I’ve got one particular droplet which hosts downloadable content to paid members.
However, there is often the case where several of the DO alerts are triggered (and the threshold is set pretty high). However, I am unable to determine if this is legitimate usage or some form of attack.
I’ve got Google Analytics on the site, but that doesn’t help (the highest users in the past 90 days is 22). It has geolocation, but whenever I’ve checked the days, they’ve been inconsistent (sometimes UK, sometimes US, once South Korea).
I had the alerts triggered this morning, and according to analytics, I had one user, who accessed the site hours before it happened.
It generally happens roughly 5-7AM GMT, but not all the time.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi there,
If you are using a webserver like Nginx or Apache, what I could suggest is using this script here to summarize your access lots:
This is a BASH script which will quickly summarize your access logs and provide you with very useful information like:
- Top 20 POST requests
- Top 20 GET requests
- Top 20 IP logs and their geo-location
It should help you determine if the top post and get requests are legitimate or not.
Let me know how it goes! Regards, Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.