Plesk servers put all of the apache websites in /var/www/vhosts/websitename
Inside of those websitename directories there are directories for the website content (httpdocs) for the configuration files (conf) and for the error logs and access logs (statistics/logs)
So, whereas a "netstat" based check looks only at the CURRENT connections to the server, the following looks at the situation HISTORICALLY.
The following reports IP addresses that have made over 1000 requests today or yesterday.
cd /var/www/vhosts/; awk '{c[$1]++} END {for (i in c) {print c[i] " " i}}' */statistics/logs/access_log{,.processed} |sort -n|egrep [0-9]{4}
That returns counts of the number of hits by the worst offenders.
Who are they? To find out, copy/paste the output of the above command as input into the following command, then hit "control-D".
for i in `awk '{print $2}'`; do echo "------------------ " $i " ---------------------"; whois $i|egrep -i netname\|orgname\|descr; done
No comments:
Post a Comment