1. Find.. to which IP address in the server is targeted by the ddos attack
netstat -plan | grep :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c
2. Find… from which IPs, the attack is coming
netstat -plan | grep :80 | awk ‘{print $5}’ | cut -d: -f1 |sort |uniq -c
3. Then find the TTL values of the attacking IP addresses
tcpdump -nn -vvv host xxxx |grep yyy (xxxx = ip attacking and yyyy = ip being attacked)
usually we need only tcpdump -nn -vvv host xxxx (as attack is coming from numerous ips)
4. Now block all the ips matching the TTL value obtained from the above script
iptables -A INPUT -p tcp -s 0.0.0.0/0 -d yyyy -m ttl –ttl-eq=zzz -j DROP (zzz is the ttl value)
——————————————————————————————————————-
Install mod security and dos evasive
——————————————————————————————————————-
Harden the sysctl parameters (kernel params) to mitigate the current attack.
Increasing the backlog queue size and decreasing the backlog queuing time might help a bit.
——————————————————————————————————————-
Also install an open source script to prevent DDoS attack to certain extend.
http://deflate.medialayer.com/
MediaLayer was in need of a script to automatically mitigate (D)DoS attacks. The necessity started when MediaLayer was the target of a rather large, consistent attack originating from multiple IP addresses. Each IP would have a large amount of connections to the server, as shown as by:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
It became a general practice for us to be blocking IPs with a large amount of connections, but we wanted to get this automated. Zaf created a script mitigate this kind of attack. We kept improving it to meet our own needs and eventually posted it on Defender Hosting’s Forum. (D)DoS-Deflate is now recognized as one of the best ways to block a (D)DoS attack at the software level.
License Agreement
You can view a copy of the license agreement here.
Installation
wget http://www.inetbase.com/scripts/ddos/install.sh chmod 0700 install.sh ./install.sh
Uninstalling
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos chmod 0700 uninstall.ddos ./uninstall.ddo
Reference : http://deflate.medialayer.com/
![How to Fix: Could Not Connect to Server in FileZilla [Solved]](https://www.serveradminz.com/blog/wp-content/uploads/2022/02/THUMB-500x383.png)
EUUUT