If you are having problems with possible attack on your server, check the log files for the most common hits. Many times you will find one page being accessed beyond what would be normal.
va1-fv00150# cat /usr/local/apache/logs/*/*access_log | awk ‘{print $7}’ | sort | uniq -c | sort -rn | head
35806 /administrator/index.php
89 /
37 /robots.txt
30 /favicon.ico
20 /administrator/index.php?option=com_login
16 /imgs/flash.swf
15 /imgs/home.html
14 /wp-login.php
14 /js/AC_RunActiveContent.js
14 /imgs/styles.css
Use this information to find what log file is getting the hits:
va1-fv00150# grep -R “/administrator/index.php” /usr/local/apache/logs/*/*access_log | cut -d: -f1 | sort | uniq -c | sort -rn | head
38313 /usr/local/apache/logs/ibreporttv/ibreporttv.com-access_log
5 /usr/local/apache/logs/goinsidebusiness/goinsidebusiness.com-access_log