DDOS

How to to check connections count per IPs on cpanel Web Server?

If your server/sites are responding slowly, there could be lots of reasons and one of them is DDOS (Distributed Denial-of-service).  Its very hard to mitigate the attack on shared web server. We try to use different-different netstat commands for all possible attack ports.

But here using following script or command you will get a list of connections per IPs of Apache / POP3 / IMAP / SMTP(25) / SMTP(26) / FTP to stop port flooding.

cmd: netstat -plan | grep :80 | awk {‘print $5’} | grep -Eo “[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}” | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4|uniq -c | sort -nk 1 > /root/1.out; echo “Apache:”; tail -5 /root/1.out; rm -f /root/1.out; netstat -plan | grep :110 | awk {‘print $5’} | grep -Eo “[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}” | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4|uniq -c | sort -nk 1 > /root/2.out; echo “POP3:”; tail -5 /root/2.out; rm -f /root/2.out; netstat -plan | grep :143 | awk {‘print $5’} | grep -Eo “[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}” | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4|uniq -c | sort -nk 1 > /root/3.out; echo “IMAP:”; tail -5 /root/3.out; rm -f /root/3.out; netstat -plan | grep :25 | awk {‘print $5’} | grep -Eo “[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}” | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4|uniq -c | sort -nk 1 > /root/4.out; echo “SMTP(25):”; tail -5 /root/4.out; rm -f /root/4.out; netstat -plan | grep :26 | awk {‘print $5’} | grep -Eo “[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}” | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4|uniq -c | sort -nk 1 > /root/5.out; echo “SMTP(26):”; tail -5 /root/5.out; rm -f /root/5.out; netstat -plan | grep :21 | awk {‘print $5’} | grep -Eo “[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}” | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4|uniq -c | sort -nk 1 > /root/6.out; echo “FTP:”; tail -5 /root/6.out; rm -f /root/6.out

Its very easy to use. Its single line script/command to get all the connections information.

Here is the example for it.

 


HR-ADMIN

Recent Posts

The Ultimate Guide to DIY Website Builders for Entrepreneurs

Ah, the joys of building a website! Picture this: You're sitting there in your pajamas, coffee in hand, ready to…

2 weeks ago

Don’t Ignore These 11 Signs You Need a Hosting Upgrade

Are you feeling like your website is running in slow motion? It can be frustrating when your online presence doesn't…

3 weeks ago

PrestaShop vs OpenCart: Which Is Right for Your Business?

Are you ready to take your online store to the next level? Whether you're running a PrestaShop or OpenCart platform,…

4 weeks ago

Sitemaps: A Guide to Enhancing Online Visibility

Picture this: your website is like a fabulous party happening in the darkest corner of the internet, but nobody's showing…

1 month ago

Step-by-Step Guide to Implementing a CDN for WordPress

Picture this: Your WordPress site is like that one friend who's always fashionably late to everything. You know, the one…

2 months ago