Help figure out what is causing high usage

I’ve got one particular droplet which hosts downloadable content to paid members.

However, there is often the case where several of the DO alerts are triggered (and the threshold is set pretty high). However, I am unable to determine if this is legitimate usage or some form of attack.

I’ve got Google Analytics on the site, but that doesn’t help (the highest users in the past 90 days is 22). It has geolocation, but whenever I’ve checked the days, they’ve been inconsistent (sometimes UK, sometimes US, once South Korea).

I had the alerts triggered this morning, and according to analytics, I had one user, who accessed the site hours before it happened.

It generally happens roughly 5-7AM GMT, but not all the time.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi there,

If you are using a webserver like Nginx or Apache, what I could suggest is using this script here to summarize your access lots:

Quick access logs summary

This is a BASH script which will quickly summarize your access logs and provide you with very useful information like:

  • Top 20 POST requests
  • Top 20 GET requests
  • Top 20 IP logs and their geo-location

It should help you determine if the top post and get requests are legitimate or not.

Let me know how it goes! Regards, Bobby