Home/ Questions/Q 6980607
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T18:02:50+00:00

I’m using the following command to check how many connections I have from a

  • 0

I’m using the following command to check how many connections I have from a single ip

netstat -anp |grep ':80' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

If it’s DDOS attack(500+ connections), it’s easy to detect. But I still have at any given time 60-100 connections from single Ip. Can it be a Human or it’s some sort of bots/spiders?

This is what i have at the moment(it top 6).

48 217.212.230.***
54 46.63.105.***
55 62.235.175.***
56 79.235.188.***
60 178.27.93.***
63 31.16.96.***

This server is for dynamic content. (Apache2, keepalive off)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your problem is probably that your HTTP server is not configured to support keepalive! Configure that first of all.

    If you do not configure keepalive, the browser will open one connection to your server for each element in the page. With keepalive, it opens only one for many elements, depending on how your keepalive is configured.

    Also, consider using cache directives: static content does not need to be downloaded each time.

    If you use Apache, it is done by the core (for keepalive) and mod_expires (for cache directives). Keepalive and mod_expires are the two MOST important things to configure if you want a performant website.

    • 0