DDoS attacks can be frustrating. More challenging is to find out the IPs from the lengthy apache logs who are putting load on your server.
Below is a command that can help you to identify the IPs and their request counts present in your log file.
grep ‘DD\/MMM’ access_log | awk -F’ ‘ ‘{ print $1 }’| sort | uniq -c | sort -r
Replace DD and MMM with the date you want to look up. Replace the “access_log” with your Apache access log path.
