I recently wrote a cluster article that made it to the front page of digg.com. This was by far the most traffic my site has ever seen and I was very happy to see it happen.
Shortly after being digg’ed (dugg, digg’d, eh never mind) I started thinking of what I could do to best spend my time while all the traffic was coming in, so I SSH’ed into my server. Here are fun things I came up with to do while being digg’ed
‘tail -f‘ your apache dom logs. Watch all the different IPs flow by, all looking at the same page. Very rarely did I see anyone poke around. They always just checked out the one article and left. I’ll have to tweak the site a bit to make it more sticky.
‘iptraf’. Its a hoot. Watching all the connections come in (80 new connections in about 10 seconds) I couldn’t help but flash back to working the night shift as a sysadmin at Liquidweb. I would always run this utility on a machine that was on the receiving end of a DDoS attack. The effect is very similar.
Knowing “the greater your exposure the greater your risk”, I started to get paranoid. I checked my /tmp and /var/tmp (and all other world writable dirs) quickly to look for any odd files. I ran ‘netstat -a‘ a few times to make sure no one was poking around on ports they didn’t belong on. Then I ran ‘tail -f /var/log/messages‘ for a while. In doing so I found someone start trying to brute force my ftp daemon. I grep‘ed my domlogs for the ip and find he was referred to my webpage from digg. Ha! Being paranoid paid off! 
I added the IP to my firewall’s black list and kept watching for a while.
I was then informed by my friend Shelby that I should really be running bsuite for wordpress and google analytics. Google wasn’t accepting any new users so I scrambled and installed bsuite. I must admit that it is pretty damn cool for generating blog specific stats.
Throughout this entire process I was amazed to see that the large amounts of traffic barely made my little ole P4 (webmaster series from Liquidweb) break a sweat. The load hung around 0.5 at max.
After all was said and done, I went from an average of 20 unique visitors per day to 5,000 for the last 2 days. It brought me a total of 11,000 unique visitors over the past 4 days and is still growing as tons of other sites linked to it.
So to recapp,
- ‘netstat -a‘ to ensure no one is poking around
- regularly check all 777 directories
- ‘iptraf‘ to watch it all go down
- ‘tail -f /var/log/messages‘
- ‘tail -f‘ your apache domain logs for your site.
- ‘uptime‘ or ‘top‘ to monitor your load. ‘watch -n 30 uptime‘ will refresh it every 30 seconds.
Thanks digg’ers. I’ll keep writing them, if you keep coming and reading them. Remember that I have a bunch of other useful posts in my various categories, stay a wile and poke around 