Server Attacked
-
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Server Attacked
Hello,
Today one of my server was attacked.
I runned this command to check the IP's that are connecting so i can ban them: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
But the IP with most connection, was the IP of my own server, with more than 2000 connection.
How can i know the real IP address? Its like it was my own server attacking himself.
Today one of my server was attacked.
I runned this command to check the IP's that are connecting so i can ban them: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
But the IP with most connection, was the IP of my own server, with more than 2000 connection.
How can i know the real IP address? Its like it was my own server attacking himself.
Re: Server Attacked
Nope, it mean you have to many connections
Nginx make connection to Apache with your server IP.
Nginx make connection to Apache with your server IP.
-
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Re: Server Attacked
Ok, i understand now ;)skurudo wrote:Nope, it mean you have to many connections
Nginx make connection to Apache with your server IP.
So, there is a command to know which IP's are making requests to Nginx?
Re: Server Attacked
You can parse nginx access log -> cat / tail / awk --> likeRevengeFNF wrote:So, there is a command to know which IP's are making requests to Nginx?
Code: Select all
tail -f /var/log/nginx/access_log
Code: Select all
location /nginx_status {
# Turn on nginx stats
stub_status on;
# I do not need logs for stats
access_log off;
# Security: Only allow access from 192.168.1.100 IP #
allow 192.168.1.100;
# Send rest of the world to /dev/null #
deny all;
}
ngxtop parses your nginx access log and outputs useful, top-like, metrics of your nginx server. So you can tell what is happening with your server in real-time.
-
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Re: Server Attacked
Again, thank you so much for the help :)
Re: Server Attacked
You're welcome ;-)RevengeFNF wrote:Again, thank you so much for the help :)
Re: Server Attacked
hi .. im failed to start nginx with stub_status on after enable itskurudo wrote: ↑Tue Jul 21, 2015 10:24 amYou can parse nginx access log -> cat / tail / awk --> likeRevengeFNF wrote:So, there is a command to know which IP's are making requests to Nginx?and enable nginx stat, there is something - not so informative, but...Code: Select all
tail -f /var/log/nginx/access_log
Or there is cool utility ngxtop -> https://github.com/lebinh/ngxtopCode: Select all
location /nginx_status { # Turn on nginx stats stub_status on; # I do not need logs for stats access_log off; # Security: Only allow access from 192.168.1.100 IP # allow 192.168.1.100; # Send rest of the world to /dev/null # deny all; }
ngxtop parses your nginx access log and outputs useful, top-like, metrics of your nginx server. So you can tell what is happening with your server in real-time.