The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Find the destination script of an inbound TCP connection on our shared webserver

Discussion in 'Security' started by armin654, Nov 24, 2014.

  1. armin654

    armin654 Well-Known Member

    Feb 12, 2014
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Dear friends.
    We have a shared webserver which is being monitored constantly by our ZABBIX agent.
    On some hours of day we have unusual TCP traffic on port 80. Lets say we have over 400 connections from IP address of to our webserver.

    We can easily block any connection from and to using IPTABLES or CFS but we want to know which of our VIRTUAL HOSTS is receiving this connection or which of our VIRTUAL HOST scripts is making this outgoing connection to that specific IP address.

    We are assuming that we have two scenarios. One for INBOUND and one for OUTBOUND

    Is there any tool or way to find out exactly what website is receiving the connection or what script on our server is making outgoing connection to that IP?

    It is noteworthy it is a CentOS6.5 server and we are using LITESPEED as webserver.

    Best Regards

Share This Page