How to find out which website is under DDOS or being attacked?

Bryan McClure

Well-known member
Registered
Joined
Jul 20, 2016
Messages
271
Points
18
Hello,
I have 6 websites on a VPS, sometimes one of them seems getting DDOS attacks and it is making my server overload. How can i find out which website is under DDOS or being attacked? any help?
 

hostens

Well-known member
Hosting Provider
Registered
Joined
Jan 18, 2017
Messages
215
Points
28
Usually, the attack is for the specific IP address the website is using. If the attack is to the specific site, you should be able to see the information in the Apache logs in the server. The site getting the attacks will have a full log of the requests to it.
 

rowebca

New member
Registered
Joined
Nov 4, 2018
Messages
12
Points
3
You can use "netstat" command to check this:

Bash:
netstat -ntu|awk '{print $5}'|cut -d: -f1 -s|sort|uniq -c|sort -nk1 -r
You should investigate if is 100+ / ip.

Regards
 

ronica

New member
Registered
Joined
Nov 11, 2019
Messages
2
Points
1
Hi,
use this command for see all attacker IP
Code:
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

netstat -n | grep :80 | grep SYN |wc -l

netstat -n | grep :80 |wc -l
when my hosting or dedicated server is under ddos attack i find attacker ip with this command
best solution for find ddos attack in vps hosting and dedicated server is use netstat

Regards -

offshore hosting
 
Last edited:

NoFrillsCloud

Member
Registered
Joined
Nov 13, 2019
Messages
15
Points
3
Going forward you may want to put your websites behind CloudFlare which will help cut down a majority of attacks.

The CloudFlare Free plan is good enough so there's no reason to not use it IMO.
 

tuxandrew

Well-known member
Registered
Joined
Aug 19, 2012
Messages
126
Points
18
You can find the attackers IP using the netstat command, but if it DOS attack only then blocking the IPs would save the server, for DDOS attacks, the attacker IPs would be changing constantly, so blocking the IPs is not a solution.

Alternately you can check the Apache access logs, find which log file is written more and which url was accessed heavily in past hours, that would make a better sense on the attacked target on your server.

In the case of DDOS, either you need contact the provider for any hardware filters to filter the traffic.
If the attack is url/domain specific then you should be using any thirdparty services like CLOUDFLARE to filter the traffic.
 
Last edited:

serveria

Member
Registered
Joined
Dec 7, 2019
Messages
36
Points
8
If you're on cpanel just check Apache Status when attack starts. That should give you a hint on which domain is being attacked.
 
Latest Threads
Replies
1
Views
15
Replies
0
Views
170
Replies
1
Views
36
Replies
2
Views
80

Latest postsNew threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top