How to check DOS/DDOS attack in the server

These are few steps to be taken when you feel that the server is under DOS/DDOS attack:

Step 1: Check the load in the server using the command "w" or "uptime".

Step 2: Check which process is utilizing maximum CPU by "top -cd3" & press SHIFT +M. This will show you the memory usage in decreasing order.

Step 3: Check which IP address is taking maximum connection using the command:

netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n

Step 4: Check the IP address of the server having maximum connection using the command:

netstat -alpn | grep :80 | awk '{print $4}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n

Step 5: Then block the IP address using APF firewall "apf -d <IP address>" or using CSF firewall "csf -d <IP address>

Thank you.

Comments

  1. Thanks for this helpful information I agree with all points you have given to us.Please visit once at ddoscube.com.

    ReplyDelete
  2. In my opinion, great content is above all. So focusing on creating good quality content is the solution.

    ReplyDelete

Post a Comment

Popular posts from this blog

SVN: File remains in conflict

HowTo: Enable extended logging for exim

Error: could not open mime types config file