We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Server Attacked
-
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Server Attacked
Hello,
Today one of my server was attacked.
I runned this command to check the IP's that are connecting so i can ban them: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
But the IP with most connection, was the IP of my own server, with more than 2000 connection.
How can i know the real IP address? Its like it was my own server attacking himself.
Today one of my server was attacked.
I runned this command to check the IP's that are connecting so i can ban them: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
But the IP with most connection, was the IP of my own server, with more than 2000 connection.
How can i know the real IP address? Its like it was my own server attacking himself.
Re: Server Attacked
Nope, it mean you have to many connections
Nginx make connection to Apache with your server IP.
Nginx make connection to Apache with your server IP.
-
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Re: Server Attacked
Ok, i understand now ;)skurudo wrote:Nope, it mean you have to many connections
Nginx make connection to Apache with your server IP.
So, there is a command to know which IP's are making requests to Nginx?
Re: Server Attacked
You can parse nginx access log -> cat / tail / awk --> likeRevengeFNF wrote:So, there is a command to know which IP's are making requests to Nginx?
Code: Select all
tail -f /var/log/nginx/access_log
Code: Select all
location /nginx_status {
# Turn on nginx stats
stub_status on;
# I do not need logs for stats
access_log off;
# Security: Only allow access from 192.168.1.100 IP #
allow 192.168.1.100;
# Send rest of the world to /dev/null #
deny all;
}
ngxtop parses your nginx access log and outputs useful, top-like, metrics of your nginx server. So you can tell what is happening with your server in real-time.
-
- Posts: 92
- Joined: Sat Aug 02, 2014 6:50 pm
- Os: CentOS 6x
- Web: nginx + php-fpm
Re: Server Attacked
Again, thank you so much for the help :)
Re: Server Attacked
You're welcome ;-)RevengeFNF wrote:Again, thank you so much for the help :)
Re: Server Attacked
hi .. im failed to start nginx with stub_status on after enable itskurudo wrote: ↑Tue Jul 21, 2015 10:24 amYou can parse nginx access log -> cat / tail / awk --> likeRevengeFNF wrote:So, there is a command to know which IP's are making requests to Nginx?and enable nginx stat, there is something - not so informative, but...Code: Select all
tail -f /var/log/nginx/access_log
Or there is cool utility ngxtop -> https://github.com/lebinh/ngxtopCode: Select all
location /nginx_status { # Turn on nginx stats stub_status on; # I do not need logs for stats access_log off; # Security: Only allow access from 192.168.1.100 IP # allow 192.168.1.100; # Send rest of the world to /dev/null # deny all; }
ngxtop parses your nginx access log and outputs useful, top-like, metrics of your nginx server. So you can tell what is happening with your server in real-time.