Determinate what a visitor ip@ is doing in the server

foxmedo

• March 23, 2020 04:36

Dear all, few days ago i can see many IP is connected to the server I need to know where this ip is doing to which website they are connecting and what service they are using Before blocking this ip, i have many clients and i need to be sure before blocking any ip@ 1 194.39.78.0 1 194.39.78.1 1 194.39.78.104 1 194.39.78.108 1 194.39.78.109 1 194.39.78.111 1 194.39.78.116 1 194.39.78.118 1 194.39.78.120 1 194.39.78.121 1 194.39.78.13 1 194.39.78.133 1 194.39.78.135 1 194.39.78.138 1 194.39.78.14 1 194.39.78.142 1 194.39.78.143 1 194.39.78.145 1 194.39.78.146 1 194.39.78.150 1 194.39.78.156 1 194.39.78.161 1 194.39.78.162 1 194.39.78.165 1 194.39.78.168 1 194.39.78.169 1 194.39.78.171 1 194.39.78.173 1 194.39.78.174 1 194.39.78.175 1 194.39.78.176 1 194.39.78.181 1 194.39.78.182 1 194.39.78.190 1 194.39.78.192 1 194.39.78.196 1 194.39.78.201 1 194.39.78.203 1 194.39.78.204 1 194.39.78.209 1 194.39.78.210 1 194.39.78.211 1 194.39.78.214 1 194.39.78.22 1 194.39.78.220 1 194.39.78.221 1 194.39.78.230 1 194.39.78.233 1 194.39.78.235 1 194.39.78.241 1 194.39.78.242 1 194.39.78.243 1 194.39.78.248 1 194.39.78.25 1 194.39.78.250 1 194.39.78.254 1 194.39.78.27 1 194.39.78.33 1 194.39.78.36 1 194.39.78.37 1 194.39.78.39 1 194.39.78.40 1 194.39.78.48 1 194.39.78.50 1 194.39.78.52 1 194.39.78.54 1 194.39.78.56 1 194.39.78.57 1 194.39.78.6 1 194.39.78.61 1 194.39.78.66 1 194.39.78.67 1 194.39.78.68 1 194.39.78.69 1 194.39.78.7 1 194.39.78.71 1 194.39.78.72 1 194.39.78.73 1 194.39.78.77 1 194.39.78.79 1 194.39.78.83 1 194.39.78.85 1 194.39.78.86 1 194.39.78.87 1 194.39.78.88 1 194.39.78.94 1 194.39.78.96 1 194.39.78.98 2 194.39.78.102 2 194.39.78.103 2 194.39.78.113 2 194.39.78.122 2 194.39.78.131 2 194.39.78.136 2 194.39.78.144 2 194.39.78.164 2 194.39.78.187 2 194.39.78.19 2 194.39.78.194 2 194.39.78.200 2 194.39.78.215 2 194.39.78.222 2 194.39.78.229 2 194.39.78.23 2 194.39.78.236 2 194.39.78.239 2 194.39.78.252 2 194.39.78.26 2 194.39.78.32 2 194.39.78.4 2 194.39.78.43 2 194.39.78.55 2 194.39.78.58 2 194.39.78.9 2 194.39.78.90 3 194.39.78.126 3 194.39.78.152 3 194.39.78.160 3 194.39.78.172 3 194.39.78.198 3 194.39.78.207 3 194.39.78.62 3 194.39.78.82 3 194.39.78.95 4 194.39.78.2 4 194.39.78.5

• 

  dalem

  • March 23, 2020 13:16

  grep -ir 194.39.78 /var/log may give you some insight

  0
• 

  cPanelLauren

  • March 24, 2020 14:51

  The i flag in that grep is unnecessary -i, --ignore-case Ignore case distinctions in both the PATTERN and the input files. (-i is specified by POSIX.)
  You can look at a few other specific logs to find out what that IP is accessing as well: grep -r 194.39.78 /etc/apache2/logs/domlogs/
grep 194.39.78 /usr/local/cpanel/logs/access_logs
  How are you getting the IP output? If you're running a netstat
  command the port the IP is connecting to is also indicative of the service its using.

  0

Please sign in to leave a comment.