Find the destination script of an inbound TCP connection on our shared webserver

armin654

Well-Known Member
Feb 12, 2014
45
0
6
cPanel Access Level
Root Administrator
Dear friends.
We have a shared webserver which is being monitored constantly by our ZABBIX agent.
On some hours of day we have unusual TCP traffic on port 80. Lets say we have over 400 connections from IP address of 109.230.67.50 to our webserver.

We can easily block any connection from and to 109.230.67.50 using IPTABLES or CFS but we want to know which of our VIRTUAL HOSTS is receiving this connection or which of our VIRTUAL HOST scripts is making this outgoing connection to that specific IP address.

We are assuming that we have two scenarios. One for INBOUND and one for OUTBOUND

Is there any tool or way to find out exactly what website is receiving the connection or what script on our server is making outgoing connection to that IP?

It is noteworthy it is a CentOS6.5 server and we are using LITESPEED as webserver.

Best Regards