Recent content by LucaMago

Doing that tcpdump i can see that ip on the request, i used this command (sorry i'm not an expert!): tcpdump -c 200 -n -i eth0 port not ssh And saw a lots of something like this: 19:38:04.137665 IP 1.2.3.4.http > 5.6.7.8.25338: Flags [.], seq 20441:23361, ack 0, win 237, length 2920: HTTP...

Yeah it goes directly to the resource (an image in this case), status 200. I never used iptraf or tcpdump, i saw that we have tcpdump command available through ssh, how can i use it to check this problem? Thanks!

No it's really too strange, because requestes are all through the entire image directory (splitted in years/months, wordpress cms). I tried to disable the entire site for 5 minutes (no cache) to look if those comes from some plugins but requestes kept coming, no malware detected in any of the...

Hi, I have found on 4 of my domains a lot of access request (of images) from the same ip of my server, how can i find who makes all those request to block them? There isn't even any user agents, all requests are like this (ex. server ip 1.2.3.4): 1.2.3.4 - - [04/Nov/2021:00:58:12 +0100] "GET...