Table of Contents
DDoS attacks are one of the most common threats to VPS servers. These attacks overload your server with fake traffic, causing slow performance or complete downtime. Detecting and blocking DDoS attacks early is essential to keep your VPS stable, secure, and online.
Step 1: Understand DDoS Attacks
Understanding DDoS attacks starts with observing abnormal traffic behavior and connection patterns on your VPS.
uptime
Step 2: Monitor Server Traffic
Unusual traffic spikes are a common sign of a DDoS attack. Monitoring traffic helps you detect attacks early.
sudo apt install iftop -y
Displays real-time network traffic on the VPS:
sudo iftop
Step 3: Check Active Connections
A high number of simultaneous connections can indicate a DDoS attack. This command counts active connections on common service ports
netstat -an | grep :80 | wc -l
Step 4: Analyze Server Load
DDoS attacks often cause high CPU or memory usage.Monitoring system load helps confirm whether traffic is overwhelming your VPS
top
Step 5: Block Malicious IP Addresses
Once suspicious IPs are identified, they should be blocked immediately. Blocking malicious IPs reduces attack traffic quickly.
sudo ufw deny from attacker_ip
Step 6: Limit Connection Rates
Rate limiting prevents a single IP from sending too many requests.This reduces the impact of basic DDoS attacks on web services.
sudo ufw limit 80/tcp
Step 7: Use Fail2Ban for Protection
Fail2Ban automatically blocks IPs that show malicious behavior.This provides automated and continuous protection.
sudo apt install fail2ban -y
Enables and starts Fail2Ban:
sudo systemctl enable --now fail2ban
Step 8: Enable a Firewall
A firewall helps filter unwanted traffic before it reaches your services. Firewalls are essential for minimizing the DDoS attack surface.
sudo ufw enable
Step 9: Monitor Logs Regularly
Log files help identify attack patterns and sources.Regular log monitoring improves detection and response time.
sudo tail -f /var/log/syslog
