-1

On the server goes DDoS attack.

~# netstat -n -p | awk '{print $5}'|awk -F: '{print $1}' | sort -n | uniq -c | sort -nr | head -n10
     48 109.229.9.53
     47 31.207.244.130
     45 87.252.227.83
     42 81.27.152.6
     42 109.251.197.99
     41 95.31.75.174
     41 93.79.243.47
     41 5.18.67.54
     41 46.160.194.58
     40 176.65.127.38
...

About 1,700 IP addresses.

~# netstat -nput | awk '{print $4}'|awk -F: '{print $2}' | sort -n | uniq -c | sort -nr | head -n10
  26047 443
      2
      1 22

Block one IP

iptables -A INPUT -s 79.104.48.126 -j REJECT

is not an option, as the 1700 piece.

Yes, I read I am under DDoS. What can I do?, but really can not give an example of how to create config nginx, or have a ready solution that would address automatically blocked IP?

CloudFlare not blocking requests.

How to stop small DDOS attacks?

Community
  • 1
Art Pip
  • 111
  • 3
  • 1
    what's the bottleneck, which resource is being exhausted? CPU? memory? apache processes? TCP sessions? Uplink bandwidth? You need to figure this out in order to take appropriate countermeasures – Teun Vink May 29 '15 at 21:39
  • @josten Yes, I now speak emotions =) – Art Pip May 29 '15 at 21:47
  • 2
    What those IP are actually doing ? Mean, what ressources are they trying to reach ? Provide a piece of the relevant web server log file. – krisFR May 29 '15 at 23:17
  • 1
    "Cloudflare not blocking requests" - well, they are directly connecting to your ip, they aren't connecting to you through Cloudflare. You shouldn't allow _any_ direct https connections to your sever if you're using Cloudflare - Instead [whitelist cloudflare's ips, and block everything else](https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-) - problem solved. – AD7six Jun 09 '15 at 21:38

1 Answers1

0

If you have control of your networking devices, create a blackhole to redirect the traffic from malicious IP addresses.

Kev
  • 74
  • 8