanel Knowledge Base - cPanel Documentation
     
    #5 rpvw, Oct 12, 2017 at 1:02 PM
    Last edited: Oct 12, 2017 at 3:01 PM
  6. bipsalam

    bipsalam Member

    Joined:
    Thursday
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    @cPanelMichael - Thanks for pointing me to two links.

    I added "SSLUseStapling off" in WHM --> Apache Config.. --> Include Editor. And now SSL's websites are loading fast.
    Please tell me, is it ok to leave it turned "off" for forever. I mean... does it will create any issues with my cert or is it bad for my site visitors. Is there are disadvantage.... Do suggest please.
     
  7. bipsalam

    bipsalam Member

    Joined:
    Thursday
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    ooops! the issues came back. Now I noticed that website become slow randomly at any moment and then after an hour or so it start loading fast. This slow fast/ fast slow is harming my online business. Yesterday my adsense income was $50 where it used to be $100+. I am planning to revert back to easyApache-3

    Also I have noticed that right the moment I restart apache, website loads fast and goes loading fast for two or three continuous hours and then again become slow. The slow loading last for two three hours and then again loads faster. This is weird... Please someone suggest :-( Earlier with easyApache-3 I have never faced such issues.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look.

    Thank you.
     
  9. bipsalam

    bipsalam Member

    Joined:
    Thursday
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    thanks. Ticket created - support request ID: 8946229
     
Loading...

Share This Page