{"id":1457,"date":"2014-08-07T12:11:14","date_gmt":"2014-08-07T10:11:14","guid":{"rendered":"https:\/\/www.hostking.host\/blog\/?p=1457"},"modified":"2014-08-07T12:11:14","modified_gmt":"2014-08-07T10:11:14","slug":"managing-ddos-attack-config-server-firewall","status":"publish","type":"post","link":"https:\/\/www.hostking.host\/blog\/managing-ddos-attack-config-server-firewall\/","title":{"rendered":"Managing a DDOS Attack with Config Server Firewall"},"content":{"rendered":"

I’m writing this as we get questions from some of our VPS Clients using cPanel and CSF as to how to block or stop a DDOS attack when it occurs.<\/p>\n

There are many ways but we use the below which seems to help alot.<\/p>\n

Do it in the below order \ud83d\ude42<\/p>\n

To show number of connections and IP address<\/span><\/h2>\n
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n\n(The above shows you how many connections are currently active - If you see thousands and keeps increasing continue)<\/pre>\n
netstat -alpn | grep\u00a0:80 | awk '{print $4}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n\n<\/pre>\n
To Verify a IP is blocked<\/span><\/h2>\n
iptables -L -n | grep 'IP_ADDR_HERE'\nBlock the IP using the above or do it via CSF in the interface if it can be accessed.<\/pre>\n
CSF SETTINGS<\/span><\/h2>\n
vi \/etc\/csf\/csf.conf\n<\/pre>\n
Set CT_LIMIT to 30, set it back to 100 or 200 after attack stop.<\/p>\n
CT_LIMIT = \"30\"\n<\/pre>\n
Set SYNFLOOD to 1, set it back to 0 after DDoS attack stop.<\/p>\n
SYNFLOOD = \"1\"\n\nWe do hope the above helps.<\/pre>\n","protected":false},"excerpt":{"rendered":"
I’m writing this as we get questions from some of our VPS Clients using cPanel and CSF as to how to block or stop a DDOS attack when it occurs.…<\/p>\n","protected":false},"author":2,"featured_media":1459,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1457","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-website-and-web-hosting","entry"],"_links":{"self":[{"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/posts\/1457","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/comments?post=1457"}],"version-history":[{"count":0,"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/posts\/1457\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/media\/1459"}],"wp:attachment":[{"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/media?parent=1457"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/categories?post=1457"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostking.host\/blog\/wp-json\/wp\/v2\/tags?post=1457"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}