harith@vps:~$ w
05:59:01 up 8 days, 21:24, 2 users, load average: 0.54, 0.39, 0.18
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 124.217.240.33 Mon12 2days 0.01s 0.01s -bash
harith pts/1 118.101.132.110 05:41 0.00s 0.00s 0.00s w
harith@vps:~$
Count total httpd processes:-
harith@vps:~$ ps -aux | grep -i HTTP | wc -l
130
harith@vps:~$<
Determine the attacking network
netstat -lpn | grep :80 | awk '{print $5}' | sort
if you have more 30 connection from 1 single ip, maybe your server under attack.
block the ip:-
iptables -A INPUT -s <Source IP> -j DROP
0 comments:
Post a Comment