MyHosti - International hosting-center Help

Русский English
  • Дома
  • FAQ
  • Administration VDS/Server
  • How to identify a DDoS attack?

Категории

  • Domain names
  • Shared/Reselling hosting
  • Administration VDS/Server
  • SSL certificates
  • Software
  • Other
How to identify a DDoS attack?

First you need to perform a presence attack, to do this, look at the number of Apache processes.

Debian:

ps aux | grep apache2 | wc -l
CentOS:
ps aux | grep httpd | wc -l

If processes more than 35, probably you are attack.

Now, we need to find the website on which the attack.

Go to the directory with the access logs of the sites:

cd /var/www/httpd-logs

Pay attention to files with a larger size:

du -hs *
and analyzed for anomalies:
cat big_log.access.log | awk '{print $1}' | sort | uniq -c

This command will show the number of request to a website with a unique IP.

For a more detailed investigation of the intruder, clear the log file:

echo "" > big_log.access.log

And re-analyse the log file for anomalies by performing the command:

cat big_log.access.log | awk '{print $1}' | sort | uniq -c

If you are using iptables, block the offenders:

iptables -I INPUT -s 1.1.1.1 -j DROP
© MyHosti International, 2013-2020

International hosting center. "MyHosti" works only with the checked methods. In our interests development of your website and growth of its profitability. We watch our reputation and we always equal hopes which on us are laid.

Компания
  • About us
  • Blog
  • Shares
  • FAQ
  • Payment
  • Vacancy
  • Customer Support
Информация
  • Data-center
  • Service programs
  • Documents
  • Status network
  • Services
Поиск статей
€ $ ₽
Яндекс.Метрика
службы мониторинга серверов Uptime по данным Ping-Admin.Ru - сервиса мониторинга доступности сайтов
HostDB.ru - портал о хостинге и хостинг-провайдерах