Skip to content

Usefull tools and Links to fight DDOS attacks

Viewing 1 post (of 1 total)
  • Author
    Posts
  • October 4, 2015 at 4:14 pm #192640
    Admin
    Administrator

    I am going to put some stuff I have being using to deal with DDOS attacks and how to make it easier obtaining Ips of the attackers.
    Netstat commands: You will need to have access to your VPS via SSH.
    To find how many ip are connected and how many connections they have.

    netstat -an | grep ".80" | awk '{print $5}' | sed 's/.[^.]*$//' | sort | uniq -c | sort -n

    You will get this result.
    1 108.174.145.239
    1 66.249.64.63
    2 197.246.28.194
    2 197.246.32.123
    2 197.35.145.1
    6 116.105.71.22
    Other: To find out how much CPU the attack is using on the server.
    uptime
    You will get something like this
    12:04:18 up 1 day, 18:55, 1 user, load average: 0.46, 0.99, 0.95
    SSH Script I use to restart the VPS when the CPU is over 3.0:

    #!/bin/bash
trigger=3.0
load=cat /proc/loadavg | awk '{print $1}'
response=echo | awk -v T=$trigger -v L=$load 'BEGIN{if ( L > T){ print "greater"}}'
if [[ $response = "greater" ]]
then
# log file
high_load_log='/home/checkload/restart.log';
echo "$(date) : Nginx Restart due to $load server load" >> $high_load_log;
systemctl stop mariadb
systemctl stop nginx.service
sleep 30s;
systemctl start mariadb
systemctl start nginx.service
fi

    Links: This are links of sites you can use to help you make it easier to deal with organizing and finding Proxies that attackers can use.
    Links to find out if they are proxies:

    Proxies Lists:

    Sorting Ips Links:

    Software:
    Notepad ++
    https://notepad-plus-plus.org/
    Notepad ++ Commands: Bring up the replace window by clicking ctrl+h
    ^(.*? ) use to remove anything to the left of an space in this case 1 66.249.64.63 it will come up like this 66.249.64.6
    :.*$ this will replace everything after the “:” character in the case of 66.249.64.6:80 you will get 66.249.64.6
    Putty
    1 – Create a shortcut on the desktop to putty.exe
    2 – Rename the shortcut to PuTTY – server.com
    3 – Right-click shortcut and choose Properties
    4 – Modify the target similar to:
    “C:Program FilesPuTTYputty.exe” user@server.com -pw password
    5 – Click OK
    Use this putty.exe -ssh root@somewhere.com -pw mypasswordforsomewherecom
    Block DDOS attacks from WordPress sites.

    # WordPress Pingback Request Denial
if ($http_user_agent ~* "WordPress|MJ12bot") {
return 444;
}
  • Author
    Posts

Related

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.