How to check ddos attack on server

How to check ddos attack on server

A quick and useful command for checking if a server is under ddos:
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nThat will list the IPs taking the most amounts of connections to a server. It is important to remember that ddos is becoming more sophisticated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.

Dedicated Hosting

Another very important thing to look at is how many active connections your server is currently processing.

netstat -n | grep :80 |wc -l

netstat -n | grep :80 | grep SYN |wc -l

The first command will show the number of active connections that are open to your server. Many of the attacks typically seen work by starting a connection to the server and then not sending any reply making the server wait for it to time out. The number of active connections from the first command is going to vary widely but if you are much above 500 you are probably having problems. If the second command is over 100 you are having trouble with a syn attack.

To Block a certain IP address that on server .Please use following commands


route add ipaddress reject

for example route add reject

You can check whether given IP is blocked on server by using following command

route -n |grep IPaddress



use follwoing command to block a ip with iptables on server

service iptables restart

service iptables save


Then KILL all httpd connection and restarted httpd service by using following command

killall -KILL httpd

service httpd startssl

Dedicated Hosting

Like this post ?

Share on your Social Networking Profile ( Facebook, Twitter & Google+ ) and get a flat 10% Recurring discount on our VPS Hosting and Dedicated Servers.

Email us the shared link at : [email protected] or speak to our live chat operator now, by clicking on the “Live Chat” Scroller on the left-hand side of this page and we will provide you with the discount Coupon right away!



  1. Pingback:Como detectar un ataque DDOS en Plesk sobre CentOS | Rodrigo Mantillán

Leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.