Load due to a particular user in the server

Whenever the load in the server increases due to a particular user in the server. Check the following:

Find the domain owned by the user:

grep username /etc/userdomains

use the following command after you get the domain name:

less /usr/local/apache/domlogs/domain.com | awk ‘{print $1}’ | sort | uniq -c | sort -n

This will give the ip and number of connections in the descending order. For example:

 13832 65.52.110.145
 19112 66.249.68.183
208262 157.55.16.55

In the above case we can see too many connections from those ips. This is surely abnormal. Immediately block such ips in the server using csf[if not present use iptables].

using ip tables:

iptables -A INPUT -s <ip> -j DROP

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: