Have you ever hand lots of traffic from certain IPs causing immense load on your server? They can not only hurt your business but could also taint your analytics data, tricking you into thinking that you are getting more real traffic than you are. It has taken me a long time to finally come up with a working approach to find and block these types of IPs. The first command I use all the time is for
This is a general command that uses Apache domain log files to show the top 30 IP addresses with the most requests on the current day. If you are getting an IP that is making an abnormal number of requests to resources on your server, this command will find it. It is not perfect though. In certain cases, you will want to see which pages are being hit by problematic IPs.
The idea here is to find out which IPs are hitting a specific page. You can always use a real-time visitor widget like the ones from whos.among.us to find out pages that are being targeted. Use their link with the above command, and you will have a list of IPs hitting them. While this is not a foolproof approach, it has saved me a lot of time every time malicious IPs tried to bring my site down or steal my content.