How to block a live DDOS attack! 2018

If you are receving high ddos packets to your website / server

Then you need to apply the following to drop the packets using ssh! and CSF

First thing you need to login to ssh and run this command to find how many ips attacking your server/websites/ips!

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

Then you  will see a list of the ips with high packets for example



     10 181.142.200.157
     10 185.166.24.110
     10 190.167.158.119
     11 187.162.196.121
     12 180.94.67.152
     12 190.137.14.175
     14 190.117.207.209
     18 186.2.69.68
     21 114.124.145.224
     23 191.97.82.17
     30 189.218.21.129

The numbers exist beside the ips it's the number of the packets sent to your server to make it down!

Now you need to remove these numbers manually or automatically using this website for a fast solution

http://www.toolsvoid.com/extract-ip-addresses

after clearing the numbers beside the ips

you need to ssh the following command to add the previous ips,

nano /etc/csf/csf.deny


Or you can login to cpanel/whm and access CSF under plugins,

Click on deny " Firewall deny ips "

and add all the clreared ips and then click apply ,

And run csf -r or restart csf inside your whm,

And that's done.

  • 1 Users Found This Useful
Was this answer helpful?

Also Read

How to integrate WHMCS with 2Checkout

WHMCS Settings: Sign in to your WHMCS admin Navigate to the payment gateway configuration...

What is Web Hosting?

Web Hosting is the service providing space on the Internet for websites. When you make a website...

Your connection is not secure

We are going today to explain how to resolve the common issue with cpanel servers: Important for...

How to enable allow_url_fopen, allow_url_include on a shared server using custom php.ini

You can simply enable/disable the php functions allow_url_include and allow_url_fopen by editing...

How to enable fuse module on node server

First enable fuse module on node server using the command below  modprobe fuseYou can check if...