Linux

Today I had the task of gathering files from a Drupal website into an archive to send to a client. The files were stored in the database and were spread out across the public files and the private files directories.

Finding failed login attempts from the maillog:

head -n1 /var/log/maillog | awk '{ printf "Failed Login Attempts Since: "$1" "$2": " }' && cat /var/log/maillog | grep "FAILED" | wc -l && cat /var/log/maillog | grep "FAILED" | perl -ne 'print "$&\n" while m#\d+\.\d+\.\d+\.\d+#g' | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | uniq -c | awk 'length($1)>2'

A list of useful commands that can be used to help identify a high server load:

Apache POST DOS Attach

• Check the amount of POST requests to Apache:

  
  /usr/sbin/tcpdump -A -nnn -s0 -l 'dst port 80' | grep -Eo "POST\ /.*"
  

• Find the culprit on a shared hosting environment:

  
  grep POST /var/www/vhosts/*/statistics/logs/access_log