DDoS

DDoS Protection Service
Apache Website not loading – DDoS

To check if your server is getting DDoS, you can use netstat command.

netstat -anp | grep 'tcp' | awk '{print $5}' | cut -d: -f1 | sort| uniq -c | sort -n

netstat -lantp|egrep ":80 "|awk '{print $5}'|cut -d: -f1|sort|uniq -c|sort -nr|head
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
netstat -alpn | grep :80 | awk '{print $4}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n

Instead of netstat, you can also use ss command

ss -tan state established | grep ":80\|:443" | awk '{print $4}' | cut -d':' -f1 | sort -n | uniq -c | sort -n

Once you find the offending IP address, you can block it in the firewall.

To Verify if an IP is blocked

iptables -L -n | grep 'IP_ADDR_HERE'

Block Attack with CSF firewall

vi /etc/csf/csf.conf

Set CT_LIMIT to 30, set it back to 100 after attack stop.

CT_LIMIT = "30"

Set SYNFLOOD to 1, set it back to 0 after DDoS attack stop.

SYNFLOOD = "1"

Block Attack with CSF firewall

Comments

Leave a Reply Cancel reply

More posts

Route Specific Subnet Through OpenVPN

How to stop all services on a cpanel server

Upgrade MariaDB 10.3 to 10.5 on Ubuntu 20.04

How to hide a WordPress Plugin