Find the domain owned by the user:
grep username /etc/userdomains
use the following command after you get the domain name:
less /usr/local/apache/domlogs/domain.com | awk ‘{print $1}’ | sort | uniq -c | sort -n
This will give the ip and number of connections in the descending order. For example:
13832 65.52.110.145
19112 66.249.68.183
208262 157.55.16.55
In the above case we can see too many connections from those ips. This is surely abnormal. Immediately block such ips in the server using csf
csf -d IP
[if not present use iptables].
No comments:
Post a Comment