How to check and prevent DDOS attack towards server:
As you all know DDOS attack is a Distributed Denial of Service where more than one compromised server will start attacking towards a single server. This will result in the compromise of the destination server and hence the attack will shutdown your server because of high load that is generated during the period of attack. You need to take more measurements in securing the server against all types of attacks. The chances for compromising accounts depend on the password strength and outdated CMS on your accounts. So always use more complex passwords for all the accounts including for cPanel,ftp,website admin etc.
How to check the server for DDOS attack:
You will be able to check the server against DDOS attack using the following netstat commands,
netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort |uniq -c | sort -nThe above netstat command will show the connections towards server from external IP addresses. The result of the command on our test server is shown below,
root@testserver [~]# netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort |uniq -c | sort -n
19 106.76.71.46 19 175.101.68.41 20 27.97.17.252 21 106.219.39.17 21 141.5.8.128 23 141.5.9.39 23 182.65.141.166 26 107.167.187.137 28 107.167.103.208 29 141.0.11.138 141 37.228.106.7 446 49.23.124.146
Here the digits in the left side denote the number of connections and the IP address on the right side is the source IP address.
Once you noticed a mass number of connections from an external IP towards your server, then you need to block the IP address using server firewall. But before that, you need to confirm that the IP address is not an IP that assigned to your server. For blocking IP address on firewall use the command below,
csf -d IPaddressExample:
csf -d 49.23.124.146
This will block the connections from the corresponding IP address on the server.
Also if you need to find the state of each connection and the value you can use the command below,
netstat -an|grep ":80"|awk '/tcp/ {print $6}'|sort| uniq -cThe output will be like,
root@testserver [~]# netstat -an|grep “:80″|awk ‘/tcp/ {print $6}’|sort| uniq -c
7 CLOSING
110 ESTABLISHED
33 FIN_WAIT1
52 FIN_WAIT2
10 LAST_ACK
8 LISTEN
23 SYN_RECV
1342 TIME_WAIT
You can also install the following Apache modules to control the arrack,
DOS-Deflate mod_security mod_dosevasive Enable anti-DOS for APF
Also above all these recommendations, we are providing complete security to your server by tweaking the server for security and it will prevent the server from attack and other security-related issues. For that please use our Secure Server plan.
Leave A Comment