Every clients log stopped reporting

(Ian Shere) #1

I have had issues getting Matomo to upgrade (SQL time out that I finally fixed today). Since June 6 EVERY client’s log has stopped reporting visits.

Is anyone else seeing this?

(Lukas Winkler) #2


Can you check on your website if the piwik.php requests are being sent correctly (network tab of browser’s developer tools).

Do you see any errors in the php error log?

(Ian Shere) #3

Not really sure what I’m looking for. I did an “Inspect” while viewing the “All websites dashboard”. Switching to the Network tab just shows a bunch of lines of actioned code, but I really have no idea what I’m looking at. The only thing I can see that MAY be “iffy” is there are a number of lines showing a 304 response where everything else is 200 (which I know is good).

I wasn’t sure where to look for the php error log so had my host’s tech look but he couldn’t find one (under the piwik directory anyway).However, he did find these errors in the apache error log:

[Fri Jun 15 19:02:48.175135 2018] [:error] [pid 90917:tid 139629967640320] [client] [client] ModSecurity: Access denied with code 500 (phase 2). Pattern match “(perl|t?ftp|links|elinks|lynx|ncftp|(s|r)(cp|sh)|wget|lwp-(download|request|mirror|rget)|curl|cvs|svn).\\x20((http|https|ftp)\\:/|[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|.[A-Za-z|0-9]\\.[a-zA-Z]{2,4}/|[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)” at REQUEST_URI. [file “/etc/apache2/conf.d/modsec2.liquidweb.conf”] [line “410”] [id “2000307”] [hostname “www.ckdev.info”] [uri “/piwik/piwik.php”] [unique_id “WyRFmF1vKI@GZcsedjuxOAAAAdE”], referer: Lincoln Chamber of Commerce membership list
[Fri Jun 15 23:15:43.819771 2018] [:error] [pid 79232:tid 139629894211328] [client] [client] ModSecurity: Access denied with code 500 (phase 2). Pattern match “(perl|t?ftp|links|elinks|lynx|ncftp|(s|r)(cp|sh)|wget|lwp-(download|request|mirror|rget)|curl|cvs|svn).\\x20((http|https|ftp)\\:/|[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|.[A-Za-z|0-9]\\.[a-zA-Z]{2,4}/|[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)” at REQUEST_URI. [file “/etc/apache2/conf.d/modsec2.liquidweb.conf”] [line “410”] [id “2000307”] [hostname “www.ckdev.info”] [uri “/piwik/piwik.php”] [unique_id “WySA321NwjdSeXZLrj0lgQAAAZg”], referer: https://www.insightstrategies.com/
[Sat Jun 16 05:10:14.989716 2018] [:error] [pid 94084:tid 139630104008448] [client] [client] ModSecurity: Access denied with code 500 (phase 2). Pattern match “(perl|t?ftp|links|elinks|lynx|ncftp|(s|r)(cp|sh)|wget|lwp-(download|request|mirror|rget)|curl|cvs|svn).\\x20((http|https|ftp)\\:/|[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|.[A-Za-z|0-9]\\.[a-zA-Z]{2,4}/|[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)” at REQUEST_URI. [file “/etc/apache2/conf.d/modsec2.liquidweb.conf”] [line “410”] [id “2000307”] [hostname “www.ckdev.info”] [uri “/piwik/piwik.php”] [unique_id “WyTT9k2BP6buZcmsyDjxgAAAAMQ”], referer: Leadership and Managerial Training

(Lukas Winkler) #4


Sorry, I meant on the website you are tracking. There should be one request to the piwik.js file and one to the piwik.php.

This could be a reason for the missing data. mod_security should be disabled as it is possible that it blocks real requests before they get to Matomo.

(Ian Shere) #5

Oh OK. SO I looked at one site - picked at random from the 70-80 I track. I see piwik.js (script) and also piwik.php which shows as:


Interestingly, the type is shown as gif.

