TTFB > 20s and can't figure out why Topic is solved

Discussion regarding Joomla! 3.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Wed Mar 30, 2022 11:34 am

TTFB > 20s and can't figure out why

Post by tz21 » Wed Mar 30, 2022 11:47 am

Hello everyone,

One of the websites we're hosting has been acting up since yesterday (it was working fine 2 days ago). Issue seems that the TTFB is over 20s consistently all in all taking well over 24s to load.

Now I've scoured through many posts dealing with this issue and haven't found anything yet that has worked for me (disabling plugins,...)

I of course came prepared with some FPA (as I learned from the posts I read before making my own)
Forum Post Assistant (v1.6.5) : 30-Mar-2022 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.9.28-Stable (Amani) 6-July-2021
More than one instance of version.php found!
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Writable (644) |
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: false | .htaccess/web.config: Yes | GZip: false | Cache: true | CacheTime: 60 | CacheHandler: file | CachePlatformPrefix: false | FTP Layer: false | Proxy: false | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: N/A | SSL: 0 | Error Reporting: default | Site Debug: false | Language Debug: false | Default Access: Public | Unicode Slugs: false | dbConnection Type: mysqli | PHP Supports J! 3.9.28: Yes | Database Supports J! 3.9.28: Yes | Database Credentials Present: Yes |

Host Configuration :: OS: Linux | OS Version: 4.9.0-11-amd64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate, br | System TMP Writable: Yes | Free Disk Space : 279.71 GiB |

PHP Configuration :: Version: 7.3.33 | PHP API: fpm-fcgi | Session Path Writable: No | Display Errors: 0 | Error Reporting: 22519 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Allow url fopen: 1 | Open Base: /var/www/vhosts/ | Uploads: 1 | Max. Upload Size: 1000M | Max. POST Size: 1000M | Max. Input Time: -1 | Max. Execution Time: 0 | Memory Limit: 1000M

Database Configuration :: Version: 5.5.5-10.1.41-MariaDB-0+deb9u1 (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $) | Database Size: 21.34 MiB | #of Tables with config prefix: 129 | #of other Tables: 0 | User Privileges : GRANT ALL
Detailed Environment :: wrote:PHP Extensions :: Core (7.3.33) | date (7.3.33) | libxml (7.3.33) | openssl (7.3.33) | pcre (7.3.33) | zlib (7.3.33) | bz2 (7.3.33) | calendar (7.3.33) | ctype (7.3.33) | hash (7.3.33) | filter (7.3.33) | ftp (7.3.33) | gettext (7.3.33) | gmp (7.3.33) | SPL (7.3.33) | iconv (7.3.33) | Reflection (7.3.33) | session (7.3.33) | standard (7.3.33) | SimpleXML (7.3.33) | sockets (7.3.33) | mbstring (7.3.33) | tokenizer (7.3.33) | xml (7.3.33) | cgi-fcgi () | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: 7cc7cc96e675f6d72e5cf0f267f48e167c2abb23 $) | bcmath (7.3.33) | curl (7.3.33) | dba (7.3.33) | dom (20031129) | enchant (7.3.33) | fileinfo (7.3.33) | gd (7.3.33) | imagick (3.6.0) | imap (7.3.33) | intl (7.3.33) | json (1.7.0) | ldap (7.3.33) | exif (7.3.33) | mysqli (7.3.33) | odbc (7.3.33) | PDO (7.3.33) | pdo_mysql (7.3.33) | PDO_ODBC (7.3.33) | pdo_pgsql (7.3.33) | pdo_sqlite (7.3.33) | pgsql (7.3.33) | Phar (7.3.33) | posix (7.3.33) | pspell (7.3.33) | redis (5.3.4) | soap (7.3.33) | sodium (7.3.33) | sqlite3 (7.3.33) | sysvmsg (7.3.33) | sysvsem (7.3.33) | sysvshm (7.3.33) | tidy (7.3.33) | xmlreader (7.3.33) | xmlrpc (7.3.33) | xmlwriter (7.3.33) | xsl (7.3.33) | zip (1.15.4) | ionCube Loader (10.4.5) | Zend OPcache (7.3.33) | Zend Engine (3.3.33) |
Potential Missing Extensions ::
Disabled Functions :: opcache_get_status |

