Frequent UDP TCP Flooding

geekbaaz

Registered
Jun 21, 2018
2
0
1
India
cPanel Access Level
DataCenter Provider
We are recently facing frequent DDOS attacks on our shared and reseller hosting servers located in ASIA and US. Types of attacks we are receiving is shared below:-

[removed - please attach images directly to the thread]

All these servers are with Linux CenTOS and cPanel/WHM installed on it. We have a limited access to the network as these servers are procured from DC itself.

My Questions are:-

1. Is it the content/websites we are hosting causing the issue?
2. Are there any tools we can use to scan such type of vulnerable websites or content?
3. What else can be done to secure from such kind of attacks?
4. How to determine the source?

Any help would be highly appreciated.
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
Hi @geekbaaz

During an attack you should be able to identify (even by looking at top) what the IP's are connecting to. Running something like
Code:
netstat -alpn
may give a better idea as well.

If you're afraid you have a compromised site you might use something like ClamAV to scan the sites:Configure ClamAV Scanner - Version 74 Documentation - cPanel Documentation

Other methods of mitigation for these sorts attacks (pending you're unable to find something compromising a site) might include a CDN like CloudFlare and connection limiting using iptables or 3rd party software such as CSF.

Thanks!