How to find where requests are coming from

Hello,

We have a small DigitalOcean droplet that hosts a few sites. Last night around 8 PM local time I received a notification that CPU usage was > 70 % for five minutes (it normally hovers at 1-3% and was averaging over 90%). I spent hours looking into it trying to find the cause, but was unable to find the root of the issue. I did find out that blocking HTTPS traffic caused the problem to disappear immediately.

I registered for Cloudflare, changed DNS settings, and turned on the “I’m under attack” mode. Once this kicked in, the server immediately dropped down to it’s normal idle of 1-3% and I went to bed. I woke up today and have over 2.5 million requests from the US (we normally receive less than 5k requests per day).

Is there a way for me to see what IP address or where these requests are originating from? I would like to figure out what is going on so that I’m not just blocking millions of requests on an ongoing basis.

Thank you!

https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

If Apache, ignore option #1 altogether.

Also, the Cloudflare dashboard should provide you with insight too.

Thank you sandro, that pointed me in the right direction, truly appreciate your immediate response!

This topic was automatically closed after 31 days. New replies are no longer allowed.