Switch User Environment :: PHP CGI: No | Server SU: No | PHP SU: No | Potential Ownership Issues: Maybe
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (755) |

Elevated Permissions (First 10) ::
Database Information :: wrote:Database statistics :: Uptime: 67133329 | Threads: 2 | Questions: 288741762 | Slow queries: 4 | Opens: 2331594 | Flush tables: 1 | Open tables: 2000 | Queries per second avg: 4.301 |
Extensions Discovered :: wrote:Components :: Site ::
Core :: com_wrapper (3.0.0) 1 | com_mailto (3.0.0) 1 |
3rd Party::

Components :: Admin ::
Core :: com_config (3.0.0) 1 | com_content (3.0.0) 1 | com_admin (3.0.0) 1 | com_media (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_templates (3.0.0) 1 | com_newsfeeds (3.0.0) 1 | com_contenthistory (3.2.0) 1 | com_installer (3.0.0) 1 | com_fields (3.7.0) ? | com_redirect (3.0.0) 1 | com_categories (3.0.0) 1 | com_postinstall (3.2.0) 1 | com_privacy (3.9.0) ? | com_weblinks (3.5.0) 1 | com_messages (3.0.0) 1 | com_checkin (3.0.0) 1 | com_modules (3.0.0) 1 | com_cache (3.0.0) 1 | com_ajax (3.2.0) 1 | com_tags (3.1.0) 1 | com_languages (3.0.0) 1 | com_associations (3.7.0) ? | com_cpanel (3.0.0) 1 | com_plugins (3.0.0) 1 | com_search (3.0.0) 1 | com_config (3.0.0) 1 | com_menus (3.0.0) 1 | com_users (3.0.0) 1 | com_login (3.0.0) 1 | com_banners (3.0.0) 1 | com_actionlogs (3.9.0) ? | com_finder (3.0.0) 1 |
3rd Party:: Content - dropfiles (5.0.0_light) 0 | Editors-xtd - Dropfiles (5.0.0_light) 1 | System - Dropfiles (5.0.0_light) 1 | K2 - dropfiles (5.0.0_light) 1 | plg_jce_links_dropfiles (2.6.0) 1 | Dropfiles (5.0.0_light) 1 | RokSprocket (2.1.17) 1 | RokGallery (2.42) 1 | DropEditor (2.5.8) 1 | Editor - DropEditor (2.5.8) 1 | System - Dropeditor (2.5.8) 1 | Droppics (3.1.0_light) 1 | Content - droppics (3.1.0_light) 0 | Editors-xtd - Droppics (3.1.0_light) 1 | Content - dropfiles (5.0.0_light) 0 | Editors-xtd - Dropfiles (5.0.0_light) 1 | System - Dropfiles (5.0.0_light) 1 | K2 - dropfiles (5.0.0_light) 1 | plg_jce_links_dropfiles (2.6.0) 1 | Dropfiles (5.0.0_light) 1 | Joomunited updater (1.0.0) 1 | Content - Dropeditor (2.5.8) 0 | Droppics (3.1.0_light) 1 | Content - droppics (3.1.0_light) 0 | Editors-xtd - Droppics (3.1.0_light) 1 | RokCandy (2.0.2) 1 | com_osmeta (1.4.11) 0 | GSD (3.0.2) 1 | Admintools (5.1.4) 1 | Gantry (4.1.32) 1 | Akeeba (6.2.1) 1 |

Modules :: Site ::
Core :: mod_breadcrumbs (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_languages (3.5.0) 1 | mod_syndicate (3.0.0) 1 | mod_login (3.0.0) 1 | mod_weblinks (3.5.0) 1 | mod_tags_similar (3.1.0) 1 | mod_search (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_wrapper (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_footer (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_articles_archive (3.0.0) 1 | mod_users_latest (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_finder (3.0.0) 1 | mod_feed (3.0.0) 1 |
3rd Party:: RokNavMenu (2.0.8) 1 | RokSprocket Module (2.1.17) 1 | Awesome Social Links Sidebar (1.0.0) 1 | RokMiniEvents3 (3.0.2) 1 | RokAjaxSearch (2.0.4) 1 | RokGallery Module (2.42) 1 |

