Netstat :: How To List IP Addresses?
May 19, 2009
My site is under attack, when i run this command
[php]netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -[/php
it show
1 116.xxx
1 118.xxx
1 203.xx
1 222.xxx
1 Address
1 servers)
3 115.xxx
3 123.xxx
4 58.xxx
10 127.0.0.1
694
What 694 connections mean ? Why netstat don't list their IP ? How can i know which IP is attacking my site ?
View 5 Replies
ADVERTISEMENT
Jan 19, 2008
I've been happily banning ip's using the output from
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
for over a year now, with iptables. However recently, after upgrading to apache 2.2, the connections in netstat get listed as ipv6. A row can look like this for example:
tcp6 0 0 ::ffff:12.123.123.123:80 ::ffff:12.123.12.:12382 ESTABLISHED-
(actual ip addresses changed)
As you can see, the remote ip address isn't complete, it's cut off, so the script used to sum up connections and insert into iptables isnt doing anything.
View 0 Replies
View Related
Feb 15, 2008
to know whatever command to use to see which ip's are blocked from my server.
View 10 Replies
View Related
Jan 29, 2008
how can i know the list of IP that is block by APF and anti-dos?
View 2 Replies
View Related
Aug 9, 2008
netstat -tln shows my port 80 is listening.
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
but netstat -an shows nothing about port 80
actually my web can not be accessed. it shows "Cannot find server or DNS Error " under Internet Explorer.
View 4 Replies
View Related
Jun 11, 2007
I am not shure if this is a configuration problem or it's bacause netstat has it's own way to display things.
Recently csf blocked an IP address for flooding.
My server ip address is something like 192.168.1.201.
The ip that csf blocked was 192.168.1.20.
That IP belongs to an other server that is not ours.
netstat was showing a lot of connections from 192.168.1.20 (the ip that is not ours) but the guys that manage the server with that ip (192.168.1.20) did not saw any connection from them to us. So I thought it's just a spoofed flood. But, the thing is I've blocked that ip and still connections were made.
My conclusion was that netstat was showing 192.168.1.20 "flooding" instead of 192.168.1.201. (the server was connectiong to itself).
iptraf also was showing the server was connecting to itself on the lo interface.
My questions are:
csf is based on netstat for tracking connections?
has anyone had ths type of problem before?
If netstat is showing something else isn't this a bad thing for all (a lot) the scripts that use netstat?
View 0 Replies
View Related
Oct 28, 2008
Netstat & APF cron job ...
View 7 Replies
View Related
Dec 25, 2008
what does the below command actually means I mean when we use it? and in which case it help us? and up to what value there is nothing to worry about? Waiting for detailed reply
netstat -alpn | grep :80 | awk '{print $4}' | cut -d: -f1 |sort |uniq -c
View 10 Replies
View Related
Apr 2, 2008
i got a new sever and was looking at few thing.
just ran netstat and saw this -bash: netstat: command not found
how can i correct it?
View 7 Replies
View Related
Mar 13, 2008
I'm new to server administration/security/troubleshooting, so I have included a lot of info here hoping it will help.
This started because a Linux VPS with CentOS and Exim crashed after only 3000 emails were sent (of 30000) total
I ran a netstat and several times I get three separate ips with the only difference being the last two digits and the port number:
86.104.230.29:59009
86.104.117.45:18065
89.37.137.157:41593
As far as I can tell they are from Romania, and there are several connections.
I have posted a lot of information below, if someone can take a look and give some ideas, it would be very much appreciated.
