Posts Tagged with "unix"

Unix shell commands to detect a DDoS attack and its source

Posted by Stanislav Furman on April 25, 2014

5 unix shell commands to detect a DDoS attack

Hello Coders!

In this article I'd like to show you a few handy Unix shell commands that would help you to detect if your server is (was) under DDoS/DoS attack. However, keep in mind, that protection from DDoS attacks is quite complex and if you are dealing with a massive DDoS attack, you would need to contact your IPS or Hosting Provider (i.e. 1&1) for assistance. 

So. What do we work with? We can do some analysis based on your Apache access log data. Assuming you have a standard Apache access log, and you are running your website on Unix. Let's now get the total number of requests per day:

## Get number of requests per day:


awk '{print $4}' access.log | cut -d: -f1 | uniq -c

This will display you a list the total number of HTTP requests per day. See if you have any unusual increses comparing to other days. Now see the total number of requests per hour for a specific date (April 25th in this example):

Continue reading