Modules :: Admin ::
Core :: mod_status (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_logged (3.0.0) 1 | mod_login (3.0.0) 1 | mod_toolbar (3.0.0) 1 | mod_latestactions (3.9.0) ? | mod_submenu (3.0.0) 1 | mod_version (3.0.0) 1 | mod_privacy_dashboard (3.9.0) ? | mod_popular (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_sampledata (3.8.0) ? | mod_title (3.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_latest (3.0.0) 1 |
3rd Party::

Libraries ::
Core ::
3rd Party:: FOF30 (3.3.6) 1 | mAvik Thumb (1.2.2) 1 | Gantry (4.1.29) 1 | RokCommon (3.2.0) 1 |

Plugins ::
Core :: plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_fields (3.7.0) ? | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_menu (3.7.0) ? | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_fields_radio (3.7.0) ? | plg_fields_textarea (3.7.0) ? | plg_fields_editor (3.7.0) ? | plg_fields_url (3.7.0) ? | plg_fields_list (3.7.0) ? | plg_fields_sql (3.7.0) ? | plg_fields_color (3.7.0) ? | plg_fields_user (3.7.0) ? | plg_fields_text (3.7.0) ? | plg_fields_checkboxes (3.7.0) ? | plg_fields_usergrouplist (3.7.0) ? | plg_fields_integer (3.7.0) ? | plg_fields_imagelist (3.7.0) ? | plg_fields_repeatable (3.9.0) ? | plg_fields_calendar (3.7.0) ? | plg_fields_media (3.7.0) ? | plg_finder_weblinks (3.5.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_categories (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_authentication_ldap (3.0.0) 0 | plg_authentication_joomla (3.0.0) 1 | plg_authentication_gmail (3.0.0) 0 | plg_authentication_cookie (3.0.0) 1 | plg_privacy_user (3.9.0) ? | plg_privacy_consents (3.9.0) ? | plg_privacy_content (3.9.0) ? | plg_privacy_actionlogs (3.9.0) ? | plg_privacy_message (3.9.0) ? | plg_twofactorauth_yubikey (3.2.0) 0 | plg_twofactorauth_totp (3.2.0) 0 | plg_user_joomla (3.0.0) 1 | plg_user_terms (3.9.0) ? | plg_user_profile (3.0.0) 0 | plg_user_contactcreator (3.0.0) 0 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_privacycheck (3.9.0) ? | plg_quickicon_phpversioncheck (3.7.0) ? | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_search_weblinks (3.5.0) 1 | plg_search_contacts (3.0.0) 1 | plg_search_tags (3.0.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_search_categories (3.0.0) 1 | plg_search_content (3.0.0) 1 | plg_content_pagebreak (3.0.0) 1 | plg_content_fields (3.7.0) ? | plg_content_joomla (3.0.0) 1 | plg_content_finder (3.0.0) 0 | plg_content_emailcloak (3.0.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_vote (3.0.0) 0 | plg_content_confirmconsent (3.9.0) ? | plg_extension_joomla (3.0.0) 1 | plg_installer_webinstaller (1.1.1) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | PLG_ACTIONLOG_JOOMLA (3.9.0) ? | plg_captcha_recaptcha_invisible (3.8) ? | plg_captcha_recaptcha (3.4.0) 0 | plg_system_remember (3.0.0) 1 | plg_system_log (3.0.0) 1 | plg_system_fields (3.7.0) ? | plg_system_sessiongc (3.8.6) ? | plg_system_highlight (3.0.0) 1 | plg_system_redirect (3.0.0) 1 | plg_system_languagefilter (3.0.0) 0 | plg_system_stats (3.5.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_p3p (3.0.0) 1 | plg_system_languagecode (3.0.0) 0 | plg_system_privacyconsent (3.9.0) ? | plg_system_logout (3.0.0) 1 | plg_system_cache (3.0.0) 1 | plg_system_updatenotification (3.5.0) 1 | plg_system_debug (3.0.0) 1 | plg_system_logrotation (3.9.0) ? | PLG_SYSTEM_ACTIONLOGS (3.9.0) ? |
3rd Party:: PLG_GSD_CONTENT (1.0) 1 | Button - RokGallery (2.42) 1 | Editors-xtd - Dropfiles (5.0.0_light) 1 | Editors-xtd - Droppics (3.1.0_light) 1 | Button - RokBox (2.0.13) 1 | Button - RokCandy (2.0.2) 1 | plg_jce_links_dropfiles (2.6.0) 1 | Editor - DropEditor (2.5.8) 1 | Editor - RokPad (2.1.9) 1 | plg_editors_codemirror (5.18.0) 1 | plg_editors_tinymce (4.4.3) 1 | plg_quickicon_akeebabackup (1.0) 1 | Content - Dropeditor (2.5.8) 0 | Content - dropfiles (5.0.0_light) 0 | Content - droppics (3.1.0_light) 0 | plg_mavikthumbnails (2.3.3) 0 | Content - OSMeta Content (1.4.11) 0 | Content - RokBox (2.0.13) 1 | Content - RokInjectModule (1.7) 1 | Joomunited updater (1.0.0) 1 | K2 - dropfiles (5.0.0_light) 1 | PLG_SYSTEM_AKEEBAACTIONLOG (1.0) ? | System - Dropeditor (2.5.8) 1 | plg_system_ossystem (1.3.1) 1 | System - Admin Tools Joomla! Update (1.0) ? | plg_system_gsd (3.0.2) 1 | System - Dropfiles (5.0.0_light) 1 | PLG_SYSTEM_AKEEBAUPDATECHECK_TITLE (1.1) 0 | System - OSMeta Renderer (1.4.11) 0 | System - RokGallery (2.42) 1 | PLG_SYSTEM_GOGOCOOKIECONSENT (3.0.2) 0 | plg_system_nrframework (2.4.1) 1 | System - Google Analytics (4.6.1) 0 | PLG_SYSTEM_BACKUPONUPDATE_TITLE (3.7) 0 | System - RokBox (2.0.13) 1 | Google Tag Manager (1.0.2) 1 | System - RokExtender (2.0.0) 1 | System - Gantry (4.1.32) 1 | System - RokBooster (1.1.16) 0 | System - RokSprocket (2.1.17) 1 | System - RokCommon (3.2.4) 1 | System - Admin Tools (5.1.4) 1 | System - RokCandy (2.0.2) 1 |
Templates Discovered :: wrote:Templates :: Site :: rt_fresco_responsive (1.7) 1 | protostar (1.0) 1 | beez3 (3.1.0) 1 |
Templates :: Admin :: hathor (3.0.0) 1 | isis (1.0) 1 |
Hope someone finds a simply stupidity and I can fix it.

