what does the below command actually means I mean when we use it? and in which case it help us? and up to what value there is nothing to worry about? Waiting for detailed reply
netstat -alpn | grep :80 | awk '{print $4}' | cut -d: -f1 |sort |uniq -c
i got a new sever and was looking at few thing.
just ran netstat and saw this -bash: netstat: command not found
how can i correct it?
netstat -tln shows my port 80 is listening.
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
but netstat -an shows nothing about port 80
actually my web can not be accessed. it shows "Cannot find server or DNS Error " under Internet Explorer.
I am not shure if this is a configuration problem or it's bacause netstat has it's own way to display things.
Recently csf blocked an IP address for flooding.
My server ip address is something like 192.168.1.201.
The ip that csf blocked was 192.168.1.20.
That IP belongs to an other server that is not ours.
netstat was showing a lot of connections from 192.168.1.20 (the ip that is not ours) but the guys that manage the server with that ip (192.168.1.20) did not saw any connection from them to us. So I thought it's just a spoofed flood. But, the thing is I've blocked that ip and still connections were made.
My conclusion was that netstat was showing 192.168.1.20 "flooding" instead of 192.168.1.201. (the server was connectiong to itself).
iptraf also was showing the server was connecting to itself on the lo interface.
My questions are:
csf is based on netstat for tracking connections?
has anyone had ths type of problem before?
If netstat is showing something else isn't this a bad thing for all (a lot) the scripts that use netstat?
Netstat & APF cron job ...
View 7 Replies View RelatedMy site is under attack, when i run this command
[php]netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -[/php
it show
1 116.xxx
1 118.xxx
1 203.xx
1 222.xxx
1 Address
1 servers)
3 115.xxx
3 123.xxx
4 58.xxx
10 127.0.0.1
694
What 694 connections mean ? Why netstat don't list their IP ? How can i know which IP is attacking my site ?
I'm new to server administration/security/troubleshooting, so I have included a lot of info here hoping it will help.
This started because a Linux VPS with CentOS and Exim crashed after only 3000 emails were sent (of 30000) total
I ran a netstat and several times I get three separate ips with the only difference being the last two digits and the port number:
86.104.230.29:59009
86.104.117.45:18065
89.37.137.157:41593
As far as I can tell they are from Romania, and there are several connections.
I have posted a lot of information below, if someone can take a look and give some ideas, it would be very much appreciated.
netstat:
Code:
tcp 0 0 mydomain.com:http 86.104.117.98:34060 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.82:59022 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.219:52276 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.163:25383 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.154:20794 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.235:39094 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.127:61711 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.127:5748 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.37:63424 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.228:54121 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.226:39605 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.91:6446 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.10:54841 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.100:22842 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.118:32674 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.80:16559 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.64:47817 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.136:21718 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.246:37288 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.28:62119 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.190:4468 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.8:25247 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.100:35503 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.199:20896 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.237:saft SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.199:47952 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.118:60561 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.181:10844 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.125:50584 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.253:17855 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.10:25740 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.109:29528 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.62:47349 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.55:4614 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.226:22001 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.163:11790 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.44:8911 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.46:telnets SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.190:27377 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.181:34031 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.19:41722 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.100:57151 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.145:61402 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.53:52461 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.26:42463 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.217:35530 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.35:63414 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.154:56638 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.26:43972 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.172:6922 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.17:3683 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.210:2397 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.46:18754 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.244:4032 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.235:8602 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.82:39495 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.19:28848 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.163:47624 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.8:2683 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.55:43300 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.37:1664 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.118:36892 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.17:7317 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.109:56229 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.217:45257 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.73:15278 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.64:14076 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.116:14567 SYN_RECV
I've been happily banning ip's using the output from
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
for over a year now, with iptables. However recently, after upgrading to apache 2.2, the connections in netstat get listed as ipv6. A row can look like this for example:
tcp6 0 0 ::ffff:12.123.123.123:80 ::ffff:12.123.12.:12382 ESTABLISHED-
(actual ip addresses changed)
As you can see, the remote ip address isn't complete, it's cut off, so the script used to sum up connections and insert into iptables isnt doing anything.
Is there a command i can type into the ssh console to stop a current transfer that i started wit the wget command?
the file im wgeting always stuffs up at 51% but then the server just retries and starts again, its done it 3 times so far and i just want to completely cancle the process if possible....
What does this string do? I copy and paste it into my SSH Shell and i get ip addresses and numbers next to them.
Each number means one connection?
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
Maybe someone would be kind enough to enlighten me of the meaning of a netstat output. I know netstat is supposed to tell you the current active connections but would like some more details(what does each column mean?):
Code:
[root@]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address Stat
I notice that often times I see my ISP's mail server connecting to domains I didin't even set up yet. Sometimes I see google(I guess indexing my sites). But in addition some times I see some scary foreign addresses like from nigeria or one really common one, one which I see pretty often when I run netstat is:
Quote:
tcp 0 0 mydomain.com:http [somehostname].amenworld.com:40867 TIME_WAIT
I can't seem to make any sense of it, what are they doing and why are they always "connected' to my server?
