netstat one liners

Active over port 80

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

 

Sorted by type

netstat -plant | awk '{print $6}' | sort | uniq -c | sort -n

How to block IP address in Linux via ssh:

The following command will drop any packet coming from the IP address 1.2.3.4:

iptables -I INPUT -s 1.2.3.4 -j DROP

or

iptables -A INPUT -s 1.2.3.4 -j DROP

(-I inserts into config, -A appends)

Use the following syntax to block 10.0.0.0/8 on eth1 public interface:
iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j DROP

Use the following command to view:
iptables -L -v

Use the following command to save:
service iptables save

Check log file for website “POST” entries

If you have a server that is not responding, there might be an attack on one of the domains. You can get a good idea if a normally low volume website is suddenly getting lots of traffic by running a few checks on the log files.

Count the number of posts to each unique file:
# grep POST /usr/local/apache2/logs/USER/DOMAIN-accesslog | awk ‘{print $7}’ | sort | uniq -c | sort -n 

Count the number of times each IP posted to the domain:
# grep POST /usr/local/apache2/logs/USER/DOMAIN-accesslog | awk ‘{print $1}’ | sort | uniq -c | sort -n

Count the number of unique IP addresses that posted to the domain: 
# grep POST /usr/local/apache2/logs/USER/DOMAIN-access_log | awk ‘{print $1}’ | sort | uniq | wc -l