Every clients log stopped reporting

I have had issues getting Matomo to upgrade (SQL time out that I finally fixed today). Since June 6 EVERY client’s log has stopped reporting visits.

Is anyone else seeing this?


Can you check on your website if the piwik.php requests are being sent correctly (network tab of browser’s developer tools).

Do you see any errors in the php error log?

Not really sure what I’m looking for. I did an “Inspect” while viewing the “All websites dashboard”. Switching to the Network tab just shows a bunch of lines of actioned code, but I really have no idea what I’m looking at. The only thing I can see that MAY be “iffy” is there are a number of lines showing a 304 response where everything else is 200 (which I know is good).

I wasn’t sure where to look for the php error log so had my host’s tech look but he couldn’t find one (under the piwik directory anyway).However, he did find these errors in the apache error log:

[Fri Jun 15 19:02:48.175135 2018] [:error] [pid 90917:tid 139629967640320] [client] [client] ModSecurity: Access denied with code 500 (phase 2). Pattern match “(perl|t?ftp|links|elinks|lynx|ncftp|(s|r)(cp|sh)|wget|lwp-(download|request|mirror|rget)|curl|cvs|svn).\\x20((http|https|ftp)\\:/|[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|.[A-Za-z|0-9]\\.[a-zA-Z]{2,4}/|[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)” at REQUEST_URI. [file “/etc/apache2/conf.d/modsec2.liquidweb.conf”] [line “410”] [id “2000307”] [hostname “www.ckdev.info”] [uri “/piwik/piwik.php”] [unique_id “WyRFmF1vKI@GZcsedjuxOAAAAdE”], referer: Lincoln Chamber of Commerce membership list
[Fri Jun 15 23:15:43.819771 2018] [:error] [pid 79232:tid 139629894211328] [client] [client] ModSecurity: Access denied with code 500 (phase 2). Pattern match “(perl|t?ftp|links|elinks|lynx|ncftp|(s|r)(cp|sh)|wget|lwp-(download|request|mirror|rget)|curl|cvs|svn).\\x20((http|https|ftp)\\:/|[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|.[A-Za-z|0-9]\\.[a-zA-Z]{2,4}/|[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)” at REQUEST_URI. [file “/etc/apache2/conf.d/modsec2.liquidweb.conf”] [line “410”] [id “2000307”] [hostname “www.ckdev.info”] [uri “/piwik/piwik.php”] [unique_id “WySA321NwjdSeXZLrj0lgQAAAZg”], referer: https://www.insightstrategies.com/
[Sat Jun 16 05:10:14.989716 2018] [:error] [pid 94084:tid 139630104008448] [client] [client] ModSecurity: Access denied with code 500 (phase 2). Pattern match “(perl|t?ftp|links|elinks|lynx|ncftp|(s|r)(cp|sh)|wget|lwp-(download|request|mirror|rget)|curl|cvs|svn).\\x20((http|https|ftp)\\:/|[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|.[A-Za-z|0-9]\\.[a-zA-Z]{2,4}/|[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)” at REQUEST_URI. [file “/etc/apache2/conf.d/modsec2.liquidweb.conf”] [line “410”] [id “2000307”] [hostname “www.ckdev.info”] [uri “/piwik/piwik.php”] [unique_id “WyTT9k2BP6buZcmsyDjxgAAAAMQ”], referer: Leadership and Managerial Training


Sorry, I meant on the website you are tracking. There should be one request to the piwik.js file and one to the piwik.php.

This could be a reason for the missing data. mod_security should be disabled as it is possible that it blocks real requests before they get to Matomo.

Oh OK. SO I looked at one site - picked at random from the 70-80 I track. I see piwik.js (script) and also piwik.php which shows as:


Interestingly, the type is shown as gif.

All tracking has been working up to this point (I’m running php7.1 - think it’s .1) so I’m reluctant to have mod_security disabled. guess I can try for a few days, but it does provide security for all my sites and Matomo has been operating under it till June 5.

And this one is not showing up correctly up in Matomo?

If so, you can temporarily enable debugging, which causes Matomo to return a very verbose log on that URL which explains how the request is stored.


None of them are. ALL have stopped recording on June 5.

So you enabled mod_security for Matomo on June 5th and since June 6th the tracking is not working anymore. I might see there a cohesion?

1 Like

Incorrect. I said that Matomo has been operating under it (that is, mod_security) until it stopped working on June 5th. mod_sec is a standard Apache install and I’ve been usign Matomo for months - when it was still called Piwik.

Since when? In every install I know you have to explicitly install it via apt install libapache2-mod-security2. This module is really hard to setup if you have no real control over the parameters (like with Matomo), especially because Matomo sends a lot of URIs (aka suspicious content) via GET parameters.

So I cannot say what exactly changed on the 5th May for you, but I would say you are lucky that it worked before. I read atleast 1 person per month here or on GitHub having problems with Matomo and mod_security.

mod_security is not within the default bundle (at least in Debain / Ubuntu packages). Once installed it does not even block requests out of the box, because “SecRuleEngine DetectionOnly” is the default setting which has to be changed to “SecRuleEngine On” to load the core rules.

Since you don’t always have full control over the rules, an update can interfere with software (in this case Matomo) at any point in time. Hence “was running before XY” is not a valid argument.

2 Options:

  • Try to set the request to POST:
_paq.push(["setRequestMethod", "POST"]);
  • Disable mod_security, at least for the Matomo Instance
1 Like

Thank you Fabian and Peterbo. I’m having my host look at this right now. Apologies, it was my understanding that mod_sec was a default part of the Apache install. I stand corrected!

OK I got my host to stop mod_sec blocking Matomo which they did. However, I still don’t see any visits being recorded.

I want to try your first option Peterbo, but I wasn’t 100% sure where to add that in. I assumed within the tracking code so did this:

I guess I’ll know soon enough!

EDIT Wednesday: Tracking hasn’t recommenced despite changes made.

Tracking seems to go well - do you have any data in the visitor log?

Huh, interestingly, yes I do. The visitor log shows all the visits, it just isn’t being displayed in the dashboard of Matomo. Even more interesting, if I download the report (PDF) I see ZERO visits since June 7 in the “Visits Summary”, yet, in the “Returning Visits” there’s data.

So it would seem something is broken with the main Visit Summary display.

Do you use Visit triggered archiving or Cron triggered? You can check that in Settings -> System -> General.

1 Like

Ahhhhhhhhhhhhh - I think you may have hit on the issue Fabian! I do remember going through the settings recently and changing that setting as Matomo is really slow with all the data it’s processing. It was set to No, so I have changed it back to Yes. Thank you!

The better option for you would be probably to set it to no and run a cron or scheduled task.


Think I will have to. After changing the setting back, I now can’t access the “All websites” dashboard at all. Just keep getting timeouts.

I did actually set up a cron, but, given my issues, I don’t think it’s working.

/usr/local/bin/ea-php56 /home/wwwckde/public_html/piwik - I have it set for 30 minutes.

So you really kept 3 volunteers occupied for a setting which is clearly described beside the checkbox? “Recommended for larger Matomo installs, you need to setup a cron job to process the reports”