I need some direction in figuring out what’s going on here.
I have an EC2 instance that is running a WordPress site. Inbound traffic on the instance is spiking to alarming levels which are not consistent with the usage of the website. Outbound traffic is relatively normal.
This slows down the website and
Apache logs do not reflect the traffic that is hitting the server. There is nothing out of the ordinary in the logs, except for many ‘Internal dummy connections’ which are spawned by the server, and which, according to my reading’ are nothing to worry about.
WordFence (WordPress security plugin) shows nothing out of the ordinary either. So I’m doubtful that it is an attack of some sort.
What steps can I take to learn the source and content of the traffic that is hitting my EC2 instance?
(Sorry if this is a vague question. I’m not an EC2 expert, and this is all the information I have).