Last edited by toivo on Mon Apr 04, 2022 7:06 am, edited 2 times in total.
Reason: mod note: moved from 3.x Performance

Joomla! Champion
Joomla! Champion
Posts: 6056
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK

Re: TTFB > 20s and can't figure out why

Post by gws » Wed Mar 30, 2022 11:56 am

Apart from joomla and your php being in need of an update.... session path writable = no needs to be yes,speak to your host to fix this.
More than one instance of version.php found! speak to your host about this.
Open Base: /var/www/vhosts/ , usually this should be empty?

User avatar
Joomla! Master
Joomla! Master
Posts: 17516
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: TTFB > 20s and can't figure out why

Post by toivo » Wed Mar 30, 2022 12:09 pm

Welcome to the Joomla forum!

A few items stand out in the FPA results:
More than one instance of version.php found!
PHP Configuration :: Version: 7.3.33
Session Path Writable: No
Potential Ownership Issues: Maybe
The session path needs to be writable. Currently the session handler is 'database' but you should try 'PHP', set in Global Configuration - System - Session Settings.
Toivo Talikka, Global Moderator

Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Wed Mar 30, 2022 11:34 am

Re: TTFB > 20s and can't figure out why

Post by tz21 » Wed Mar 30, 2022 12:16 pm

As I am (or my company) my own host for the most part, where do I fix the version.php ... it's inside the joomla website folder or elsewhere?

I have changed the session_handler to PHP as suggested.

I can't seem to find "/var/www/vhosts/" mainly because there is no ":" directory or folder...

Thanks already for the help!

