Last active
July 1, 2019 05:35
-
-
Save samsargent/0c8d7cabc81ce5ab81a18c6a4c4e74a3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
=-+=-+=-+=-+=-+=-+=-+=-+=-+= | |
List all IP's hitting any domain | |
=-+=-+=-+=-+=-+=-+=-+=-+=-+= | |
less /home/*/access-logs/* | awk '{print $1}' | sort | uniq -c | sort -n | |
=-+=-+=-+=-+=-+=-+=-+=-+=-+= | |
List all IP's hitting POSTING to any domain | |
=-+=-+=-+=-+=-+=-+=-+=-+=-+= | |
grep POST /usr/local/apache/domlogs/* | cut -d ':' -f 2 | cut -d ' ' -f 1 | sort | uniq -c | sort -n | |
=-+=-+=-+=-+=-+=-+=-+=-+=-+= | |
View access logs for domain | |
=-+=-+=-+=-+=-+=-+=-+=-+=-+= | |
cat /home/%user%/access-logs/%domain% | grep "31/May/2018:02" | less |
If you only want to see IP's hitting any domain for a specific date:
less /home/*/access-logs/* | grep "\[16/Mar/2018:" | awk '{print $1}' | sort | uniq -c | sort -n
If you see an IP with a suspicious amount of requests check the requests using the command below.
cat /home/*/access-logs/* | grep 59.100.22.44 | less
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A better way to track what site an IP is hitting:
grep -H 107.20.91.162 /home/*/access-logs/*
It will put the filename at the start of each line.