Why does the server have activity when nothing running except the server?
I loaded LAMP Stack and DoveCot one other mail MDA, and havent done anything else like redirect DNS and for long periods, upto 6 hours i.e. 4am til 10am, there is a constant public access even when I am not logged on and no website open to the IP. It has sucked up 66 of 67 MB of transfer usage. I uploaded a web page, but like I said it should, and is not even accessed even when looking at the IP in a browser window. (another configuration problem I working on at other times)
1 Reply
jcardillo
Linode Staff
It's very common for new servers to immediately start receiving traffic from outside sources. For example, some of the traffic may be malicious in an attempt to gain unauthorized access to your server. (These are known as brute force attacks.) Or some of this traffic may be coming from security researchers.
Any login attempts would be recorded in your auth logs, and successful logins would be recorded in your utmp or wtmp files:
/var/log/secure or /var/log/auth.log #Authentication log
/var/log/utmp or /var/log/wtmp #Login records file
You also have the option to use a tool like Fail2ban to ban repeated brute force attempts (for example).
If you'd like to dig into it further you can also view your Apache logs to view your site traffic and source IP addresses to determine where the traffic is originating from:
/var/log/httpd/ or /var/log/apache2 #Apache access and error logs directory