Copahost Forum

[Mark]

If you are getting ddos in your dedicated server, to stop it temporarily, you can use following commands. These commands will work if you have csf firewall installed on your server. It will block those ip's having number of connection to server. It is not always good practice to block Ip's, it can be used when your server is flooded with httpd connections/syn attack and you have to stop it temporarily.

for i in `netstat -plan | grep :80 |awk '{print $5}' | cut -f1 -d:| sort | uniq |sort -n | tail -3`; do csf -d $i; done;


for i in `netstat -anp | grep SYN* |awk '{print $5}' | cut -f1 -d:| sort | uniq |sort -n | tail -5`; do csf -d $i; done;

[gustavo.ulyssea]

Go into iptraf on shell.

Look at the IPs repeating. If you see one repeating too much BINGO, you got the bad guy.

iptables -A INPUT -s IP -j DROP

Goodbye bad guy!

* if you have contact with network administrator try block the IP at a datacenter firewall level. That you help you and the whole network.

[Mark]

Hi,

Seems you haven't seen big ddos yet. You won't get chance either to run iptraf or call datacenter. I already mentioned in the start of the thread this command is only for to prevent this ddos temporarily.

Go into iptraf on shell.

Look at the IPs repeating. If you see one repeating too much BINGO, you got the bad guy.

iptables -A INPUT -s IP -j DROP

Goodbye bad guy!

* if you have contact with network administrator try block the IP at a datacenter firewall level. That you help you and the whole network.

[gallas]

Of course, while running into a big DDoS, the best option is having a KVM-over-ip plugged into your dedicated server. But for small attacks, mainly if you have a high bandwidth, IPTABLES will do the job.

[Andrew11]

You guys are way over my head, where can I learn more about troubleshooting and any basics so I can understand this?

[Jhon Kelly]

ipconfig - Windows IP configuration
Useful for troubleshooting your internet connection. Displays the current IP address of your computer and the DNS server address. If you call your ISP for reporting a bad internet connection, he will probably ask you to run ipconfig.

fc - Free BeyondCompare in XP
FC is an advanced DOS Command that compares two files and displays the differences between them. Though the file comparison results are not as interactive as BeyondCompare or Altova DiffDog, fc is still very useful. You can even set fc to resynchronize the files after finding a mismatch.

type - open text files sans Notepad
Similar to Unix cat command, Type is my favorite DOS command for displaying the contents of a text files without modifying them. When used in combination with more switch, type splits the contents of lengthy text files into multiple pages. Avoid using the type command with binary files or you'll hear alien PC beeps and see some greek characters on your PC.

ping - Say hello to another computer
Ping network command followed by the web-address or IP address tells you about the health of the connection and whether the other party is responding to your handshake request. Ping tool can also be used to convert the web address to a physical IP address.

[michel jhon]

tree - visual directory structure
You often need to take prints of your physical directory structure but XP has no simple "visual" commands for printing directory contents. Here, try the Tree DOS command and redirect the output to a text file.

tree > mydirectory.txt
print mydirectory.txt

attrib - make hidden files visible
Attrib lets you change attributes of System files and even hidden files. This is great for troubleshooting Windows XP. Say your XP doesn't boot ever since you edited that startup boot.ini file (Hidden), use attrib to remove the Hidden attibute and edit the file using EDIT dos command.

[Beaten Rice]

I had the displeasure of coping with a large DDOS attack this weekend
and tested out how apache 2.1.3-beta did. It didn't do very well at all.

I realize this list is for "discussion of changes to the source code and
related issues" but I'm hoping this is still appropriate and would be
interested to get feedback.

The attack was from a botnet comprising, at any one moment, over 6000
unique IPs. New IPs were adding themselves fairly constantly, a dozen
every few minutes at least. They were also rolling off. The clients were
all windows XP and 2k machines, and judging from the ping time to many
of them, many were dialup or on other dynamic IPs. They were getting
their current attack targets from a php program on the webserver of a
rooted box, not from an IRC type control system.

[Jhon Kelly]

move - more flexible than copy-paste
I have some command which are useful.
Say you got a lot of XLS and DOC files in you MyDocuments folder and want to move only those XLS files that have their name ending with 2006. In XP Explorer, you have to manually select each file and then cut-paste to another folder. However, the DOS move command make things much simpler. Just type the following at the command prompt:
move *2006.xls c:\2006Reports\

find - advanced file search with filter
Find is the most powerful DOS command and even more useful than the Windows Desktop Search tool or the Windows Find Wizard. The find command searches for a specific string of text in a file or files. After searching the specified file or files, find displays any lines of text that contain the specified string.

To search your hard disk to find and display the file names on drive C: that contain the string "Google" use the pipe (|) to direct the results of a dir command to find as follows:
dir c:\ /s /b | find "Google"

Quick tip - Drag to avoid typing: When your command acts on a file or folder, you must type the path to that folder after the command. You can save typing time by dragging the file or folder from Windows Explorer into the command window.

[Gomoeffep]

If you enjoy playing DotA Games join us and become part of a breed of players!
Download newest dota version on the Download section
You can see on our community latest interviews about your favorite players

DotA Gaming Community