I have a virtual server set up and the access log is full of hundreds of lines like below - 3 or 4 of these coming in per second… (XXX.XXX.XXX.XXX is the IP address of my virtualmin server)
So these requests are coming from my machine. I haven’t a clue whats going on, can anyone help explain what the cause of these requests may be and how I can investigate further?
Here’s the result of your suggestion; I’m not entirely sure how to interpret it - where is the process identified? - Thanks for your help. (server ip is 82.68.151.12)
Unfortunately the process ID is not shown for TIME_WAIT connections. You need to repeat the command (possibly quickly) and try to catch the connections while in ESTABLISHED state.
Glad you figured it out! And yes, not all of the connections you’re seeing would be associated with the problem, it can be other traffic too.
Next step, you might want to ask the server owner what kind of scripts he has on his account, and why they perform that great number of requests you’ve been seeing. It COULD be malware, but it’s more likely just a script running amok.