All tracking has been working up to this point (I’m running php7.1 - think it’s .1) so I’m reluctant to have mod_security disabled. guess I can try for a few days, but it does provide security for all my sites and Matomo has been operating under it till June 5.

(Lukas Winkler) #6

And this one is not showing up correctly up in Matomo?

If so, you can temporarily enable debugging, which causes Matomo to return a very verbose log on that URL which explains how the request is stored.


(Ian Shere) #7

None of them are. ALL have stopped recording on June 5.

(Fabian Dellwing) #8

So you enabled mod_security for Matomo on June 5th and since June 6th the tracking is not working anymore. I might see there a cohesion?

(Ian Shere) #9

Incorrect. I said that Matomo has been operating under it (that is, mod_security) until it stopped working on June 5th. mod_sec is a standard Apache install and I’ve been usign Matomo for months - when it was still called Piwik.

(Fabian Dellwing) #10

Since when? In every install I know you have to explicitly install it via apt install libapache2-mod-security2. This module is really hard to setup if you have no real control over the parameters (like with Matomo), especially because Matomo sends a lot of URIs (aka suspicious content) via GET parameters.

So I cannot say what exactly changed on the 5th May for you, but I would say you are lucky that it worked before. I read atleast 1 person per month here or on GitHub having problems with Matomo and mod_security.

(Peterbo) #11

mod_security is not within the default bundle (at least in Debain / Ubuntu packages). Once installed it does not even block requests out of the box, because “SecRuleEngine DetectionOnly” is the default setting which has to be changed to “SecRuleEngine On” to load the core rules.

Since you don’t always have full control over the rules, an update can interfere with software (in this case Matomo) at any point in time. Hence “was running before XY” is not a valid argument.

2 Options:

  • Try to set the request to POST:
_paq.push(["setRequestMethod", "POST"]);
  • Disable mod_security, at least for the Matomo Instance

(Ian Shere) #12

Thank you Fabian and Peterbo. I’m having my host look at this right now. Apologies, it was my understanding that mod_sec was a default part of the Apache install. I stand corrected!

(Ian Shere) #13

OK I got my host to stop mod_sec blocking Matomo which they did. However, I still don’t see any visits being recorded.

I want to try your first option Peterbo, but I wasn’t 100% sure where to add that in. I assumed within the tracking code so did this:

I guess I’ll know soon enough!

EDIT Wednesday: Tracking hasn’t recommenced despite changes made.

(Peterbo) #14

Tracking seems to go well - do you have any data in the visitor log?

(Ian Shere) #15

Huh, interestingly, yes I do. The visitor log shows all the visits, it just isn’t being displayed in the dashboard of Matomo. Even more interesting, if I download the report (PDF) I see ZERO visits since June 7 in the “Visits Summary”, yet, in the “Returning Visits” there’s data.

So it would seem something is broken with the main Visit Summary display.

(Fabian Dellwing) #16

Do you use Visit triggered archiving or Cron triggered? You can check that in Settings -> System -> General.

(Ian Shere) #17

Ahhhhhhhhhhhhh - I think you may have hit on the issue Fabian! I do remember going through the settings recently and changing that setting as Matomo is really slow with all the data it’s processing. It was set to No, so I have changed it back to Yes. Thank you!

(Fabian Dellwing) #18

The better option for you would be probably to set it to no and run a cron or scheduled task.


(Ian Shere) #19

Think I will have to. After changing the setting back, I now can’t access the “All websites” dashboard at all. Just keep getting timeouts.

I did actually set up a cron, but, given my issues, I don’t think it’s working.

/usr/local/bin/ea-php56 /home/wwwckde/public_html/piwik - I have it set for 30 minutes.

(Peterbo) #20

So you really kept 3 volunteers occupied for a setting which is clearly described beside the checkbox? “Recommended for larger Matomo installs, you need to setup a cron job to process the reports”