Results 1 to 15 of 15
Thread: Users downloading
-
07-20-2005, 09:36 PM #1WHT Addict
- Join Date
- Jun 2005
- Location
- Toronto
- Posts
- 116
Users downloading
hey is there a script/program that will let you see who is downloading off your server and how many connections thier ip opens.......btw i am using webmin is there anything in there that could help me...
-
07-20-2005, 09:56 PM #2Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
Login to ssh and use the netstat command.
There are many different switches to order data you want. see `man netstat`
Most common will be netstat -an
-ScottServer Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com
-
07-20-2005, 10:23 PM #3Junior Guru
- Join Date
- Sep 2002
- Location
- Nashville, TN
- Posts
- 237
Also checkout mod_status for Apache
-
07-21-2005, 12:15 PM #4Aspiring Evangelist
- Join Date
- Dec 2004
- Posts
- 350
you could always try "ftpwho"
-
07-21-2005, 03:48 PM #5WHT Addict
- Join Date
- Jun 2005
- Location
- Toronto
- Posts
- 116
wouldnt that only give ftp users.,.......im judging by the name...
-
07-21-2005, 03:58 PM #6Aspiring Evangelist
- Join Date
- Dec 2004
- Posts
- 350
heh, yea I had mis-read your question
-
07-26-2005, 03:51 AM #7Web Hosting Master
- Join Date
- Jan 2005
- Posts
- 2,203
Is there a way to kill a connection for a certain IP on the netstat output?
-
07-26-2005, 05:39 AM #8Hosting provider
- Join Date
- May 2002
- Location
- Moscow
- Posts
- 1,602
you can add to your system firewall (for example APF which is best firewall for Linux system) and in this case you may block ip or range of ip's which annoy you. you also may use apache ip_drop module which deal as firewall but automatically and for short time blocking.
TK Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR
-
07-26-2005, 09:52 AM #9Aspiring Evangelist
- Join Date
- Dec 2004
- Posts
- 350
No, not really, you'll need to view your processes and identify which process id is associated to the connection you wish to terminate.
If you can get the connections process ID you can then run kill -9 <pid>
APF is not a firewall, but an interface/ruleset generator for Iptables which is installed by default by most distrobutions.
APF also has a rather large list of Vulnerabilities
-
07-26-2005, 10:01 AM #10Web Hosting Master
- Join Date
- Jun 2003
- Location
- United States of America
- Posts
- 1,847
so maybe something like ip chains but dont lock yourself out from ssh or your screwed
Computer Steroids - Full service website development solutions since 2001.
(612)234-2768 - Locally owned and operated in the Minneapolis, Minnesota area.
-
07-26-2005, 10:10 AM #11Hosting provider
- Join Date
- May 2002
- Location
- Moscow
- Posts
- 1,602
Originally posted by bitfuzzy
No, not really, you'll need to view your processes and identify which process id is associated to the connection you wish to terminate.
If you can get the connections process ID you can then run kill -9 <PID>
APF is not a firewall, but an interface/ruleset generator for Iptables which is installed by default by most distrobutions.
APF also has a rather large list of VulnerabilitiesTK Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR
-
07-26-2005, 06:41 PM #12Newbie
- Join Date
- Jul 2005
- Posts
- 5
IF you have command-line access via ssh or console you can see if "lsof" is installed and grep the hostname out of the output and kill it's corresponding PID
lsof | grep host
lsof | grep TCP
-
07-26-2005, 07:15 PM #13Web Hosting Master
- Join Date
- Jan 2005
- Posts
- 2,203
Originally posted by quybau-dalvarez
IF you have command-line access via ssh or console you can see if "lsof" is installed and grep the hostname out of the output and kill it's corresponding PID
lsof | grep host
lsof | grep TCP
-
07-26-2005, 07:45 PM #14Newbie
- Join Date
- Jul 2005
- Posts
- 5
The Typical output of "lsof" is this:
apache2 4124 www-data cwd DIR 8,1 4096 112132253 /chroot/apache2
the second column is usually the proccess id. That's the pid you want to kill.
for example a host "192.168.2.50" connected to some type of service:
Code:services:/# lsof | grep 192.168.2.50 servicename 19163 nobody 106u IPv4 4401875 TCP services.quybau.net:www->192.168.2.50:58064 (ESTABLISHED) services:/# ps aux | grep 19163 nobody 19163 0.0 0.9 23000 19092 ? Ss Jul21 0:00 /bin/servicename services:/# kill -9 19163
-- Daniel
-
07-26-2005, 08:05 PM #15Web Hosting Master
- Join Date
- Jul 2002
- Location
- Manchester, UK
- Posts
- 779
You can also do "netstat -anp" which gives you the PID for that connection at the end of each line.