09. July 2010 · 2 comments · Categories: Linux

A quick and useful command for checking if a server is under ddos:


netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n


That will list the IPs taking the most amounts of connections to a server. It is important to remember that ddos is becoming more sophisticated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.

Another very important thing to look at is how many active connections your server is currently processing.


netstat -n | grep :80 |wc -l

netstat -n | grep :80 | grep SYN |wc -l


The first command will show the number of active connections that are open to your server. Many of the attacks typically seen work by starting a connection to the server and then not sending any reply making the server wait for it to time out. The number of active connections from the first command is going to vary widely but if you are much above 500 you are probably having problems. If the second command is over 100 you are having trouble with a syn attack.

To Block a certain IP address that on server .Please use following commands:


route add ipaddress reject


… for example: route add 192.168.0.168 reject

You can check whether given IP is blocked on server by using following command


route -n |grep IPaddress


Or use follwoing command to block a ip with iptables on server


iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT

service iptables restart

service iptables save


Then KILL all httpd connection and restarted httpd service by using following command:


killall -KILL httpd

service httpd startssl


A simple command such as netstat -n -p|grep SYN_REC | wc -l would list all the active SYN_REC connections on the server… depending on the server’s size, 30 to 40 SYN_REC could be a sign of a DDOS attack.

Again, do not be fixed on numbers, different variant play when deciding to ring the DDOS emergency bell


netstat -n -p | grep SYN_REC | awk ‘{print $5}’ | awk -F: ‘{print $1}’ will therefore list all the IPs that are maintaining the SYN_REC connections.

A quick and useful command for checking if a server is under ddos:

netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

That will list the IPs taking the most amounts of connections to a server. It is important to remember that ddos is becoming more sophisticated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.

Another very important thing to look at is how many active connections your server is currently processing.

netstat -n | grep :80 |wc -l

netstat -n | grep :80 | grep SYN |wc -l

The first command will show the number of active connections that are open to your server. Many of the attacks typically seen work by starting a connection to the server and then not sending any reply making the server wait for it to time out. The number of active connections from the first command is going to vary widely but if you are much above 500 you are probably having problems. If the second command is over 100 you are having trouble with a syn attack.

To Block a certain IP address that on server .Please use following commands:

route add ipaddress reject

… for example: route add 192.168.0.168 reject

You can check whether given IP is blocked on server by using following command

route -n |grep IPaddress

Or use follwoing command to block a ip with iptables on server

iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT

service iptables restart

service iptables save

Then KILL all httpd connection and restarted httpd service by using following command

killall -KILL httpd

service httpd startssl

A simple command such as netstat -n -p|grep SYN_REC | wc -l would list all the active SYN_REC connections on the server… depending on the server’s size, 30 to 40 SYN_REC could be a sign of a DDOS attack.

Again, do not be fixed on numbers, different variant play when deciding to ring the DDOS emergency bell

netstat -n -p | grep SYN_REC | awk ‘{print $5}’ | awk -F: ‘{print $1}’ will therefore list all the IPs that are maintaining the SYN_REC connections.

You can check your php memory limit using the phpinfo() function.

You need to create a php file and put into it :

<?php
phpinfo();
?>

This  will show your whole php settings from browser.
To alter the memory limit  you need to create a .htaccess file and put in it :

php_value memory_limit xxM

where  xx is the memory limit in M.

Your memory limit (globally set in php.ini) is 32M at this time. This can be altered

per domain with the .htaccess file mentioned above.

Recently I had to connect to a Microsoft SQL server … I have to say that I’m not a big Windows fan, in fact I’m not at all :), so I had to look for a workaround in order to not connect via Microsoft SQL Server Studio Express. I google it for a while and in the end I’ve found iODBC. This information applies to you if you are within Ubuntu and trying to connect to any type of Microsoft SQL (MSSQL) Server. To install it go into Synaptic Package Manager and search for this packages: iodbc, libiodbc2, libct3, tdsodbc and unixodbc. Or you can install these packages from command line using “apt-get install package“. The executable is located: /usr/bin/iodbcadm-gtk. After that go to home directory into terminal and edit .iodbc.ini file.

Contents of <.iodbc.ini>

[ODBC Data Sources]
ODBCdsn = ODBC Server
[ODBCdsn]
Driver      = /usr/lib/odbc/libtdsodbc.so
Description = ODBC Server
Trace       = No
Servername  = ODBC
Database    =         [name of your database]
[Default]
Driver = /usr/lib/odbc/libtdsodbc.so
We now need to setup the FreeTDS driver which does the translation for communications purposes to MSSQL.[pensacola@pensacola-tech ~]#gedit /etc/freetds/freetds.conf

Contents of <freetds.conf>

[ODBC]
host = xxx.xxx.xxx.xxx   [IP address of your database server]
port = 1433                      [Port of your database server]
tds version = 8.0              [Google:  FreeTDS if you are on a different version of MSSQL]

Startup the iODBC  we installed above.  Goto the User DSN tab.  Click test and authenticate with a valid username and password.

So there it is!

css.php