Few steps to be taken when you feel that the server is under DDOS attack:
Few steps to be taken when you feel that the server is under DDOS attack:
Step 1: Check the load using the command “w”.
Note: ‘print $5’ indicates the IP address which are having connections from external.
Step 4: Check the IP address of the server having maximum connection using the command:
Note: ‘print $4’ indicates the IP address which is configured in the server.
Step 5: Then block the IP address using APF firewall “apf -d” or using CSF firewall “csf -d
Step 2: Check which service is utilizing maximum CPU by “nice top”.
Step 3: Check which IP address is taking maximum connection using the command:
netstat -anpl|grep :80|awk {‘print $5’}|cut -d”:” -f1|sort|uniq -c|sort -n
Note: ‘print $5’ indicates the IP address which are having connections from external.
Step 4: Check the IP address of the server having maximum connection using the command:
netstat -alpn | grep :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c
or
## netstat -alpn | grep :80 | awk ‘{print $4}’ |awk -F: ‘{print $(NF-1)}’ |sort |uniq -cÂ
Note: ‘print $4’ indicates the IP address which is configured in the server.
Step 5: Then block the IP address using APF firewall “apf -d
