So I get this a lot… Want to figure out of if you have a DDoS going on… the best way is the apache logs.  Use this code to count and sort by IP:


cut -f1 -d ” ” access_log | sort | uniq -c


Just replace access_log with your log name.

More complex you can also try :


awk ‘{!a[$1]++}END{for(i in a) if ( a[i] >10 ) print a[i],i }’


© 2013, Joseph Griffiths. All rights reserved.

Leave a Reply