How to identify which domain is generating abnormal traffic
How to identify which domain is generating abnormal traffic
I have Centos 6.5 with Vesta installed, and I have multiple websites (about 20), since yesterday I have a huge CPU load on the server.
I run the command and is the httpd service that is using my cpu.
I have more than 2000 connection on port 80, I get this value with this command:
How can I identify which website is getting a huge amount of access?
I run the command
Code: Select all
top
I have more than 2000 connection on port 80, I get this value with this command:
Code: Select all
netstat -plan | grep :80 | wc -l
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: How to identify which domain is generating abnormal traf
Your AWStats or Webalizer may show you something predictive.
Also check netstat -a output, may be your webhost can also scan your ports and send you information.
Is you server secure by the way ? SSH/Root Pass/Panel breaches I mean ?
If all else fails... suspend all your domains from VestaCP, shutdown your server for 15 mins. Reboot and then un-suspend your domains one by one, watching your web traffic and load average.
Use HTOP instead, much better than TOP.
Good Luck!
Also check netstat -a output, may be your webhost can also scan your ports and send you information.
Is you server secure by the way ? SSH/Root Pass/Panel breaches I mean ?
If all else fails... suspend all your domains from VestaCP, shutdown your server for 15 mins. Reboot and then un-suspend your domains one by one, watching your web traffic and load average.
Use HTOP instead, much better than TOP.
Good Luck!
Re: How to identify which domain is generating abnormal traf
mehargags wrote:Your AWStats or Webalizer may show you something predictive.
Also check netstat -a output, may be your webhost can also scan your ports and send you information.
Is you server secure by the way ? SSH/Root Pass/Panel breaches I mean ?
If all else fails... suspend all your domains from VestaCP, shutdown your server for 15 mins. Reboot and then un-suspend your domains one by one, watching your web traffic and load average.
Use HTOP instead, much better than TOP.
Good Luck!
Thank you. I'm using HTOP ;)
I solve my problem using server-status from apache it give me the url that are being requested. I'm suffering a brute force attack in 2 of my wordpress websites. I block multiple ips with iptable and now everything is working perfectly
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: How to identify which domain is generating abnormal traf
goto IP (Top LEFT) Edit your IP -- set the domain for it