netstat:
Code:
tcp 0 0 mydomain.com:http 86.104.117.98:34060 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.82:59022 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.219:52276 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.163:25383 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.154:20794 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.235:39094 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.127:61711 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.127:5748 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.37:63424 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.228:54121 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.226:39605 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.91:6446 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.10:54841 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.100:22842 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.118:32674 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.80:16559 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.64:47817 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.136:21718 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.246:37288 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.28:62119 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.190:4468 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.8:25247 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.100:35503 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.199:20896 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.237:saft SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.199:47952 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.118:60561 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.181:10844 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.125:50584 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.253:17855 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.10:25740 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.109:29528 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.62:47349 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.55:4614 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.226:22001 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.163:11790 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.44:8911 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.46:telnets SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.190:27377 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.181:34031 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.19:41722 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.100:57151 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.145:61402 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.53:52461 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.26:42463 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.217:35530 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.35:63414 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.154:56638 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.26:43972 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.172:6922 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.17:3683 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.210:2397 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.46:18754 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.244:4032 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.235:8602 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.82:39495 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.19:28848 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.163:47624 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.8:2683 SYN_RECV
tcp 0 0 mydomain.com:http 89.39.71.55:43300 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.37:1664 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.118:36892 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.17:7317 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.109:56229 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.217:45257 SYN_RECV
tcp 0 0 mydomain.com:http 89.37.137.73:15278 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.230.64:14076 SYN_RECV
tcp 0 0 mydomain.com:http 86.104.117.116:14567 SYN_RECV
View 3 Replies
View Related
Feb 1, 2007
What does this string do? I copy and paste it into my SSH Shell and i get ip addresses and numbers next to them.
Each number means one connection?
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
View 1 Replies
View Related
Dec 17, 2007
Maybe someone would be kind enough to enlighten me of the meaning of a netstat output. I know netstat is supposed to tell you the current active connections but would like some more details(what does each column mean?):
Code:
[root@]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address Stat
I notice that often times I see my ISP's mail server connecting to domains I didin't even set up yet. Sometimes I see google(I guess indexing my sites). But in addition some times I see some scary foreign addresses like from nigeria or one really common one, one which I see pretty often when I run netstat is:
Quote:
tcp 0 0 mydomain.com:http [somehostname].amenworld.com:40867 TIME_WAIT
I can't seem to make any sense of it, what are they doing and why are they always "connected' to my server?
I could just be over reacting on some of this stuff but just curious about what this all means.
View 2 Replies
View Related
Sep 25, 2008
one of my client have an in-house subscriber list with 30000 email build with their offline promotional campaign. They need to send 4 to 5 email in a month and the list might expand to 60000 in a year.
they are using a mailing program to schedule the mailing at 250 email per hour as according to the limit of their ISP and they are looking for a better solution.
i want to suggest them taking a VPS but i'm new to VPS so i'm here to looking for suggestion that i can recommend to my client.
View 6 Replies
View Related
May 18, 2009
Does anyone know why companies like Level3/Yipes/Abovenet/Global Crossing don't make their on-net building list available readily? Cogent/Zayo/etc have it listed right on their website....Zayo even gives you this downloadable KMZ file for Google Earth.
I'm working with a few clients who run their own data center/web hosting facilities and are looking at new spaces in various Class A office buildings. Obviously, I can go around and call all the providers, but it becomes a voicemail game.
View 14 Replies
View Related
Jul 8, 2008
Anyone got a list of available VPS platforms, perhaps with feedback? I run Plesk so I was going to run with Virtuozzo but I see Parallels don't want to give us pricing and I don't have time for that kind of rubbish. What alternatives are there?
View 2 Replies
View Related
May 28, 2008
Just got a new WiredTree VPS up and running. Service has been great so far. Make that super!
VPS newbie question: I would like to set a limit on emails for all domains but mine to some number per hour, but I would like mine to be unlimited. I'm not going to be sending a lot, but, when necessary, they will need to go fast. So far, the only way I have figured out how to keep unlimited for me is to not set a throttle at all and allow Mailman only on admin domains. If any user has to have lists, then I can authorize it then and maybe keep tabs on it.(There's probably a lot better way to say that, but I'm tired :-)
View 0 Replies
View Related
Apr 19, 2008
Can anyone give me a list of some of the top VPS providers?
View 13 Replies
View Related
Apr 28, 2008
I'm currently trying to gather a list of Xen VPS Prviders, maybe you can help me out making it a little bit longer?
Listed here in no particular order:
provps
gate2vn
xeneurope
gplhost
serveraxis
myvpshost
crucial paradgim
clustered
I know there are a lot more to it. But could you help me out making it longer?
View 14 Replies
View Related
Jul 17, 2007
root@server [~]# replace ns3.host.com ns1.host.com -- /var/named/*
-bash: /usr/bin/replace: Argument list too long
How can I work past this?
Using Centos 4.5 / cpanel
View 4 Replies
View Related
Aug 23, 2007
I have a client who is interested in settin up a paying mailing list for a website I built for him.
