Shell Script List All Top IP Address Accessing Apache / Lighttpd Web Server

Author: admin

Dec 14

#!/bin/bash
# Shell Script To List All Top Hitting IP Address to your webserver.
# This may be useful to catch spammers and scrappers.
# ———————————————————————-
# This script is licensed under GNU GPL version 2.0 or above
# ———————————————————————-
# where to store final report?
DEST=/var/www/reports/ips

# domain name
DOM=$1

# log file location
LOGFILE=/var/logs/httpd/$DOM/access.log

# die if no domain name given
[ $# -eq 0 ] && exit 1

# make dir
[ ! -d $DEST ] && mkdir -p $DEST

# ok, go though log file and create report
if [ -f $LOGFILE ]
then
echo “Processing log for $DOM…”
awk ‘{ print $1}’ $LOGFILE | sort | uniq -c | sort -nr > $DEST/$DOM.txt
echo “Report written to $DEST/$DOM.txt”
fi

Read the rest of this entry

  • 6 Comments
  • Filed under: Centos, Cpanel, Directadmin, Linux, shell script, vps

    • Quick check for a ddos via number of connections

    Author: admin

    Aug 1

    A quick and usefull command for checking if a server is under ddos is:

    netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

    That will list the IPs taking the most amount of connections to a server. It is important to remember that the ddos is becoming more sophistcated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.

  • 0 Comments
  • Filed under: Linux