There was a problem loading the comments.

Please help, I'm receiving DDoS attacks

Support Portal  »  Knowledge Base  »  Viewing Article

If you can use the control panel to manage your service or connect via SSH, it may not be a DDoS attack.

Standard DDoS Protection is included by default in all our services:

  • You don't have to take any action to benefit from it.
  • It is enabled for everyone automatically and free of charge.
  • It was developed to recognize 99% of all attack patterns.

Our Standard DDoS Protection cannot mitigate some DDoS attacks because of their pattern (such as simulating legit web traffic to port 80 or 443).

If you have a managed service

Contact us, whether it is high traffic causing some load on your server or you believe to be receiving a DDoS attack.

If you do not have a managed service

If you have an unmanaged server, are you sure your server is not experiencing high load instead? You can follow these quick tips to check.

Independently of how you are accessing your server (via SSH or VNC), you can execute some commands to identify the IP addresses connecting to your server. If you cannot access your server via SSH, try to reboot it through your client area or your control panel. If you still cannot access your server via SSH, you may have to use rescue mode or access via VNC to check if your IP address is not blocked on your firewall. You may also have to confirm if the SSH service is configured and working correctly.

You can use the following commands to identify how many connections are being made per IP address.

Show the number of connections by state:
netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n

Show all IPs connected:
netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq

Show the number of connections per IP:
netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n

Suppose you are receiving connections from many sources (IP Addresses). It will take a lot of effort to block all those IP addresses, one by one, manually. You could try to block entire subnets at once, but you may also block legit traffic by mistake (maybe even your IP Address).

Would you prefer to stop worrying about DDoS attacks? Get one of our managed servers today, or contact us to create a personalized plan for you.

Share via

Related Articles

© openVservers