How to check if a Linux server is compromised by a DDoS attack

Source: Internet
Author: User
Tags iptables

Log on to your server with the root user to execute the following command, using it you can check whether your server is in a DDoS attack or not:

NETSTAT-ANP |grep ' tcp\|udp ' | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort–n

This command displays a list of the maximum number of IPs that are logged on that are connected to the server.

DDoS becomes more complex, as attackers use fewer connections, more IP-attacking servers, and you get fewer connections, even if your server is attacked. It is important that you check the current active connection information for your server and execute the following command:

Netstat-n | Grep:80 |wc–l

The above command will show all active connections that open your server.

You can also use the following command:

Netstat-n | grep:80 | grep SYN |wc–l

The result of a valid connection from the first command will be different, but if it shows a connection greater than 500, then there will be a problem.

If the result of the second command is 100 or more, the server may be attacked synchronously.

Once you get a list of IPs attacking your server, you can easily block it.

Isomorphism the following command to block IP or any other specific IP:

Route add IPAddress Reject

Once you have organized a specific IP access on the server, you can check it to prevent tofu from being effective.

By using the following command:

Route-n |grep IPaddress

You can also block the specified IP with iptables by using the following command.

Iptables-a INPUT 1-s ipadress-j drop/reject

Service Iptables Restart

Service Iptables Save

After the above command is executed, stop the HTTPD connection and restart the httpd service.

Use the following command:

Killall-kill httpd

Service httpd Startssl

How to check if a Linux server is compromised by a DDoS attack

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.