Check Attack That Is Coming From Linux Server (Centos)

Created On
Last Updated On
byWesAdmin
Print
< Back to the Title Topic

Check Attack That Is Coming From Linux Server (Centos)

Step 1 : SSH to the server

Step 2 : Check the server condition :-

  • Command : top
  • See the suspicious command, we can see if there is something suspicious, it will appear when we run the command “top”
  • For example, we can see that the command “Q47Bs0” have high CPU usage and appear at the first line when we run “top” command.

Step 3 : Copy the PID and check  :-

  • Command : lsof -p <PID>
  • Example : lsof -p 30971
  • We an see the suspicious domain and the specific path that is attacking.

**Extra notes : This same concept can be used to check if the server load is high and what is causing the load to be high**

Previous Generating a CSR with CPanel/WHM Control Panel
Next How to disable root access in CentOS?