Usefull tools and Links to fight DDOS attacks

I am going to put some stuff I have being using to deal with DDOS attacks and how to make it easier obtaining Ips of the attackers.
Netstat commands: You will need to have access to your VPS via SSH.
To find how many ip are connected and how many connections they have.

netstat -an | grep ".80" | awk '{print $5}' | sed 's/.[^.]*$//' | sort | uniq -c | sort -n

You will get this result.
Other: To find out how much CPU the attack is using on the server.
You will get something like this
12:04:18 up 1 day, 18:55, 1 user, load average: 0.46, 0.99, 0.95
SSH Script I use to restart the VPS when the CPU is over 3.0:

load=cat /proc/loadavg | awk '{print $1}'
response=echo | awk -v T=$trigger -v L=$load 'BEGIN{if ( L > T){ print "greater"}}'
if [[ $response = "greater" ]]
# log file
echo "$(date) : Nginx Restart due to $load server load" >> $high_load_log;
systemctl stop mariadb
systemctl stop nginx.service
sleep 30s;
systemctl start mariadb
systemctl start nginx.service

Links: This are links of sites you can use to help you make it easier to deal with organizing and finding Proxies that attackers can use.
Links to find out if they are proxies:

IP Lookup
Proxies Lists:
Sorting Ips Links:
Notepad ++
Notepad ++ Commands: Bring up the replace window by clicking ctrl+h
^(.*? ) use to remove anything to the left of an space in this case 1 it will come up like this
\:.*$ this will replace everything after the “:” character in the case of you will get
1 – Create a shortcut on the desktop to putty.exe
2 – Rename the shortcut to PuTTY –
3 – Right-click shortcut and choose Properties
4 – Modify the target similar to:
“C:\Program Files\PuTTY\putty.exe” -pw password
5 – Click OK
Use this putty.exe -ssh -pw mypasswordforsomewherecom
Block DDOS attacks from WordPress sites.

# WordPress Pingback Request Denial
if ($http_user_agent ~* "WordPress|MJ12bot") {
return 444;

Leave a Reply

You must Register or Login to comment on Usefull tools and Links to fight DDOS attacks