How to find where requests are coming from


We have a small DigitalOcean droplet that hosts a few sites. Last night around 8 PM local time I received a notification that CPU usage was > 70 % for five minutes (it normally hovers at 1-3% and was averaging over 90%). I spent hours looking into it trying to find the cause, but was unable to find the root of the issue. I did find out that blocking HTTPS traffic caused the problem to disappear immediately.

I registered for Cloudflare, changed DNS settings, and turned on the “I’m under attack” mode. Once this kicked in, the server immediately dropped down to it’s normal idle of 1-3% and I went to bed. I woke up today and have over 2.5 million requests from the US (we normally receive less than 5k requests per day).

Is there a way for me to see what IP address or where these requests are originating from? I would like to figure out what is going on so that I’m not just blocking millions of requests on an ongoing basis.

Thank you!

If Apache, ignore option #1 altogether.

Also, the Cloudflare dashboard should provide you with insight too.

Thank you sandro, that pointed me in the right direction, truly appreciate your immediate response!