List the the connection status and sort to identify attack source

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

Based on port

Get basic information on which IPs accesses Apache / Nginx the most using shell command

There is a way using standard shell tools, to get some basic information on which IP accesses the webserver the most with:

Or if you want to keep it refreshing periodically every few seconds run it through watch command:

Monitor POST / GET / HEAD requests number in access.log :

Install (D)DosDeflate
Great software, rock solid, and plays nice with either APF or iptables. Install and configure the service in seconds using the commands below. Edit the .conf file to utilize whichever flavor of firewall you’d like to integrate it with. Set a few configuration settings and you’re done.
To Install (D)DosDeflate:
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
If it doesnt workout, its simple to uninstall too. To uninstall:
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos

Or we can utilize and tune the value in sysctl.conf.

Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *