Determinate what a visitor [email protected] is doing in the server

foxmedo

Active Member
Apr 21, 2014
36
0
56
cPanel Access Level
Root Administrator
Dear all,

few days ago i can see many IP is connected to the server

I need to know where this ip is doing to which website they are connecting and what service they are using

Before blocking this ip, i have many clients and i need to be sure before blocking any [email protected]


Code:
1 194.39.78.0
1 194.39.78.1
1 194.39.78.104
1 194.39.78.108
1 194.39.78.109
1 194.39.78.111
1 194.39.78.116
1 194.39.78.118
1 194.39.78.120
1 194.39.78.121
1 194.39.78.13
1 194.39.78.133
1 194.39.78.135
1 194.39.78.138
1 194.39.78.14
1 194.39.78.142
1 194.39.78.143
1 194.39.78.145
1 194.39.78.146
1 194.39.78.150
1 194.39.78.156
1 194.39.78.161
1 194.39.78.162
1 194.39.78.165
1 194.39.78.168
1 194.39.78.169
1 194.39.78.171
1 194.39.78.173
1 194.39.78.174
1 194.39.78.175
1 194.39.78.176
1 194.39.78.181
1 194.39.78.182
1 194.39.78.190
1 194.39.78.192
1 194.39.78.196
1 194.39.78.201
1 194.39.78.203
1 194.39.78.204
1 194.39.78.209
1 194.39.78.210
1 194.39.78.211
1 194.39.78.214
1 194.39.78.22
1 194.39.78.220
1 194.39.78.221
1 194.39.78.230
1 194.39.78.233
1 194.39.78.235
1 194.39.78.241
1 194.39.78.242
1 194.39.78.243
1 194.39.78.248
1 194.39.78.25
1 194.39.78.250
1 194.39.78.254
1 194.39.78.27
1 194.39.78.33
1 194.39.78.36
1 194.39.78.37
1 194.39.78.39
1 194.39.78.40
1 194.39.78.48
1 194.39.78.50
1 194.39.78.52
1 194.39.78.54
1 194.39.78.56
1 194.39.78.57
1 194.39.78.6
1 194.39.78.61
1 194.39.78.66
1 194.39.78.67
1 194.39.78.68
1 194.39.78.69
1 194.39.78.7
1 194.39.78.71
1 194.39.78.72
1 194.39.78.73
1 194.39.78.77
1 194.39.78.79
1 194.39.78.83
1 194.39.78.85
1 194.39.78.86
1 194.39.78.87
1 194.39.78.88
1 194.39.78.94
1 194.39.78.96
1 194.39.78.98
2 194.39.78.102
2 194.39.78.103
2 194.39.78.113
2 194.39.78.122
2 194.39.78.131
2 194.39.78.136
2 194.39.78.144
2 194.39.78.164
2 194.39.78.187
2 194.39.78.19
2 194.39.78.194
2 194.39.78.200
2 194.39.78.215
2 194.39.78.222
2 194.39.78.229
2 194.39.78.23
2 194.39.78.236
2 194.39.78.239
2 194.39.78.252
2 194.39.78.26
2 194.39.78.32
2 194.39.78.4
2 194.39.78.43
2 194.39.78.55
2 194.39.78.58
2 194.39.78.9
2 194.39.78.90
3 194.39.78.126
3 194.39.78.152
3 194.39.78.160
3 194.39.78.172
3 194.39.78.198
3 194.39.78.207
3 194.39.78.62
3 194.39.78.82
3 194.39.78.95
4 194.39.78.2
4 194.39.78.5
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
The i flag in that grep is unnecessary
Code:
       -i, --ignore-case
              Ignore case distinctions in both the PATTERN and the input files.  (-i is specified by POSIX.)

You can look at a few other specific logs to find out what that IP is accessing as well:



Code:
grep -r 194.39.78 /etc/apache2/logs/domlogs/
Code:
grep 194.39.78 /usr/local/cpanel/logs/access_logs
How are you getting the IP output? If you're running a netstat command the port the IP is connecting to is also indicative of the service its using.