How to check if your Linux server is under DDOS Attack?

Login to your server as root and fire the following command, using  which you can check if your server is under DDOS attack or not:
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort –n
This command will show you the list of IP’s which have logged in is maximum number of connections to your server.

ddos becomes more complex as attackers  use fewer connections with more number of attacking IP’s.In such cases, you should get less number of connections even when your server is under ddos.One important thing that you should check is the number of active connections that your server currently has.For that execute the following command:
netstat -n | grep :80 |wc –l
The above command will show the active connections that are open to your server.

You can also fire the following command :
netstat -n | grep :80 | grep SYN |wc –l
Result of active connections from the first command will vary but if it shows connections more than 500, then you will be definitely having problems. If the result after you fire second command is 100 or above then you are having problems with sync attack.

Once you get an idea of the ip attacking your server, you can easily block it.

Fire the following command to block that ip or any other specific ip:

route add ipaddress reject

Once you block a paricular IP on the server, you can even crosscheck if the IP is blocked or not

by using the following command:

route -n |grep IPaddress

You can also block a IP with iptables on the server by using the following command.

iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT

service iptables restart

service iptables save

After firing the above command, KILL all httpd connection and than restart httpd service by

using following command:

killall -KILL httpd

service httpd startssl

  • 1 Kasutajad peavad seda kasulikuks
Kas see vastus oli kasulik?

Seotud artiklid

Can I use my domain name or must I use my IP address as the hostname for FTP?

Using your IP address (192.168.22.22  is an example IP address) is the preferred entry for...

Can you transfer my sites from my current host to my new VPS?

Yes. We will transfer all of your sites free* of charge and will assure that you experience no or...

Do you allow MP3 files? Do you allow streaming of videos?

Yes we do with our special plans at http://hostripples.in/avs-hosting.php

Do you support Cold Fusion?

We do not support or Cold Fusion on our shared hosting servers, however you are more than welcome...