Charles Mercier

Registered
Feb 16, 2019
1
0
0
Quebec
cPanel Access Level
Root Administrator
[[email protected] ~]# netstat -an | egrep ":80|:443" | egrep '^tcp' | grep -v LISTEN | awk '{print $5}' | egrep '([0-9]{1,3}\.){3}[0-9]{1,3}' | sed 's/^\(.*:\)\?\(\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*$/\2/' | sort | uniq -c | sort -nr | sed 's/::ffff://' | head -20

122 37.120.xxx.xxx
111 185.104.xxx.xx

95 37.120.xxx.xxx
8 46.105.xxx.xxx
7 75.154.xxx.xxx
7 69.51.xxx.xxx
6 173.176.xxx.xxx
2 66.130.xxx.xxx
2 208.77.xxx.xxx



I want to know if there is a syn flood attack? my websites do not work because of them.
Do you have a way to prevent them from reproducing so many connections?
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello @Charles Mercier,

Assistance with mitigating attacks of this nature generally falls outside the scope of support we can offer. However, you may want to consider installing CSF (configserver.com) if you have not already done so. It offers some protection against syn flood attacks, as noted on the thread linked below:

SYN Flood from Google IPs

I recommend reaching out to a qualified system administrator if you need additional help troubleshooting an attack of this nature on your system. We provide a list of companies offering system administration services on the link below:

System Administration Services | cPanel Forums

Thank you.