I have an ip address attacking my server or taking up all my httpd connections so none of my sites work. In order to correct this you will want to use the netstat -n command to see the ip addresses connected to your server. Once you have the ip address you want to block you… Continue reading How to block ip addresses with iptables
Tag: DDos
DoS: looking at open connections
Here is a command line to run on your server if you think your server is under attack. It prints our a list of open connections to your server and sorts them by ammount. RedHat: netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n BSD: netstat… Continue reading DoS: looking at open connections
Rootkit help
RootKit — Spyware and Junkware detection and removal tool Go to Rootkit Hunter homepage, and download the latest release. http://www.rootkit.nl/projects/rootkit_hunter.html ## Get the latest source and untar # cd /usr/src/utils # wget http://downloads.rootkit.nl/rkhunter-<version>.tar.gz # tar xfz rkhunter-*.gz # cd rkhunter # ./installer.sh ## run rkhunter # rkhunter -c Setup automatic protection on System Reboot ##… Continue reading Rootkit help
Preventing DDOS Attacks with Mod_Evasive
Denial of Service attacks are among the oldest yet most common form of attacking a server. Most system administrators have had to deal with DOS attacks taking down a server, router, or other networking device and know how difficult they can be to prevent. Mod_evasive is an Apache module that limits the number of Apache… Continue reading Preventing DDOS Attacks with Mod_Evasive