Knowledgebase


Portal Home > Knowledgebase > Abuse > How can I tell if I'm being attacked?


How can I tell if I'm being attacked?




When experiencing a DoS or DDoS attack,the first thing you will most likely notice is that server is unresponsive or is very slow to respond.

Check your Bandwidth Graphs

The first thing you should do is check your server's bandwidth graphs. You can do this through our control panel by visiting your Bandwidth Statistics page and viewing the past 24 hours or even the past hour alone. If you see that your traffic has spiked and the port is fully saturated (or close to it), you are most likely under attack.

Identify and Block Attackers

If you have some connectivity to your server, you can attempt to block some of the attack by blocking IP addresses having several connections to your server. Use the following command to list your active connections by IP address:

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

You can then use IP Tables, or the firewall of your choice, to block all traffic from that IP address.
An IP Tables example would be:

/sbin/iptables -I INPUT -s x.x.x.x -p tcp -j DROP /sbin/iptables -I INPUT -s x.x.x.x -p udp -j DROP

This would cause all TCP and UDP traffic to be dropped from this specific IP address (represented by x.x.x.x).
 


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
What is Phishing? (Views: 1942)

Language: