Usefull tools and Links to fight DDOS attacks

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #66829
    imFiles
    Administrator

    I am going to put some stuff I have being using to deal with DDOS attacks and how to make it easier obtaining Ips of the attackers.
    Netstat commands: You will need to have access to your VPS via SSH.
    To find how many ip are connected and how many connections they have.

    netstat -an | grep ".80" | awk '{print $5}' | sed 's/.[^.]*$//' | sort | uniq -c | sort -n

    You will get this result.
    1 108.174.145.239
    1 66.249.64.63
    2 197.246.28.194
    2 197.246.32.123
    2 197.35.145.1
    6 116.105.71.22
    Other: To find out how much CPU the attack is using on the server.
    uptime
    You will get something like this
    12:04:18 up 1 day, 18:55, 1 user, load average: 0.46, 0.99, 0.95
    SSH Script I use to restart the VPS when the CPU is over 3.0:

    #!/bin/bash
    trigger=3.0
    load=cat /proc/loadavg | awk '{print $1}'
    response=echo | awk -v T=$trigger -v L=$load 'BEGIN{if ( L > T){ print "greater"}}'
    if [[ $response = "greater" ]]
    then
    # log file
    high_load_log='/home/checkload/restart.log';
    echo "$(date) : Nginx Restart due to $load server load" >> $high_load_log;
    systemctl stop mariadb
    systemctl stop nginx.service
    sleep 30s;
    systemctl start mariadb
    systemctl start nginx.service
    fi

    Links: This are links of sites you can use to help you make it easier to deal with organizing and finding Proxies that attackers can use.
    Links to find out if they are proxies:
    http://www.shroomery.org/ythan/proxyblock.php
    http://whatismyipaddress.com/ip-lookup
    https://geoiptool.com/
    http://www.infobyip.com/ipbulklookup.php
    Proxies Lists:
    https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4
    Sorting Ips Links:
    http://textmechanic.com/Remove-Duplicate-Lines.html
    http://textmechanic.com/Sort-Text-Lines.html
    Software:
    Notepad ++
    https://notepad-plus-plus.org/
    Notepad ++ Commands: Bring up the replace window by clicking ctrl+h
    ^(.*? ) use to remove anything to the left of an space in this case 1 66.249.64.63 it will come up like this 66.249.64.6
    \:.*$ this will replace everything after the “:” character in the case of 66.249.64.6:80 you will get 66.249.64.6
    Putty
    1 – Create a shortcut on the desktop to putty.exe
    2 – Rename the shortcut to PuTTY – server.com
    3 – Right-click shortcut and choose Properties
    4 – Modify the target similar to:
    “C:\Program Files\PuTTY\putty.exe” user@server.com -pw password
    5 – Click OK
    Use this putty.exe -ssh root@somewhere.com -pw mypasswordforsomewherecom
    Block DDOS attacks from WordPress sites.

    # WordPress Pingback Request Denial
    if ($http_user_agent ~* "WordPress|MJ12bot") {
    return 444;
    }
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.