I currently have a medium-sized website, that probably has a few security flaws. That's probably normal, I think. You can't catch everything. The problem is, I also have a couple script kiddies whom think its fun to try day and night to attempt to crack my website, to do who knows what. Probably something like deleting the DB. I have backups, but it's still a toll on RAM and CPU, and I'd prefer to stop it. Is there any way I can analyze the server logs to easily find out which entries are caused by the script kiddies? They'd probably be identified by multiple hits per minute, but it's a pain to go through and pick out those entries when I could be doing something worthwhile.
Best Answer
cat access_log | awk '{print $1}' | sort | uniq -c |sort -gshould produce an ordered list of ip addresses that are hitting your site, the first column will be the number of hits, the second the ip.
You might have to change the value $1 this is the position of the ip address field in the logfile line. On my webserver its first hence $1, otherwise a field is defined as 'separated by white space' so the next entry is $2 etc.