How to find out which website is under DDOS or being attacked?

Bryan McClure

Bryan McClure

Well-known member
Registered
Joined
Jul 20, 2016
Messages
271
Points
18
Hello,
I have 6 websites on a VPS, sometimes one of them seems getting DDOS attacks and it is making my server overload. How can i find out which website is under DDOS or being attacked? any help?
 
hostens

hostens

Well-known member
Hosting Provider
Registered
Joined
Jan 18, 2017
Messages
215
Points
28
Usually, the attack is for the specific IP address the website is using. If the attack is to the specific site, you should be able to see the information in the Apache logs in the server. The site getting the attacks will have a full log of the requests to it.
 
rowebca

rowebca

New member
Registered
Joined
Nov 4, 2018
Messages
12
Points
3
You can use "netstat" command to check this:

Bash: 
netstat -ntu|awk '{print $5}'|cut -d: -f1 -s|sort|uniq -c|sort -nk1 -r
You should investigate if is 100+ / ip.

Regards
 
ronica

ronica

New member
Registered
Joined
Nov 11, 2019
Messages
2
Points
1
Hi,
use this command for see all attacker IP
Code: 
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

netstat -n | grep :80 | grep SYN |wc -l

netstat -n | grep :80 |wc -l
when my hosting or dedicated server is under ddos attack i find attacker ip with this command
best solution for find ddos attack in vps hosting and dedicated server is use netstat

Regards -

offshore hosting
 
Last edited:
NoFrillsCloud

NoFrillsCloud

Member
Registered
Joined
Nov 13, 2019
Messages
15
Points
3
Going forward you may want to put your websites behind CloudFlare which will help cut down a majority of attacks.

The CloudFlare Free plan is good enough so there's no reason to not use it IMO.
 
tuxandrew

tuxandrew

Well-known member
Registered
Joined
Aug 19, 2012
Messages
126
Points
18
You can find the attackers IP using the netstat command, but if it DOS attack only then blocking the IPs would save the server, for DDOS attacks, the attacker IPs would be changing constantly, so blocking the IPs is not a solution.

Alternately you can check the Apache access logs, find which log file is written more and which url was accessed heavily in past hours, that would make a better sense on the attacked target on your server.

In the case of DDOS, either you need contact the provider for any hardware filters to filter the traffic.
If the attack is url/domain specific then you should be using any thirdparty services like CLOUDFLARE to filter the traffic.
 
Last edited:
serveria

serveria

Member
Registered
Joined
Dec 7, 2019
Messages
36
Points
8
If you're on cpanel just check Apache Status when attack starts. That should give you a hint on which domain is being attacked.
 
You must log in or register to reply here.
Older Threads
L
Hi, This is Casey K
Replies
1
Views
1,085
Chris Worner
bountysite
Webhosting Directory List
Replies
6
Views
1,930
UH-Peter
MilesWeb
[MilesWeb] Freedom Sale | 60% OFF on SSD Linux & Windows Hosting | Free Domain, SSL, Migration
Replies
0
Views
1,050
MilesWeb
Kaz Wolfe
How to ban an email spamming on my website?
Replies
3
Views
2,045
Fusion Arc Hosting
0DayHost
Hello ForumWEB
Replies
3
Views
2,115
webwerksDC
Newer Threads
dnsme
special sale - Vps ram 2GB 1$ per month
Replies
2
Views
1,911
dnsme
hostnamaste
Microsoft Fixes Critical Windows 10 Wormable Remote Desktop Flaws
Replies
0
Views
1,012
hostnamaste
BillEssley
How to install iconv for plesk onyx?
Replies
1
Views
2,396
VirtuBox
HostingORA
Webhosting review
Replies
0
Views
1,016
HostingORA
MilesWeb
[MilesWeb] Save 25% on DigitalOcean Managed Cloud VPS | Starts at $9/mo
Replies
0
Views
882
MilesWeb
Latest Threads
J
Jtti April promotion, 40% off on Hong Kong cluster servers/US cluster servers, minimum monthly payment starts at $218.6
Replies
0
Views
118
jtti
DemoTiger
How plans of big giants affect web hosting providers like you.
Replies
1
Views
192
BlueLeaf
M
Mobile App
Replies
0
Views
252
masterkind
AlpineHost
Trouble with Stripe webhook endpoint
Replies
1
Views
352
AlbaHost
viseo
Anyone for free WordPress hosting?
Replies
2
Views
248
BlueLeaf
Recommended Threads
wpspeedster
How to install Linux, Nginx, MySQL, PHP (LEMP) stack on CentOS 7
Replies
5
Views
4,767
VirtuBox
Cheerag Nundlall
Checking Memcached Usage on WordPress Site?
Replies
11
Views
1,235
radwebhosting
HostYourNet-DR
OFFER HostYourNet - 50% off cPanel Reseller Hosting - UK Host Provider
Replies
0
Views
1,482
HostYourNet-DR
mcottle
How to check if my web host is using new or old MySQL?
Replies
7
Views
2,402
mcottle
arindamb
What are warning signs of a Bad Hosting Provider?
Replies
13
Views
5,746
ulterios
Similar Threads
S
Need help with finding best tools for my website
Replies
12
Views
1,455
Kaz Wolfe
Chris Worner
How to find which is making your website load slowly?
Replies
7
Views
1,675
KeepItPortable
Maxoq
Find hosting provider from a website?
Replies
17
Views
2,555
S4 Hosting
ahirehost
How To Find The Real IP Address Of A Website Behind CloudFlare
Replies
2
Views
1,774
AECHostingNet
Moebuntu
How can I find the version of PHP that is running on a website?
Replies
16
Views
6,145
David Beroff

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • domain
  • free
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top