Knowledge Base

Please help, I'm receiving DDoS attacks

If you can use the control panel to manage your service, connect via SSH or VNC, most likely, it is not a DDoS attack.

Are you certain it's not high load?

All our services have a Standard DDoS Protection by default:

  • You don't have to take any actions to benefit from it.
  • It is enabled for everyone automatically and free of charge.
  • It was developed to recognize 99% of all attack patterns.

Our Standard DDoS Protection cannot mitigate some DDoS attacks because of their pattern (such as simulating legit web traffic to port 80 or 443). In some rare cases, Gbps of UDP packets being sent to the network port of your service.

If you have a managed service and you believe to be receiving a DDoS attack, let us know. We will work with you to implement extra protection against DDoS attacks.

If you have an unmanaged service, you can follow these quick tips.

In case the web traffic is simulated and received by a single source (IP Address) or just a few IP addresses with many connections, you can quickly identify such IP addresses and block the IP addresses in your firewall.

You can use the following commands to check if you are receiving a DDoS and identify how many connections are being made per each IP address.

Show the number of connections by state
netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n

Show all IPs connected
netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq

Show the number of connections per IP
netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n

If you are receiving lots of connections from a significant amount of sources (IP Addresses), it's not that simple. It takes a lot of effort to block IP addresses, one by one, manually. You could try to block entire subnets at once, but you may also block legit traffic by mistake (maybe even your IP Address).

Would you prefer to stop worrying about DDoS attacks? Get one of our managed servers today!