How to diagnose a DoS/DDoS attack and find websites under attack on a Plesk server

Follow

Comments

2 comments

  • Avatar
    nick

    "Find the domains which are currently under attack" is not working.. I get the following error:

    tail: cannot open '/var/www/vhosts/system/*/logs/*access*log' for reading: No such file or
     directory
    /var/www/vhosts/system/*/logs/*access*log 0

    0
    Comment actions Permalink
  • Avatar
    Yaroslav Tarasov

    Hello @nick,

    The command in step 3 checks for all the available access logs in all the domains on the server. This is unlikely that there are no logs on the server for a single domain. Please make sure that the full command is executed:

    for log in /var/www/vhosts/system/*/logs/*access*log; do echo -n "$log "; tail -n10000 "$log" | grep -c 203.0.113.2; done | sort -n -k2

    Where 203.0.113.2 is the IP address that was found in the previous step.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request