Joomla! Champion
Joomla! Champion
Posts: 6056
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK

Re: TTFB > 20s and can't figure out why

Post by gws » Wed Mar 30, 2022 12:36 pm

You change the php version in your server's Control Panel not joomla's.
open base is found in the relevant php versions configuration on your server.

Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Wed Mar 30, 2022 11:34 am

Re: TTFB > 20s and can't figure out why

Post by tz21 » Wed Mar 30, 2022 12:40 pm

What's weird to me is that all these things are 100% that way for months now, but the response time when loading the site ( only started being bad yesterday...

User avatar
Joomla! Master
Joomla! Master
Posts: 17516
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: TTFB > 20s and can't figure out why

Post by toivo » Wed Mar 30, 2022 1:02 pm

The website is indeed sluggish. How many visitors does it usually have?

Have a look at the access logs of the web server and check if the site is under Distributed Denial of Service (DDoS) or some other form of attack.
Toivo Talikka, Global Moderator

User avatar
Joomla! Master
Joomla! Master
Posts: 12809
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK

Re: TTFB > 20s and can't figure out why

Post by brian » Wed Mar 30, 2022 1:16 pm

Look at the size of the images - they are massively over sized
You do not have the required permissions to view the files attached to this post.
"Exploited yesterday... Hacked tomorrow"
Joomla Hidden Secrets

Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Wed Mar 30, 2022 11:34 am

Re: TTFB > 20s and can't figure out why

Post by tz21 » Thu Mar 31, 2022 7:36 am

Not many visitors usually, we only just recently sent out a mass email with a link leading to it, so visitor numbers will definitely have increased a lot. Other websites on the server using joomla are sluggish aswell even tho I only reenabled them today (they were archived) just to check. Other sites on the server not using joomla are working fine... so DDoS is unlikely.

I'm at my wits end to be honest...

Joomla! Hero
Joomla! Hero
Posts: 2990
Joined: Fri Jul 05, 2013 10:35 am
Location: Parts Unknown

Re: TTFB > 20s and can't figure out why

Post by SharkyKZ » Thu Mar 31, 2022 8:07 am

Enable Joomla debug and check profiling information.

User avatar
Joomla! Ace
Joomla! Ace
Posts: 1118
Joined: Sat Aug 13, 2011 6:27 am

Re: TTFB > 20s and can't figure out why

Post by Slackervaara » Thu Mar 31, 2022 5:12 pm

My site was slowed down by bad bots. If you have CPanel by your host you can see in Awstats bot traffic and consumption. My site got fast when I banned most important bad bots in htaccess and bandwidth decreased with 75 %. Faults decreased from up to 2000 a day to nil. CPU and memory consumption decreased considerable 80-90 % There is an extension Stop Bad Bots, which might be simplest way. Bots can disturb in many ways first traffic, but also by creating cachefiles and errors like bad links. If you on CloudLinux that I had I got a lot of resource limits due to bots.

Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Wed Mar 30, 2022 11:34 am

Re: TTFB > 20s and can't figure out why

Post by tz21 » Mon Apr 04, 2022 6:02 am

It was something similar to what Slackervaara mentioned.

We had some malicious looking code in include/framework.php which seems to have called some other website. Said website however has been taken down recently and thus our website had to "wait" for that to timeout and only then started loading. At least that's what the technician that found the code said.

Hope it helps someone... Thanks everyone for the help and ideas!

User avatar
Joomla! Master
Joomla! Master
Posts: 17516
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: TTFB > 20s and can't figure out why

Post by toivo » Mon Apr 04, 2022 7:24 am

tz21 wrote: Mon Apr 04, 2022 6:02 amWe had some malicious looking code in include/framework.php which seems to have called some other website.
Thank you for the update. This topic has now been moved to the Security in Joomla! 3.x forum, where the sticky topics explain how to clean a compromised website and follow best security practice.

In addition to keeping Joomla uptodate, it is important to maintain third party extensions, too. Even if your host found a hacked file, it is possible that file is not the only one that got hacked. The key question still remains - which vulnerability allowed the file to get compromised? Therefore it would be good to audit the website through an online service, for example, where the first audit is free.
Toivo Talikka, Global Moderator


Return to “Security in Joomla! 3.x”