New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Sorry I am idiot admin. I am more of a programmer.
On your firewall? 😈
Start by checking your webserver logs. Under /var/log/ look for folders named: http, www, apache or nginx.
If they don't show the spike in traffic, and you haven't specifically set-up logging of network traffic before, it may not be possible to find out the cause. A learning experience for next time.
Apache / Nginx visit log should be the first thing to check.
Check mailq if some bot hook up to a vulnerable form or something trying to generate SPAM.
Best thing to do is check the access logs, if you want to know if a specific IP visited your sites the most today you can use a oneliner like:
(You can leave the | grep “27/Sep/2020” part out if you like)
cat *log | grep “27/Sep/2020” | awk {‘print $1’} | sort -n | uniq -c | sort -h
Also what you can do is check the dmesg on your server if anything went out of memory, check the mailqueue (with mailq) if a site is sending spam or something
Start with tcpdump if it's happening. Now that it's happened unless you logged interesting information you may well be SoL.
Do a good old fashion tcpdump. Now, if you are up for real monitoring go with some prometheus + grafana + node_exporter.
I am still trying to figure out a way to monitor for abuse on our networks. I found prometheus is one of the best out there.
thank you guys I will check these
Goaccess, nodequery, iptraf, iftop, vnstats