How to identify DDoS attack?

harrygreen90

Active member
Joined
Dec 17, 2013
Messages
67
Points
8
Hello all,

I'm new to this. How do you know or identify if my VPS is under a DDoS attack?

Thanks in advance.
Harry G.
 

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
This is not simple question to awnser. Servers can be attacked via DDOS in many different ways from packet attacks to a particular service being targeted such as Apache.

This command will show the ips are connecting to server and how many connections exist from each IP:
Code:
 netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
If it's zombie bot attack you will see many thousands of connections.

Show the active connections to Apache

Code:
 netstat -apn | grep :80 | wc -l

DDOS is not really something dealt with on the server level but rather the network level. I recommend CSF firewall and it's included DDOS protection, it will start blocking IP when it detects huge amounts of connections or raw traffic.

Hope this helps
 

GswHosting

Well-known member
Registered
Joined
Aug 23, 2016
Messages
233
Points
0
I will recommend to install mod_security, I know that he can handle some DDos attaks.
Maybe its better to contaminate with CSF firewall
 
Older Threads
Newer Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top