Shell Script List All Top IP Address Accessing Apache / Lighttpd Web Server

Author: Vivek Gite Last updated: December 30, 2008 9 comments

#!/bin/bash
# Shell Script To List All Top Hitting IP Address to your webserver.
# This may be useful to catch spammers and scrappers.
# -------------------------------------------------------------------------
# Copyright (c) 2004 nixCraft project <http://www.cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
 
# where to store final report?
DEST=/var/www/reports/ips
 
# domain name
DOM=$1
 
# log file location
LOGFILE=/var/logs/httpd/$DOM/access.log
 
# die if no domain name given 
[ $# -eq 0 ] && exit 1
 
# make dir 
[ ! -d $DEST ] && mkdir -p $DEST
 
# ok, go though log file and create report 
if [ -f $LOGFILE ]
then
	echo "Processing log for $DOM..."
	awk '{ print $1}' $LOGFILE | sort  | uniq -c  | sort -nr > $DEST/$DOM.txt
	echo "Report written to $DEST/$DOM.txt"
fi

How do I run this script?

Simply run it as follows:
./script nixcraft.com
Sample output (1st coloum is counter and 2nd is IP address):

  13687 72.30.87.116
   7416 66.249.71.138
   7402 66.249.71.140
   7261 66.249.71.139
   6510 74.86.49.130
   4879 67.195.37.159
   4121 66.90.104.20
   3958 93.158.144.27
   3262 122.172.49.89

You can block all spammers and content scrappers bots using Linux iptables or BSD pf firewall itself.

Get the latest tutorials on SysAdmin, Linux/Unix, Open Source, and DevOps topics:

RSS feed or Weekly email newsletter
Share to Twitter • Facebook • 9 comments... add one ↓

Related Shell Scripts:

Category	List of Unix and Linux commands
File Management	cat
Firewall	CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Network Utilities	dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time
Searching	grep • whereis • which
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

9 comments… add one

Ravi Nov 10, 2009 @ 11:02
Can this SCript Send a mail with output?
Can someone tell me how i can send a mail with above ip list.
Reply Link
joe Aug 11, 2009 @ 15:22
The sort on ip’s is alphabetic which is not quite right for looking at the numbered segments. so your script only works because the second sort is working on the count produced by uniq -c. Is the first sort even needed?
Reply Link
Mox Jul 17, 2009 @ 18:34
I think you should pipe the output of the report generating command to tail, otherwise you will get “every” address logged to your resulting report file. And the title of the script is top ip addresses accessing apache / lighthttpd not all unique ip addresses which is what your script is producing.
Here a what i mean, with this you get the top 20 hitters only.
awk ‘{ print $1}’ $LOGFILE | sort | uniq -c | sort -nr | tail -20 > $DEST/$DOM.txt
Reply Link
- Saqib May 10, 2016 @ 17:03
  Use “head” instead of tail, this way output shows only last 20 IP hit your website just one time.
  Top 20 IPs hits site multiple times.
  awk ‘{ print $1}’ $LOGFILE | sort | uniq -c | sort -nr | head -20 > $DEST/$DOM.txt
  Reply Link
dsplabs Jun 22, 2009 @ 13:18
I use iptstate :)
Reply Link
🐧 Vivek Gite Mar 7, 2009 @ 19:29
Set LOGFILE variable. Usually, each server is configured with different location.
Reply Link
someone Mar 7, 2009 @ 13:30
hello when i stored it on my server i use this command:
chmod +x ipcacher.sh
and then when i try ./ipcacher.sh
i dont see anything
plz help me and reply my comment by sendig mail to me tnx
Reply Link
benim Feb 5, 2009 @ 18:32
hi ,
i want to know, how i restart the script from zero or what is restart command..
normally it begins from zero every midnight(00.00)
thx
best regards
Reply Link
kpb Jan 29, 2009 @ 21:20
Great script !! I made a script somewhat like this to check secure logs for failed ssh connections.
Keep up the good work!
Reply Link