In a modern days because of heavy competition many time DDOS attacks occur on Servers to destroy the reputation of hosting company.The lack of DDOS attack understanding many time tech engineers are not able to understand the attack and only monitoring the server and RAM memory.
In initial stage in DDOS attack, first check the connection for Apache web server by using the following simple commands.
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n | tail
If any ip having excessive connection to the server then block it in the server by using the following command.
iptables -A INPUT -s xx.xx.xx.xx -p tcp –dport 80 -j DROP
iptables -A INPUT -s xx.xx.xx.xx drop
Now monitor the server for excessive connection ip for 10 to 15 minutes and block ips and if still having issue then refer to the following URL “DDOS attack solution part 2“
