How to find Apache web server abuser

 

In order to find Apache web server abuser, you need to check your web server logs. To do that, please first login your linux server via shell.

  1. List your Apache configuration files. Use one of the following commands depending on your Linux and web server installed versions:
  • sudo httpd -S

or

  • sudo apachectl -S

 find1.jpg

Find the configuration file for the suspected abused website and display it:

  • sudo cat test.conf

find2.jpg

Find the directive for TransferLog or CustomLog and check the log path and filename. Now you can use the following command to count and display duplicate IPs with most website visits:

  • cat Path_to_Logfilename |awk '{print $1}' |sort|uniq -c |sort -n |tail

Example:

find3.jpg