The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

High Connections to server

Discussion in 'General Discussion' started by lldeepakll, Sep 9, 2012.

  1. lldeepakll

    lldeepakll Well-Known Member

    Joined:
    May 20, 2012
    Messages:
    86
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    How can I find who is (which ip) making high connection to server. I am having a problem with my server that someone makes high connection to my server (may be some type of attack) and the services exim, ftp, imap goes down. I have found the below commands to find who is making high connection, but can you please help me to understand these.

    netstat -plan | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
    netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

    These commands shows list of ips and some numbers front of it may be (I don't know)these numbers are the connection to the server. And can I block these ips in firewall. Or is there any other way to find out and block the ip.

    Thanks.
     
  2. tecsys

    tecsys Member

    Joined:
    Sep 9, 2012
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Nashik.India
    cPanel Access Level:
    Root Administrator
    Hello,

    That is not a perfect command. Please use this one

    Code:
    netstat -pant | awk '{print $5}' | grep ^[0-9] | grep -v 0.0. | cut -d: -f1 | sort | uniq -c | sort -n
    It will give you the list of IPs with maximum connections in increasing order. You may consider blocking the ones with very high connections using a firewall.
     
  3. pwhjenny

    pwhjenny Well-Known Member

    Joined:
    Aug 31, 2012
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    You always cant detect and block what IP making high connections. Instead why not to make it little automatic..Try csf + lfd or try ddos deflate..
     
  4. lldeepakll

    lldeepakll Well-Known Member

    Joined:
    May 20, 2012
    Messages:
    86
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Thanks tecsys and pwhjenny.
     
Loading...

Share This Page