Skip to content

Usefull tools and Links to fight DDOS attacks

Viewing 1 post (of 1 total)
  • Author
  • #192640

    I am going to put some stuff I have being using to deal with DDOS attacks and how to make it easier obtaining Ips of the attackers.
    Netstat commands: You will need to have access to your VPS via SSH.
    To find how many ip are connected and how many connections they have.

    netstat -an | grep ".80" | awk '{print $5}' | sed 's/.[^.]*$//' | sort | uniq -c | sort -n

    You will get this result.
    Other: To find out how much CPU the attack is using on the server.
    You will get something like this
    12:04:18 up 1 day, 18:55, 1 user, load average: 0.46, 0.99, 0.95
    SSH Script I use to restart the VPS when the CPU is over 3.0:

    load=cat /proc/loadavg | awk '{print $1}'
    response=echo | awk -v T=$trigger -v L=$load 'BEGIN{if ( L > T){ print "greater"}}'
    if [[ $response = "greater" ]]
    # log file
    echo "$(date) : Nginx Restart due to $load server load" >> $high_load_log;
    systemctl stop mariadb
    systemctl stop nginx.service
    sleep 30s;
    systemctl start mariadb
    systemctl start nginx.service

    Links: This are links of sites you can use to help you make it easier to deal with organizing and finding Proxies that attackers can use.
    Links to find out if they are proxies:

    Proxies Lists:

    Sorting Ips Links:

    Notepad ++
    Notepad ++ Commands: Bring up the replace window by clicking ctrl+h
    ^(.*? ) use to remove anything to the left of an space in this case 1 it will come up like this
    :.*$ this will replace everything after the “:” character in the case of you will get
    1 – Create a shortcut on the desktop to putty.exe
    2 – Rename the shortcut to PuTTY –
    3 – Right-click shortcut and choose Properties
    4 – Modify the target similar to:
    “C:Program FilesPuTTYputty.exe” -pw password
    5 – Click OK
    Use this putty.exe -ssh -pw mypasswordforsomewherecom
    Block DDOS attacks from WordPress sites.

    # WordPress Pingback Request Denial
    if ($http_user_agent ~* "WordPress|MJ12bot") {
    return 444;
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.