I could just be over reacting on some of this stuff but just curious about what this all means.
I tried to look up tutorials for basic commands, but none listed "last"
View 4 Replies View Relatedi have a problem
for example my current path in server is
root@server [/home/user1/public_html/upload]#
and i wanna copy every thing inside directory upload to /home/user1/public_html/
but when i used this command
root@server [/home/user1/public_html/upload]#cp -r -f *.* /home/user1/public_html/
then it just copy files . is there is any way to copy folder as well?
Im using the 'top' command on my server to view the memory and cpu usage, to save me sitting in front of my pc for hours looking at it, is there any way I can save it to a text file for viewing later on
its a 1and1 business server 1
I want to delete all files named .ftpquota from the server, what's the ssh command to accomplish this?
View 3 Replies View RelatedWhats the command to search inside files on a server....
i know locate <name> locates files.
but how do i actually search inside all files...
i know it can take a while/resources....
Can anyone please tell me if there is another command to get I/O HDD stats for FreeBSD except gstat?
View 3 Replies View RelatedMy server's ram keeps on spiking to 100%. And this causes this error:
Code:
SQL error: Out of memory
So far, the only way I can sort this problem out is to reboot it.
Is there any commands to find out what is eating up all of the ram?
i tried installing the APF firewall by following this thread:
http://www.webhostingtalk.com/showthread.php?t=327478
After configuring all the ports, i start the firewall with this command /usr/local/sbin/apf -s
and I got:
: command not foundline 438: kN:q
: command not foundline 438: kN:q
: command not foundline 438: kN:q
Development mode enabled!; firewall will flush every 5 minutes.
: command not foundline 438: kN:q
Is this normal?
how could I increase the memory limit on my server via SSH?
I have it currently on 30MB and need to increase it to 50MB.
Can you please provide a clamscan ssh command for scan all sites public_html folder?
I know "clamscan -i -r --remove /home/" can scan all /home directrory and sub-directory, but its can have a heavy cpu process and serer load!
Im trying to zip up an sqlite database backup.
I execute this command
Code:
zip ../d/db/backup.zip ../d/db/09-02-15.sqlite
backup.zip never appears. Instead, I get some random filename in the directory. Like ziOHokOw
If I try to zip a smaller file(last weeks backup) everything runs fine?
Code:
zip ../d/db/backup.zip ../d/db/09-02-08.sqlite
So the 134mb file zips fine, but the 200mb one seems like its failing and im left with some type of temporary file. I tried downloading the weird filename and unzipping it. It has partial info like directory structure, the filename but the actual file inside is corrupt.
i am use to zip command but on this server gzip is only installed.
So I ran this command
gzip -r /domains/
instead of this
gzip -r /domains/ > backup.gz
Now wat it has done is instead of creating a single file with all the files in compressed format, it has created their gz copy there in the recursion.
How can I delete all those files in recursion? I have tried
rm -Rf /domains/*.gz
What is pscan2 command?
Its take a long process and cpu load on my server.
8986 root 25 0 1516 484 408 R 64 0.0 5:36.97 pscan2
I have recently brought a VPS hosting package. At the moment I am going through the tutoritals on the net that I have researched before getting a VPS package to give me some understanding on what I need to do to securior the server and also how to install the software that I require.
For most of today, I have been trying to sort out a problem that I am currently having.
Of which is I am trying to sort out a part of the tutorial from a website that requires the use of apt commands.
But for every command I am getting the message back apt..... Command not found. I am currently using the ubuntu operating system. And through some research, I have got the feeling that I might have the bare installation done on my server to just make it work.
Would I be right, and with the bare installation apt commands wouldn't be installed?
If I am, how would I go about installing the Apt commands and anything else that I might require?
I had some issues with PHP compilation seems to be issue with zlib. So I decided to remove it. What happened then is something like nightmare...
The command yum remove zlib removed zlib + all dependencies without asking me what to remove. So it removed majority of packages including yum itself.
How can I force yum to not remove dependencies when I uninstall some package?
can i activate the deletion command for 10 or 30 mins and then stop it? i think by this way we cant delete some files from the dir and not all the files so i can edit my files
i want to do this because my server doesnt respond to any file system command because my hardisk is full! so i need to remove some files by any way
is there a way to look which process/user used the most cpu in last 30min or in last hour.
View 3 Replies View RelatedWhat is the Command Line, hoe do I get to it, when I do how do I update Perl to 5.88
View 5 Replies View RelatedI've just about got my mysqldump script ready,
Here is what it looks like:
Code:
#!/bin/sh
mysqldump -uusr -ppwd --opt db > /home/usr/dbs/1.sql
mysqldump -uusr -ppwd --opt db2 > /home/usr/dbs/2.sql
cd /home/usr/dbs
tar -zcvf sqldata.tgz *.sql
How would I make my finished gzipped file's filename to include the date?
Would I add any tags infront of sqldata.tgz *.sql?
Or would I have to run another command after the last line?
I can't edit or add anything when using this command
crontab -e
all the jobs appears but I can't edit