HostOnNet Blog

ddos

To see list of IP connect to port 80 of your web server, run

netstat -alpn | grep :80 | awk '{print $5}' | awk -F: '{print $(NF-1)}' | sort | uniq -c | sort -n

Blocking DDoS with CSF

vi /etc/csf/csf.conf

Set CT_LIMIT to 30, set it back to 100 after attack stop.

CT_LIMIT = "30"

Set SYNFLOOD to 1, set it back to 0 after DDoS attack stop.

SYNFLOOD = "1"

Posted in Linux