1. Log on your server as root
2. Type the fallowing command

netstat -plan|grep :80|awk {’print $5′}|cut -d: -f 1|sort|uniq -c|sort -n

You will see a list of IP’s with the number of connections each once has to your server.

3. If any IP’s have more then 100 connections then there is a chance that this is your attacker. Go ahead and block this IP using APF if you have it installed or CSF

apf -d IP
or
csf -d IP

Hope it helps !

If you have any questions don’t hesitate to leave a comment.

(D)DoS Deflate is a shell script developed by Zaf, originally for use on MediaLayer servers to assist in combating denial of service attacks. However, it was seen to be very effective for our purpose, and therefore was released as a contribution to the web hosting community. (D)DoS Deflate is now used by not only many web hosts, but by many people who run their own servers looking for additional security in dealing with such attacks. 

How to install 

Installing DOS-Deflate is one of the simplest out there.

1. Login to your server as root
2. Download the install script

wget http://www.inetbase.com/scripts/ddos/install.sh

3. Run the installer

sh install.sh

DOS-Deflate should now be installed.

Please note that DOS-Deflate uses APF to ban IPs so you must have it installed for DOS-Deflate to work properly. I guide on how to install APF can be found here.

Customizing DOS-Deflate is very easy. You have to edit /usr/local/ddos/ddos.conf with your favorite editor for example

pico /usr/local/ddos/ddos.conf

Every setting is explained in the configuration file so I will not go over them as the explanations are quite easy to fallow up.

If you run into any problems please leave a comment here and I’ll try to help out.