Tracing out going attacks

view story

http://serverfault.com – I have noticed ALOT of the following: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=ME DST=OUT LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=44395 DF PROTO=TCP SPT=55901 DPT=10080 WINDOW=14600 RES=0x00 SYN URGP=0 How can I figure out which website is sending such an attack? PHP is running as fast_cgid with CloudLinux. (HowTos)