How can I tell if I'm being attacked?

When experiencing a DoS or DDoS attack,the first thing you will most likely notice is that server is unresponsive or is very slow to respond.

Check your Bandwidth Graphs

The first thing you should do is check your server's bandwidth graphs. You can do this through our control panel by visiting your Bandwidth Statistics page and viewing the past 24 hours or even the past hour alone. If you see that your traffic has spiked and the port is fully saturated (or close to it), you are most likely under attack.

Identify and Block Attackers

If you have some connectivity to your server, you can attempt to block some of the attack by blocking IP addresses having several connections to your server. Use the following command to list your active connections by IP address:

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

You can then use IP Tables, or the firewall of your choice, to block all traffic from that IP address.
An IP Tables example would be:

/sbin/iptables -I INPUT -s x.x.x.x -p tcp -j DROP /sbin/iptables -I INPUT -s x.x.x.x -p udp -j DROP

This would cause all TCP and UDP traffic to be dropped from this specific IP address (represented by x.x.x.x).
 
  • 220 Users Found This Useful
Was this answer helpful?

Related Articles

How Do I Remove My IP From Trend Micro's DUL ?

If you encounter issues sending e-mail due to a listing in Trend Micro's DUL (Dial-up/Dynamic...

What is Phishing?

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such...

Receiving 550 Access denied Invalid HELO name ?

If you're getting this error when sending out email. Please check your email setting: Setting...

Malicious Network Traffic

What is Malicious Network Traffic? Rackbank considers Malicious Network Traffic as any of the...

Do you offer DDoS Protection?

We do not offer a commercial DDoS mitigation solution at this time. However, depending on the...