Results 1 to 5 of 5
-
04-19-2004, 06:45 PM #1Web Hosting Master
- Join Date
- Sep 2002
- Location
- Illinois
- Posts
- 2,307
URGENT: Atack on my server, how to get ip addresses?
Hi guys
Hour ago someone was sending too many request to busy website from 3 different location.
Apache clients reached the limit and my server had load 17.45 on Dual Xeons (1 GIG of RAM).
I found ip addresses from access logs and banned them. I also use APF antidos.
I was wondering if there is any command that would parse the log file and give me ip addresses that where accesing too much.
And what does APF antidos system do?
Appreciate your help.How's my programming? Call 1-800-DEV-NULL
-
04-19-2004, 08:37 PM #2Web Hosting Master
- Join Date
- Jul 2001
- Posts
- 889
cat <log_file> |awk '{print $<XX> }'|sort > iplist.txt
where <XX> is the column that IP is in and <log_file> is the log file name
-
04-19-2004, 09:03 PM #3Web Hosting Master
- Join Date
- Jul 2001
- Posts
- 889
oh, you can pipe it thru "uniq -c" to just get unique lines and a count of the # of times each line appears
-
04-19-2004, 09:20 PM #4Web Hosting Master
- Join Date
- Sep 2002
- Location
- Illinois
- Posts
- 2,307
Big thanks to thelinuxguy from Rack911.com for helping to install Apache mod_dosevasive which prevents these kind of floods.
nullHow's my programming? Call 1-800-DEV-NULL
-
04-19-2004, 09:25 PM #5Web Hosting Master
- Join Date
- Apr 2001
- Posts
- 1,045
Nice mod for apache, gonna have to give that a try