Home » All Server Support » How to find your server is under DDOS Attack

How to find your server is under DDOS Attack

your-server-is-under-DDOS-Attack
10 Sep

How to find your server is under DDOS Attack

By All Server Support, Cpanel, DirectAdmin, Linux Plesk, Linux Server Comments Off on How to find your server is under DDOS Attack

Here is a command line to run on your server if you think your server is under DDOS attack.  The commands given below prints out list of open connections on your server and sorts them by connection amount.

RedHat:

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

BSD:

netstat -na |awk ‘{print $5}’ |cut -d “.” -f1,2,3,4 |sort |uniq -c |sort -n

You can also check for connections by running the following command.

netstat -plan | grep :80 | awk ‘{print $4 }’ | sort -n | uniq -c | sort

 

These are few step to be taken when you feel the server is under attack:

  •  Check the load using the command “w“.
  •  Check which service is utilizing maximum CPU by “nice top“.
  •  Check which IP is taking maximum connection by
  • netstat -anpl|grep :80|awk {‘print $5’}|cut -d”:” -f1|sort|uniq -c|sort -n
  • Then block the IP using firewall (APF or iptables “apf -d < IP>” )

You can consider using the following methods to secure your server.

1) Use third party DDOS protection service like https://www.purevpn.com/ddos.php

2) Configure CSF firewall and enable SYN Flood protection

3) Configure sysctl parameters in your server to drop attacks.

 

 

Share this post

Author

Founder & CEO of 24x7servermanagement.com with 20 years of experience in Cloud Infrastructure, Managed IT Services, Systems Administration, Devops, Microservices & Kubernetes. Certified AWS Cloud, Certified Kubernetes Administrator.

Related Posts

wordpress-security
23 May

The Thing – WordPress Security

No !! its not about John Carpenter’s 1982 horror movie  ( The Thing). But its about the horror things [...]

Read More
Install-SSL-On-Parallels-Plesk-Panel-10-And-Plesk-11
14 Feb

Install SSL On Parallels Plesk Panel 10 And Plesk 11

Log in to Parallels Plesk Panel as admin. If necessary, switch to Service Provider view From the Hosting Services menu, click [...]

Read More
how-to-security-mysql-in-cpanel
08 Apr

How to Secure Mysql server on Cpanel

Mysql is one of most popular database server widely used on Linux operating system.  Its very robust and offers [...]

Read More
Plesk-Server-Ports
29 Jul

Plesk Server Ports

If you are planning to install APF or any other firewall on Plesk Linux server make sure you know [...]

Read More
How-To-Check-Plesk-mta-qmail-posftfix
22 May

How To Check Plesk MTA And How To Switch From QMail To Postfix And Back?

There are two MTA that are supported by Plesk since version 9: – Qmail – Postfix Each time, only one of them [...]

Read More
Apache-With-The-apachectl-Command
07 Oct

Apache With The apachectl Command

The Apache Web server is arguably the best and most powerful Web server software available for any operating system. [...]

Read More
WordPress Website Security Steps
28 Jul

Protect your WordPress website in 10 simple steps.

Recently we encountered a situation where one of our client’s website was compromised. The website is a WordPress website [...]

Read More
repair-mail-server-configuration-on-plesk-server
01 Mar

How to repair mail server configuration on plesk server ?

Use mchk utility to repair/rebuild mail server configuration and restore settings for all mailboxes created in Parallels Plesk Panel. /usr/local/psa/admin/sbin/mchk [...]

Read More
Server Attack
08 Oct

How to Detect Outbound Server Attack

This article describes how to detect outbound server attack and tackle abuse complaints on your web hosting environments. It’s not [...]

Read More
RAID-Setup
18 Jul

RAID Setup

The following steps will explain you how to setup RAID 1 on a Linux Server:- Make sure you backup all-important [...]

Read More
24x7servermanagement