APACHE dDos monitoring - Utility to see in real time through netstat addresses him ip that attaches Apache

From wiki.morphey.org

To see in real time (through the command 'netcat') all you address him ip that is trying an attack (in order of accesses), to create a script antiflood_apache.sh and to insert how much it follows:

 
#!/bin/sh
 
FILELOG=apacheantiflood_tmp.txt
 
rm -f $FILELOG
netstat -anp | grep http | awk {'print $5'} | grep -v "0.0.0.0" | cut -d ":" -f 1-1 > $FILELOG
sort $FILELOG | uniq -c | sort -nr
rm -f $FILELOG

Fact this we make the executable and we perform the command:

 
root@morphey [~]# chmod +x antiflood_apache.sh

This is an example of the result:

 
root@morphey [~]# ./antiflood_apache.sh
      6 83.225.224.*
      1 87.247.234.*
      1 87.22.134.*
      1 87.18.252.*
      1 81.208.106.*
      1 80.16.231.*
      1 80.104.162.*
      1 151.26.123.*

Retrieved from "http://wiki.morphey.org/index.php/APACHE_dDos_monitoring_-_Utility_to_see_in_real_time_through_netstat_addresses_him_ip_that_attaches_Apache"

APACHE dDos monitoring - Utility to see in real time through netstat addresses him ip that attaches Apache

From wiki.morphey.org

Views

Personal tools

Navigation

Search

Toolbox