How to check and prevent DDOS attack towards server

Stop worrying about your server.

cPanel/Plesk Server Management for just $59/mo with Unlimited tickets, Unlimited admin hours, Security audits, 24×7 monitoring and lot more 

cPanel Server Management  $59/mo Click here

Plesk Server Management $59/mo Click here

How to check and prevent DDOS attack towards server:

As you all know DDOS attack is a Distributed Denial of Service where more than one compromised servers will start attacking towards a single server. This will result in the compromise of the destination server and hence the attack will shutdown your server because of high load that is generated during the period of attack. You need to take more measurements in securing the server against all types of attacks. The chances for compromising accounts depends on the password strength and outdated CMS on your accounts. So always use more complex passwords for all the accounts including for cPanel,ftp,website admin etc.

How to check server for DDOS attack:

You will be able to check the server against DDOS attack using the following netstat commands,

netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort |uniq -c | sort -n

The above netstat command will show the connections towards server from external IP addresses. The result of the command on our test server is shown below,

[email protected] [~]# netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort |uniq -c | sort -n
 19 106.76.71.46
 19 175.101.68.41
 20 27.97.17.252
 21 106.219.39.17
 21 141.5.8.128
 23 141.5.9.39
 23 182.65.141.166
 26 107.167.187.137
 28 107.167.103.208
 29 141.0.11.138
141 37.228.106.7
446 49.23.124.146

Here the digits in the left side denotes the number of connection and the IP address on the right side is the source IP address.

Once you noticed mass number of connections from an external IP towards your server, then you need to block the IP address using server firewall. But before that you need to confirm that the IP address is not an IP that assigned to your server. For blocking IP address on firewall use the command below,

csf -d IPaddress

Example:

csf -d 49.23.124.146

This will block the connections from the corresponding IP address on the server.

Also if you need to find the state of each connection and the value you can use the command below,

netstat -an|grep ":80"|awk '/tcp/ {print $6}'|sort| uniq -c

The output will be like,

[email protected] [~]# netstat -an|grep “:80″|awk ‘/tcp/ {print $6}’|sort| uniq -c
7 CLOSING
110 ESTABLISHED
33 FIN_WAIT1
52 FIN_WAIT2
10 LAST_ACK
8 LISTEN
23 SYN_RECV
1342 TIME_WAIT

You can also install the following Apache modules to control the arrack,

DOS-Deflate
mod_security
mod_dosevasive
Enable anti-DOS for APF

Also above all these recommendations we are providing complete security to your server by tweaking the server for security and it will prevent server from attack and other security related issues. For that please use our Secure Server plan.

If you need our help to fix any issues on your server. Please feel free to contact us, simply email to [email protected]

Monthly server support with Unlimited tickets, 24×7 monitoring, Security Audit and lot more for just $59 

Server Management at just $59

Leave a Reply

Your email address will not be published. Required fields are marked *