Which ways to identify the DDoS-attacking on your VPS server?

You might have a popular site or project that is rapidly developing and there is a crowd of customers. Therefore, sometimes it happens that ill-wishers or competitors want to stir you up and lower your rating. They use the DDoS-attacking buying net-bots on the Darknet. Everyone can attack you, so you need to know some rules to protect your system and avoid many problems like information leaks. 

How to identify the DDoS-hacking?

It is difficult to identify DDoS-hacking because it reminds us of the usual web traffic. But there are several differences between attacked traffic and usual:

  1. There are many fake requests and messages. The hacker may use volumetric attacks. This disables the system and makes it use a lot of traffic, as a result, we get slow Internet and some applications may not respond. To define DDoS-attacking you need to use the next command:

grep processor /proc/cpuinfo | wc -1 uptime

  1. You can see which IP-addresses are connected to your VPS in Latvia (https://host-world.com/latvia) It is easy to do because you need to use only one command:

netstat -ntu|awk ‘{print $5}’|cut -d: -f1 -s|sort|uniq -c|sort -nk1 -r

It is necessary to enter this command correctly to get the right result. The number of IP-addresses depends on the number of users. The normal number can vary from 1 to 50 but if you see more, it can mean the net-bots are connected to your server and overload the system by fake messages. If you doubt in some addresses you see, block it. An alternative command can be:

ss -o ‘( dport = :http or sport = :http )’

If you can’t find the fake address or can’t prevent the spread of bots, you can order special help from your VPS-provider but it costs a lot. By the way, pay attention to the https://host-world.com/, which provides 24/7 support.


Leave a Reply

Your email address will not be published. Required fields are marked *