Today, In this tutorial I”d like to share you a tutorial in which you can check if your server is having a DDoS on a Linux based server or not, If so, How can we prevent it?

There are many ways to check if your server is being DDoS or not,

Procedure

• First, Check your bandwidth Graphs of your server, If its spiking high then you can surely guess its a DDoS attack!

• We can use the netstat command to see if your server is being DDoS or not, For this first open up PuTTy, Login as “root” with your root password and enter the below command:

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

• Take a note of the result of the above command, It would result in some IP Address(s) in which they are trying to DDoS your server!

• So What’s Next? Assume that the result i got is only 1.1.1.1, We will use the iptables command to block this IP Address, What are you waiting for? Execute the below 2 commands for each IP:

/sbin/iptables -I INPUT -s 1.1.1.1 -p tcp -j DROP
/sbin/iptables -I INPUT -s 1.1.1.1 -p udp -j DROP

• While executing this command, It will block all connections from the IP 1.1.1.1

• If your experiencing a huge DDoS attack then your provider should help you block the attack.