Results 1 to 5 of 5
  1. #1
    Join Date
    Sep 2002
    Location
    Illinois
    Posts
    2,307

    URGENT: Atack on my server, how to get ip addresses?

    Hi guys

    Hour ago someone was sending too many request to busy website from 3 different location.

    Apache clients reached the limit and my server had load 17.45 on Dual Xeons (1 GIG of RAM).

    I found ip addresses from access logs and banned them. I also use APF antidos.

    I was wondering if there is any command that would parse the log file and give me ip addresses that where accesing too much.

    And what does APF antidos system do?

    Appreciate your help.
    How's my programming? Call 1-800-DEV-NULL

  2. #2
    Join Date
    Jul 2001
    Posts
    889
    cat <log_file> |awk '{print $<XX> }'|sort > iplist.txt

    where <XX> is the column that IP is in and <log_file> is the log file name

  3. #3
    Join Date
    Jul 2001
    Posts
    889
    oh, you can pipe it thru "uniq -c" to just get unique lines and a count of the # of times each line appears

  4. #4
    Join Date
    Sep 2002
    Location
    Illinois
    Posts
    2,307
    Big thanks to thelinuxguy from Rack911.com for helping to install Apache mod_dosevasive which prevents these kind of floods.

    null
    How's my programming? Call 1-800-DEV-NULL

  5. #5
    Join Date
    Apr 2001
    Posts
    1,045
    Nice mod for apache, gonna have to give that a try
    » ReliableServers.com
    » Dedicated Servers | Colocation | VPS
    » 973-849-0535

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •