Detect and combat DDoS attacks on servers - VPS
Thứ Hai, 26 tháng 5, 2014
DDOS is a problem for the webmaster or admin. Here I would like to introduce a few tricks to identify DDOS and some countermeasures when servers are DDOS. When the server
suddenly slow as turtles, all of the servers are handling very heavy, it is likely due to one or the following reasons: 1. Been DDOS Server 2. Server is overloaded due to lack of RAM 3. Server is overloaded due to the processing speed of the CPU does not guarantee 4. The data access speed of the HDD not meet the needs read / write of data. (Usually happens on the SATA drive or HDD 72krpm coming down) In this article we are going to issue No. 1, the server was DDOS, 2,3,4 problems can be overcome easily by hardware upgrades. Check if the server has been DDOS or not: From the Linux command line type:
Code:
netstat-anp | grep 'tcp \ | udp' | awk '{print $ 5}' | cut-d:-f1 | sort | uniq-c | sort-n
Top Questions series will return multiple IP accounts for server connection. It should be noted that DDOS can come from a small amount of connection.Thus the results returned low connection you can still in a state under attack. Another method:
Code:
netstat-n | grep: 80 | wc-l
netstat-n | grep: 80 | grep SYN | wc-l
The first command returns the number of active connection (connection is active). Many
types of DDOS attacks by opening a connection to the server and then
connect not do anything cause the server to wait until the timeout. So if the first command returns on your 500, the server is more likely to be DDOS. 2nd command line returns 100 results on the server you are more likely in an episode of syn DDOS attack. Note: The above calculation is only relative, some websites have huge traffic, then this method can detect incorrect. Some recovery methods: The fastest way to overcome that block the IP connection takes up most of the "rush hour": Option 1:
Code:
route add ip-address-only reject
For example, your guy what it's IP is 180.87.42.50 daivietpda DDoS is for it to
Code:
reject route add 180.87.42.50
Check with the command: route-n | grep-ip local-only Method 2: use iptables
Code:
iptables-A INPUT 1-s local-only-ip-j DROP / REJECT service iptables restart
service iptables save
Then delete all the current connection and restart the httpd service
Code:
killall-KILL httpd service httpd restart
If
completing the steps outlined on that server is slow, it means that
your problem is encountered in the case of 2,3,4 ... just upgrade the
server to meet the access needs of users. (Collection)
Trung tâm tải phần mềm cho máy tính, laptop, iPhone, Android, Window...
» News
» Phần mềm chống DDoS
» Detect and combat DDoS attacks on servers - VPS
![[Linux] Tutorial remove (uninstall)...](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGpS7BXceVMmS5MaegBZOjAp1u4-3Votj7VvL2K85wS77hVK9arQNwBS2RfEZIYkKq3tMhCWStX6Hst7kD39egG7_AzH7Wlddme8hWElpxiwIoOzOLS_OXylsuwwUQ8egOHlJXn-qR6X8/s400/noimage.png "[Linux] Tutorial remove (uninstall)...")
![[Linux VPS] Guide update php, mysql...](http://sv9x.net/images/smilies/Cuoi-Nhan-Rang.gif "[Linux VPS] Guide update php, mysql...")
![[Linux] Tutorial install Nginx - ph...](http://up.mwap.biz/files/2121b22429b9f780380ec2b029bcd212/c5eee1896752e5ac19a3a0bb34fbab4b/nginx.png "[Linux] Tutorial install Nginx - ph...")
All comments [ 0 ]
Your comments