How to overcome DOS\DDOS attack

How to overcome DOS\DDOS attack

When using virtual/dedicated servers, sometimes DOS attacks occur in order to disable a particular site. In this article, we will analyze how to overcome such attacks.
First, we must understand:
A DOS attack is when many requests are sent from one IP.
A DDOS attack is when requests come from many IP addresses that are difficult to track.

In the case of a DOS attack, we can view the number of connections to the server for each IP using the command:

netstat -n | grep :80 | awk '{print $5}' | cut -d':' -f1 | sort | uniq -c | sort -nr | head

It is also possible to track which IP sends many requests to a specific site using logs. To do this, you can use this command:

tail -n50000 /var/log/apache2/domains/site.com.log | awk '{print $1}' | sort | uniq -c | sort -n

If you use the cpf\apf firewall, you can limit the number of connections in the configuration of this firewall:

CT_LIMIT = 12
CT_INTERVAL = 10
CT_EMAIL_ALERT= 0
CT_BLOCK_TIME = 3600
CT_SKIP_TIME_WAIT = 0
CT_STATES =
CT_PORTS = 80,443

Please note that if you use the ISPmanager 5 lite\Bussines control panel, it has the ability to configure protection against DOS attacks through the www-domain settings. In this case, the server must use nginx. To enable protection, go to the Www-domains section, select the desired site and click "Edit". Check the box "DDOS protection" and set the configuration of this setting at the bottom of the page.

The second way to combat DOS attacks can be considered CoudFlare protection - if your site is connected and works through this service - you need to enable the "Under Attack" mode on its side, which will reduce the load on the server, and the CoudFlare service will install a captcha or stub when loading your site and filter out bots.