I figured since he doesn't want to spend $3000 for a full CMS, I would just do things manually.
A customer would pay through Paypal. He would then check PayPal for any new subscribers dailys, add them if new, and then send out his newsletter daily to the people who have paid.
In the mailing list software, there would be a box for how many days this person would be allowed to be sent an e-mail and then once his subscription was up, an e-mail would be sent out (the last part is optional).
Does anyone have any insight of a program/script that would work in this manner? Or maybe a decently cheap script that they know of? This site is a non-profit, donation site.
View 4 Replies
View Related
Mar 10, 2008
I can see that almost all the web hosting companies have been overselling. Can anyone give some suggestion.Tell me a couple of non overseller.
View 14 Replies
View Related
Nov 8, 2007
I ran the Trojan scan in WHM and it came up with the list below. I have a strong feeling WHM is mis-reporting these as trojans, but I thought I would ask the experts here:
Scan for Trojan Horses
Appears Clean
/dev/stderr
Scanning for Trojan Horses.....
Possible Trojan - /usr/bin/cpan
Possible Trojan - /usr/bin/instmodsh
Possible Trojan - /usr/bin/prove
Possible Trojan - /usr/bin/xmlcatalog
Possible Trojan - /usr/bin/xmllint
Possible Trojan - /usr/bin/xml2-config
Possible Trojan - /usr/lib/libxml2.la
Possible Trojan - /usr/bin/mysqlhotcopy
Possible Trojan - /usr/bin/Wand-config
Possible Trojan - /usr/bin/animate
Possible Trojan - /usr/bin/compare
Possible Trojan - /usr/bin/composite
Possible Trojan - /usr/bin/conjure
Possible Trojan - /usr/bin/convert
Possible Trojan - /usr/bin/display
Possible Trojan - /usr/bin/identify
Possible Trojan - /usr/bin/import
Possible Trojan - /usr/bin/mogrify
Possible Trojan - /usr/bin/montage
Possible Trojan - /usr/bin/curl-config
Possible Trojan - /usr/bin/curl
Possible Trojan - /usr/lib/libcurl.so.3.0.0
Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.la
Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.so
Possible Trojan - /usr/sbin/pureauth
25 POSSIBLE Trojans Detected
Is there anything that looks fishy here?
View 3 Replies
View Related
Mar 28, 2009
I'm curious as to why more dedicated server providers don't list RAM
speed in their server specs. To me, server performance is very important,
and the speed of the ram can certainly affect that.
It also might not be obvious to many people how to determine the speed
of the ram in your system. You can use the program lshw...
PHP Code:
#lshw
...
*-bank:1
description: DIMM 1333 MHz (0.8 ns)
vendor: Manufacturer01
physical id: 1
serial: 00000000
slot: DIMM1
size: 2GiB
width: 64 bits
clock: 1333MHz (0.8ns)
...
View 14 Replies
View Related
Jun 17, 2009
I have 20 clients who are on different networks and countries but all of the sudden their IP's are keep getting black list in spamhause, CBL, dsbl etc and they can not send email i am so very tired of this,
View 7 Replies
View Related
Jan 1, 2009
I recieved a new block of ips from my server folks and this block is worse than before, the main ip is on more than 10 spam lists.
How do I resolve this? Is there a way a server company can select a clean block of ips?
can I set the email program to use a separate ip or something intead of changing ips of server?
View 3 Replies
View Related
Sep 7, 2008
I have a short list of hosts I'm considering for either my main or backup host. I am currently with A Small Orange in Atlanta who seems to be fairly stable.
Here's the list:
iHubNet.com
MidPulse.com
SharkSpace.com
AspirationHosting.com
I like that iHubNet has their own servers. The comments that folks like Matt A make on this board to be helpful have caught my attention.
My web site has a domain and two parked domains. About 50 subdomanins and is typically 300 to 450MB in size. It uses about that much in bandwidth a month, mostly from clients downloading audio mp3's of voiceover work. The site staying online is important.
I just don't seem to read much on this board about some of these hosts and was wondering if anyone had any experience with them?
View 14 Replies
View Related
Jul 24, 2008
How can i sort user who are using 100MB above space in qmail.
View 0 Replies
View Related
