Search our database

Check Attack That Is Coming From Linux Server (Centos)

Step 1 : SSH to the server

Step 2 : Check the server condition :-

  • Command : top
  • See the suspicious command, we can see if there is something suspicious, it will appear when we run the command “top”

  • For example, we can see that the command “Q47Bs0” have high CPU usage and appear at the first line when we run “top” command.

Step 3 : Copy the PID and check  :-

  • Command : lsof -p <PID>
  • Example : lsof -p 30971

  • We an see the suspicious domain and the specific path that is attacking.

 

**Extra notes : This same concept can be used to check if the server load is high and what is causing the load to be high**