Results 1 to 15 of 15
  1. #1
    Join Date
    Jun 2005
    Location
    Toronto
    Posts
    116

    Users downloading

    hey is there a script/program that will let you see who is downloading off your server and how many connections thier ip opens.......btw i am using webmin is there anything in there that could help me...

  2. #2
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,681
    Login to ssh and use the netstat command.

    There are many different switches to order data you want. see `man netstat`

    Most common will be netstat -an

    -Scott
    Server Management - AdminGeekZ.com
    Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
    WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
    Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com

  3. #3
    Join Date
    Sep 2002
    Location
    Nashville, TN
    Posts
    237
    Also checkout mod_status for Apache

  4. #4
    Join Date
    Dec 2004
    Posts
    350
    you could always try "ftpwho"

  5. #5
    Join Date
    Jun 2005
    Location
    Toronto
    Posts
    116
    wouldnt that only give ftp users.,.......im judging by the name...

  6. #6
    Join Date
    Dec 2004
    Posts
    350
    heh, yea I had mis-read your question

  7. #7
    Join Date
    Jan 2005
    Posts
    2,203
    Is there a way to kill a connection for a certain IP on the netstat output?

  8. #8
    Join Date
    May 2002
    Location
    Moscow
    Posts
    1,602
    you can add to your system firewall (for example APF which is best firewall for Linux system) and in this case you may block ip or range of ip's which annoy you. you also may use apache ip_drop module which deal as firewall but automatically and for short time blocking.
    TK Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR

  9. #9
    Join Date
    Dec 2004
    Posts
    350
    No, not really, you'll need to view your processes and identify which process id is associated to the connection you wish to terminate.

    If you can get the connections process ID you can then run kill -9 <pid>

    APF is not a firewall, but an interface/ruleset generator for Iptables which is installed by default by most distrobutions.
    APF also has a rather large list of Vulnerabilities

  10. #10
    Join Date
    Jun 2003
    Location
    United States of America
    Posts
    1,847
    so maybe something like ip chains but dont lock yourself out from ssh or your screwed
    Computer Steroids - Full service website development solutions since 2001.
    (612)234-2768 - Locally owned and operated in the Minneapolis, Minnesota area.

  11. #11
    Join Date
    May 2002
    Location
    Moscow
    Posts
    1,602
    Originally posted by bitfuzzy
    No, not really, you'll need to view your processes and identify which process id is associated to the connection you wish to terminate.

    If you can get the connections process ID you can then run kill -9 <PID>

    APF is not a firewall, but an interface/ruleset generator for Iptables which is installed by default by most distrobutions.
    APF also has a rather large list of Vulnerabilities
    yes, you are correct. APF is not firewall iself.
    TK Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR

  12. #12
    IF you have command-line access via ssh or console you can see if "lsof" is installed and grep the hostname out of the output and kill it's corresponding PID

    lsof | grep host
    lsof | grep TCP

  13. #13
    Join Date
    Jan 2005
    Posts
    2,203
    Originally posted by quybau-dalvarez
    IF you have command-line access via ssh or console you can see if "lsof" is installed and grep the hostname out of the output and kill it's corresponding PID

    lsof | grep host
    lsof | grep TCP
    Do I have to execute both commands or just one? and then I usee kill -9 PID ?? thanks.

  14. #14
    The Typical output of "lsof" is this:

    apache2 4124 www-data cwd DIR 8,1 4096 112132253 /chroot/apache2

    the second column is usually the proccess id. That's the pid you want to kill.

    for example a host "192.168.2.50" connected to some type of service:
    Code:
    services:/# lsof | grep 192.168.2.50
    servicename      19163   nobody  106u     IPv4    4401875                 TCP services.quybau.net:www->192.168.2.50:58064 (ESTABLISHED)
    services:/# ps aux | grep 19163
    nobody   19163  0.0  0.9 23000 19092 ?       Ss   Jul21   0:00 /bin/servicename
    services:/# kill -9 19163
    would effectivley kill the proccess that 192.168.2.50 is connected too.

    -- Daniel

  15. #15
    Join Date
    Jul 2002
    Location
    Manchester, UK
    Posts
    779
    You can also do "netstat -anp" which gives you the PID for that connection at the end of each line.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •