How to check and mitigate DDoS on VPS or Dedicated Server
You can access your VPS/Dedicated Server root access by putty command, here you can apply following SSH commands.
To see what Ips are connecting to server and how many connections exist from each IP:
| netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n |
To see how many connections each IP on the server is receiving:
| netstat -plan |grep :80 | awk '{print $4}' | cut -d: -f1 | sort | uniq -c | sort -n |
Get the count of current Active connections to Apache:
| netstat -apn | grep :80 | wc -l |
Get Apache status update from command line to see which domain is receiving maximum hits:
| lynx http://localhost/whm-server-status |
If you notice any particular IP suspicious, you can block that particular IP address on your server by using the following command.
| route add ipaddress reject |
| Ex: route add 169.90.0.56 reject |
To make sure if the IP is blocked on the server on not, you can cross check it by entering the following command.
| route -n |grep Ipaddress |
If you are familiar with iptables rules, you can even block an IP with it by using the following command.
| iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT service iptables restart service iptables save |
Once you enter the above command, make sure you KILL all the httpd connections and restart the httpd service by entering the following command.
| killall -KILL httpd service httpd startssl |
