This is just a short guide on how to find the main offenders in case of web server hammering. Sample of eventual output: netstat -natp | grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n | tail 25 195.150.23.130 25 67.222.164.140 [...]