DDoS
DDoS Protection Service
Apache Website not loading – DDoS
To check if your server is getting DDoS, you can use netstat command.
1 |
netstat -anp | grep 'tcp' | awk '{print $5}' | cut -d: -f1 | sort| uniq -c | sort -n |
Or
1 2 3 |
netstat -lantp|egrep ":80 "|awk '{print $5}'|cut -d: -f1|sort|uniq -c|sort -nr|head netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n netstat -alpn | grep :80 | awk '{print $4}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n |
Once you find offending IP address, you can block it in firewall or using routing table.
To Verify if an IP is blocked
1 |
iptables -L -n | grep 'IP_ADDR_HERE' |
Block Attack with CSF firewall
1 |
vi /etc/csf/csf.conf |
Set CT_LIMIT to 30, set it back to 100 after attack stop.
1 |
CT_LIMIT = "30" |
Set SYNFLOOD to 1, set it back to 0 after DDoS attack stop.
1 |
SYNFLOOD = "1" |