DDOS is a problem for webmasters and web admin. Crippling DDOS web server rejected the demand for a normal user and reduces the efficiency of business operations website.Sau and here are a few tips to recognize DDOS along with plans to cope.When the server suddenly slow as turtles, all of the servers are handling very heavy, it is likely due to one or the following reasons:
1. Server is [FONT = Tahoma, Helvetica, SimSun, sans-serif] DDOS [/ FONT]
2. Server is overloaded due to lack of RAM
3. Server is overloaded due to the processing speed of the CPU does not guarantee
4. The speed of data access needs HDD read / write of data. (Usually occurs on the SATA drive or HDD 72krpm coming down)
In this article we are going to issue No. 1, with DDOS server, 2,3,4 problems can be overcome easily by hardware upgrades.
Figure illustrates a simple DDOS attacks
Check if the server is DDOS or not:
From the Linux command line type:
1
netstat-anp | grep 'tcp \ | udp' | awk '{print $ 5}' | cut-d:-f1 | sort | uniq-c | sort-n
Top questions brings up many series IP for server connection. It should be noted that DDOS can come from a small connection. Thus, the results returned low connection you can still in a state under attack.
Another method:
1
2
3
netstat-n | grep: 80 | wc-l
netstat-n | grep: 80 | grep SYN | wc-l
The first command returns the number of active connection (connection is active). Many types of DDOS attacks by opening a connection to the server connection and doing nothing makes the server wait until timeout. So if the first command returns 500, then your server is more likely to be DDOS.
2nd line of code returns 100 results on the server you are most likely in an episode of syn DDOS attack.
Note: The above calculation is only relative, a number of website traffic is huge, the method can detect incorrect.
Some methods to overcome:
Quickest way to overcome the block of IP connection takes up most of the "rush hour":
Option 1:
1
2
3
route add-ip local-only reject
route add 192.168.0.168 reject
Check with the command: route-n | grep-ip local-only
Method 2: use iptables
1
2
3
iptables-A INPUT 1-s local-only-ip-j DROP / REJECT service iptables restart
service iptables save
Then delete all the current connection and restarted httpd service
1
2
3
killall-KILL httpd
service httpd restart
If completing the steps above but still slow server, it means that your problem is encountered in the case of 2,3,4 ... upgrade the server just to meet the access needs of users.
Không có nhận xét nào:
Đăng nhận xét