Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    DDOS Check - IP Block
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    DDOS Check - IP Block

    picypicy Member
    edited April 2013 in General

    How to check whether i am in DDOS and how do i black the ip.

    When i see active connection i get these results http://prntscr.com/11jek6

    Comments

    • If your server isn't falling over http://deflate.medialayer.com/ is a fast solution

      Retired!

    • picypicy Member

      And the ip are http://prntscr.com/11jgdq

    • Try:

      netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
      

      And see if you notice any IPs at the bottom.

    • jarjar Provider
      edited April 2013

      I'm told this is an up to date version of DDOS deflate, which seems to be flawed in that it doesn't do what it was intended to do most of the time.
      https://github.com/ess/citadel

      Use iptraf to determine your in/out tcp/udp PPS. This usually tells you what's happening pretty well.

      HB | Block AS9009 (M247) for unfiltered abuse and ignoring abuse complaints

    • SpeedBusSpeedBus Member, Provider

      Something I've noticed about the original version of ddos deflate, is that it has this bug where it wont exactly block the IP, not too sure if it's been fixed, but a fix can be found at,
      http://blog.everymanhosting.com/webhosting/dos-deflate-blocks-numbers-not-ip-addresses/

      CrownCloud | Los Angeles, California | Frankfurt, Germany | Amsterdam, The Netherlands

    • picypicy Member

      This is what i see at the bottom http://prntscr.com/11jh5k

    • jarjar Provider
      edited April 2013

      Looks like just a little http DOS. Plenty you can do, but even free cloudflare I'd expect to handle that right there if you want a quick and simple solution.

      HB | Block AS9009 (M247) for unfiltered abuse and ignoring abuse complaints

    • mod_evasive , mod_deflate in apache as well an option if you are using apache.

      you can rate limit http with iptables

      rate limit in nginx..

      Retired!

    Sign In or Register to comment.