Oct 302009
 

you can modify the command with the most used attacking words like wget, etc
find /usr/local/apache/domlogs/ -exec egrep -H ‘(wget|curl|lynx|wget)%20? {} \;

tail -100000 /usr/local/apache/logs/access_log | awk ‘{print $1}’ | sort | uniq -c |sort -n
netstat -tn 2>/dev/null | grep :80 | awk ‘{print $5}’ | cut -f1 -d: | sort | uniq -c | sort -rn | head
netstat -anp | grep 80
tac /usr/local/apache/logs/error_log |less
netstat -tn 2>/dev/null | grep :80

/usr/bin/lynx -dump -width 500 http://127.0.0.1/whm-server-status | awk ‘BEGIN { FS = ” ” } ; { print $12 }’ | sed ‘/^$/d’ | sort | uniq -c
site connections
/usr/bin/lynx -dump -width 500 http://127.0.0.1/whm-server-status | grep GET | awk ‘{print $12}’ | sort | uniq -c | sort -rn | head
busiest site
/usr/bin/lynx -dump -width 500 http://127.0.0.1/whm-server-status | grep GET | awk ‘{print $14}’ | sort | uniq -c | sort -rn | head
busiest script

rlog /usr/local/apache/conf/httpd.conf | head -35
changes made to httpd.conf

/usr/local/apache/bin/httpd -S
gives a listing of how the active vhosts are configured and in what order they are loaded, including IP addresses, domain names, port and other infos

netstat -tn | grep :80 | wc -l
open connections to your webserver

netstat -an |grep :80 |wc -l
Show how many active connections there are to apache (httpd runs on port 80)

 Posted by at 10:14 am