New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
netstat -nt
I use
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Not much help
@Yakooza Can you give some details of the software your actually using to serve the site? Is it Apache, Nginx, lightspeed? Do you have any panel there? Any details you can provide can help us to better give you some suggestions as not knowing those things leaves us to just system level checks as suggestions.
Cheers!
What about looking at the logs of your web server? You might not get all the IPs if the server is overflown, but some requests might be logged anyhow.
@TheLinuxBug Sure, I have Cpanel/WHM a PHP site running on Apache
@SteveMC What the exact logs are you referring to?
cd /usr/local/apache/domlogs
cat <domain.com> | awk '{print $1}' | sort | uniq -c | sort -n | less
or to place in a file you can review:
cat <domain.com> | awk '{print $1}' | sort | uniq -c | sort -n > file.out
While I shouldn't have to say this, I will to be sure this is clear, <domain.com> is the domain that is being abused whos log file you are checking.
This will show you which IPs are being abusive so you can block them from the server.
Cheers!
@TheLinuxBug That was a great help. Thank you.
But unfortunately, it is mostly showing the website IP address itself.
What can I do about it?
Great minds and all that jazz:
Restore all ip's before you can know how many times it has been accessed, separate which host ip bot search engine / bot flood / whatever ...
https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs-Logging-visitor-IP-addresses-with-mod-cloudflare-
I am not sure why but it is already installed
Still not showing the real IPs. Should I disable Cloudflare do you think?
Wouldn't that leak your origin IP instead
What kind of site is it?
Wp? or some other cms or handcoded?
care to share a few php requests here?
7171 comc 20 0 495788 41596 19616 R 5.0 0.3 0:00.15 php-cgi
@cybertech Yes, I think I will get into a bigger issue by leaking the IP.
Why problem is why Cloudflare is not showing the visitors IPs
Like mentioned above you should provide abit more info on what type of site(cms,...)
If I don't make mistake, Cloudflare populates the "True-Client-IP" header with the IP of client.
https://support.cloudflare.com/hc/en-us/articles/206776727-What-is-True-Client-IP-
Probably it is your own site failing at & repeating a cron job
It is not my own website failing. It is a WHMCS website.