Home > Uncategorized > DDOS attack check

DDOS attack check

August 3rd, 2013 Leave a comment Go to comments

DDOS attack

Whenever the load in the server increases due to a particular user in the server. Check the following:

You can check the user in top.

Find the domain owned by the user:

grep username /etc/userdomains

use the following command after you get the domain name:

less /usr/local/apache/domlogs/domain.com | awk ‘{print $1}’ | sort | uniq -c | sort -n

This will give the ip and number of connections in the descending order. For example:

13832 65.51.111.143
19112 66.250.68.289
208262 157.55.16.77

In the above case we can see too many connections from those ips. This is surely abnormal. Immediately block such ips in the server using csf or block that ips in hosts.deny.

 

 

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.