Usefull tools and Links to fight DDOS attacks

I am going to put some stuff I have being using to deal with DDOS attacks and how to make it easier obtaining Ips of the attackers.
Netstat commands: You will need to have access to your VPS via SSH.
To find how many ip are connected and how many connections they have.

netstat -an | grep ".80" | awk '{print $5}' | sed 's/.[^.]*$//' | sort | uniq -c | sort -n

You will get this result.
1 108.174.145.239
1 66.249.64.63
2 197.246.28.194
2 197.246.32.123
2 197.35.145.1
6 116.105.71.22
Other: To find out how much CPU the attack is using on the server.
uptime
You will get something like this
12:04:18 up 1 day, 18:55, 1 user, load average: 0.46, 0.99, 0.95
SSH Script I use to restart the VPS when the CPU is over 3.0:

#!/bin/bash
trigger=3.0
load=cat /proc/loadavg | awk '{print $1}'
response=echo | awk -v T=$trigger -v L=$load 'BEGIN{if ( L > T){ print "greater"}}'
if [[ $response = "greater" ]]
then
# log file
high_load_log='/home/checkload/restart.log';
echo "$(date) : Nginx Restart due to $load server load" >> $high_load_log;
systemctl stop mariadb
systemctl stop nginx.service
sleep 30s;
systemctl start mariadb
systemctl start nginx.service
fi

Links: This are links of sites you can use to help you make it easier to deal with organizing and finding Proxies that attackers can use.
Links to find out if they are proxies:
http://www.shroomery.org/ythan/proxyblock.php

IP Lookup


https://geoiptool.com/
http://www.infobyip.com/ipbulklookup.php
Proxies Lists:
https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4
Sorting Ips Links:
http://textmechanic.com/Remove-Duplicate-Lines.html
http://textmechanic.com/Sort-Text-Lines.html
Software:
Notepad ++
https://notepad-plus-plus.org/
Notepad ++ Commands: Bring up the replace window by clicking ctrl+h
^(.*? ) use to remove anything to the left of an space in this case 1 66.249.64.63 it will come up like this 66.249.64.6
\:.*$ this will replace everything after the “:” character in the case of 66.249.64.6:80 you will get 66.249.64.6
Putty
1 – Create a shortcut on the desktop to putty.exe
2 – Rename the shortcut to PuTTY – server.com
3 – Right-click shortcut and choose Properties
4 – Modify the target similar to:
“C:\Program Files\PuTTY\putty.exe” user@server.com -pw password
5 – Click OK
Use this putty.exe -ssh root@somewhere.com -pw mypasswordforsomewherecom
Block DDOS attacks from WordPress sites.

# WordPress Pingback Request Denial
if ($http_user_agent ~* "WordPress|MJ12bot") {
return 444;
}

Leave a Reply

You must Register or Login to comment on Usefull tools and Links to fight DDOS attacks