How to find out which website is under DDOS or being attacked?

Bryan McClure

Well-known member
Joined
Jul 20, 2016
Messages
251
Best answers
1
Ratings
20 1
Points
18
#1
Hello,
I have 6 websites on a VPS, sometimes one of them seems getting DDOS attacks and it is making my server overload. How can i find out which website is under DDOS or being attacked? any help?
 

hostens

Well-known member
Joined
Jan 18, 2017
Messages
215
Best answers
2
Ratings
85 9
Points
28
#3
Usually, the attack is for the specific IP address the website is using. If the attack is to the specific site, you should be able to see the information in the Apache logs in the server. The site getting the attacks will have a full log of the requests to it.
 

rowebca

New member
Joined
Nov 4, 2018
Messages
8
Best answers
0
Ratings
2 1
Points
3
#7
You can use "netstat" command to check this:

Bash:
netstat -ntu|awk '{print $5}'|cut -d: -f1 -s|sort|uniq -c|sort -nk1 -r
You should investigate if is 100+ / ip.

Regards
 

ronica

New member
Joined
Nov 11, 2019
Messages
2
Best answers
0
Ratings
1
Points
1
#8
Hi,
use this command for see all attacker IP
Code:
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

netstat -n | grep :80 | grep SYN |wc -l

netstat -n | grep :80 |wc -l
when my hosting or dedicated server is under ddos attack i find attacker ip with this command
best solution for find ddos attack in vps hosting and dedicated server is use netstat

Regards -

offshore hosting
 
Last edited:
Joined
Nov 13, 2019
Messages
15
Best answers
0
Ratings
5
Points
3
#9
Going forward you may want to put your websites behind CloudFlare which will help cut down a majority of attacks.

The CloudFlare Free plan is good enough so there's no reason to not use it IMO.
 

tuxandrew

New member
Joined
Aug 19, 2012
Messages
0
Best answers
0
Ratings
1
Points
2
#11
You can find the attackers IP using the netstat command, but if it DOS attack only then blocking the IPs would save the server, for DDOS attacks, the attacker IPs would be changing constantly, so blocking the IPs is not a solution.

Alternately you can check the Apache access logs, find which log file is written more and which url was accessed heavily in past hours, that would make a better sense on the attacked target on your server.

In the case of DDOS, either you need contact the provider for any hardware filters to filter the traffic.
If the attack is url/domain specific then you should be using any thirdparty services like CLOUDFLARE to filter the traffic.
 
Last edited:

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top