If you are getting ddos. To stop it temporarily, you can use following commands. These commands will work if you have csf firewall installed on your server. It will block those ip's having number of connection to server. It is not always good practice to block Ip's, it can be used when your server is flooded with httpd connections and syn attack.
for i in `netstat -plan | grep :80 |awk '{print $5}' | cut -f1 -d:| sort | uniq |sort -n | tail -3`; do csf -d $i; done;
for i in `netstat -anp | grep SYN* |awk '{print $5}' | cut -f1 -d:| sort | uniq |sort -n | tail -5`; do csf -d $i; done;
No comments:
Post a Comment