How to check DOS/DDOS attack in the server
These are few steps to be taken when you feel that the server is under DOS/DDOS attack:
Step 1: Check the load in the server using the command "w" or "uptime".
Step 2: Check which process is utilizing maximum CPU by "top -cd3" & press SHIFT +M. This will show you the memory usage in decreasing order.
Step 3: Check which IP address is taking maximum connection using the command:
netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n
Step 4: Check the IP address of the server having maximum connection using the command:
netstat -alpn | grep :80 | awk '{print $4}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n
Step 5: Then block the IP address using APF firewall "apf -d <IP address>" or using CSF firewall "csf -d <IP address>
Thank you.
Step 1: Check the load in the server using the command "w" or "uptime".
Step 2: Check which process is utilizing maximum CPU by "top -cd3" & press SHIFT +M. This will show you the memory usage in decreasing order.
Step 3: Check which IP address is taking maximum connection using the command:
netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n
Step 4: Check the IP address of the server having maximum connection using the command:
netstat -alpn | grep :80 | awk '{print $4}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n
Step 5: Then block the IP address using APF firewall "apf -d <IP address>" or using CSF firewall "csf -d <IP address>
Thank you.
Thanks for this helpful information I agree with all points you have given to us.Please visit once at ddoscube.com.
ReplyDeleteIn my opinion, great content is above all. So focusing on creating good quality content is the solution.
ReplyDelete