Question about request times

  • Resolved Scamaz

    (@scamazdid911)


    9 years, 4 months ago

    Seeing slowest request times of 45-65 seconds on 2 different sites.

    What all is included in the statistics response times?

    Nothing really stands out in the firewall logs. Mainly AREFS bot scanners. Is this just including things like file scans/malware scans?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet

    (@nintechnet)

    9 years, 4 months ago

    Hi,

    You would need to download the current month log over FTP (/wp-content/nfwlog/firewall_2017-01.php), to open it with any text editor and check the 2nd column which shows the time in seconds.
    For instance:
    [1484332161] [0.03564] [example.com] [#8846915] [300].....
    It means that the request leading to incident ID #8846915 took 0.03564 seconds.

    Then, paste here the requests that took 45-65 seconds.
    A request should only take a fraction of a second, just like in the above example.

    • This reply was modified 9 years, 4 months ago by nintechnet.
    Thread Starter Scamaz

    (@scamazdid911)

    9 years, 4 months ago

    couldn’t find the ones that took 45-65, but here are some that took 5+

    [1484125131] [15.66745] [example.com] [#2581689] [2] [3] [54.243.185.88] [403] [GET] [/index.php] [ASCII character 0x00 (NULL byte)] [hex:4745543a73203d2066696c653a2f2f2f626f6f742e696e692e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e2e]

    [1484125132] [15.7569] [example.com] [#7356792] [2] [3] [54.243.185.88] [403] [GET] [/index.php] [ASCII character 0x00 (NULL byte)] [hex:4745543a73203d2066696c653a2f2f2f77696e646f77732f77696e2e696e692530302e]

    [1484125134] [8.46738] [example.com] [#6654796] [2] [3] [54.243.185.88] [403] [POST] [/index.php] [ASCII character 0x00 (NULL byte)] [hex:504f53543a5f6d633477705f666f726d5f656c656d656e745f6964203d202f70726f632f73656c662f656e7669726f6e2530302e]

    [1484122066] [5.28725] [example.com] [#0000000] [0] [6] [54.243.185.88] [200] [GET] [/index.php] [Sanitising user input] [hex:485454505f524546455245523a2068747470733a2f2f7777772e676176696e732e73747265616d2f77702d636f6e74656e742f63616368652f6175746f7074696d697a652f6a732f272b612b27]

    [1484122124] [29.77354] [example.com] [#3701958] [300] [2] [54.243.185.88] [403] [GET] [/index.php] [Leading quote] [hex:4745543a73203d20273b74696e666f696c5f7873735f696e5f656c656d656e745f6174747269627574653d376463643566663936623830663162623236333038346563623031653736393634383436313366642f2f31]

    Ah also realized that this traffic seems to be from a Tinfoil Security Scan I performed to do some load testing.

    • This reply was modified 9 years, 4 months ago by Scamaz.
    Plugin Author nintechnet

    (@nintechnet)

    9 years, 4 months ago

    Yes, that IP is a security scan service. It looks like your server was overloaded by the scan.

    Thread Starter Scamaz

    (@scamazdid911)

    9 years, 4 months ago

    Thanks again for the quick responses! Closing this.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Question about request times’ is closed to new replies.