In order to find Apache web server abuser, you need to check your web server logs. To do that, please first login your linux server via shell.
- List your Apache configuration files. Use one of the following commands depending on your Linux and web server installed versions:
- sudo httpd -S
or
- sudo apachectl -S
Find the configuration file for the suspected abused website and display it:
- sudo cat test.conf
Find the directive for TransferLog or CustomLog and check the log path and filename. Now you can use the following command to count and display duplicate IPs with most website visits:
- cat Path_to_Logfilename |awk '{print $1}' |sort|uniq -c |sort -n |tail
Example:
