Detect Hacker/Spammer IP from network Linux

By April 17, 2017No Comments

To display client / server ESTABLISHED connections only:
$ netstat -nat | grep 'ESTABLISHED'

Use this command to detect any unwanted connection established in non-regular port especially used by spammer or hacker.

To check how many connection from 1 IP, you can use

netstat -tn 2>/dev/null | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head

It will display something similar to this:

Leave a Reply