Thứ Sáu, 16 tháng 10, 2015

server-slow-check-whos-connecting-and-how-many-connections-they-have

Are you under a DoS or DDoS attack ? Find out with netstat !


Your server appearing pretty slow could be many things from wrong configs, scripts and dodgy hardware – but sometimes it could be because someone is flooding your server with traffic known as DoS ( Denial of Service ) or DDoS ( Distributed Denial of Service ) it could also be that your server itself is part of a botnet and is being used to attack other networks, in this case its always a good idea to run scans with software such as ClamAV and RootKit Hunter as a precaution or even higher a professional to check it out for you if your not confident enough to do it on your own.
Furthermore whenever a client connects to a server via network, a connection is established and opened on the system. On a busy high load server, the number of connections connected to the server can be run into large amount till hundreds if not thousands. Find out and get a list of connections on the server by each node, client or IP address is useful for system scaling planning, and in most cases, detect and determine whether a web server is under DoS or DDoS attack

Take a look at these handy netstat commands below that will surely help you determine wether your under attack or are part of an attack.
netstat -na
Display all active Internet connections to the server and only established connections are included.
netstat -an | grep :80 | sort
Show only active Internet connections to the server on port 80 and sort the results. Useful in detecting a single flood by allowing you to recognize many connections coming from one IP.
netstat -n -p|grep SYN_REC | wc -l
To find out how many active SYNC_REC are occurring on the server. The number should be pretty low, preferably less than 5. On DoS attack incidents or mail bombs, the number can jump to pretty high. However, the value always depends on system, so a high value may be average on another server.
netstat -n -p | grep SYN_REC | sort -u
List all IP addresses involved.
netstat -n -p | grep SYN_REC | awk '{print $5}' | awk -F: '{print $1}'
List all the unique IP addresses of the nodes that are sending SYN_REC connection status.
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Use netstat command to calculate and count the number of connections each IP address makes to the server.
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
List the number of connections the IPs are making to the server using TCP or UDP protocol.
netstat -ntu | grep ESTAB | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
Check on ESTABLISHED connections instead of all connections, and display the number of connections for each IP.
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
Show a list IP address’s and its number of connections that are connecting to port 80 on the server. Port 80 is used mainly by the HTTP protocol.

Quickly Removing Empty Array Elements in PHP

Different ways of removing empty array slots in PHP.

Removing empty array slots in PHP, leaving holes in the array.

A quick way to remove empty elements from an array is using array_filter without a callback function. This will also remove 0s (zeroes) though.

1
$myArray = array_filter( $myArray );

Alternatively, array_diff allows you to decide which elements to keep. The following example will only remove empty strings, but keep 0

1
$myArray = array_diff( $myArray, array( '' ) );

Removing empty array slots in PHP, and compacting the array.

Both functions leave ‘gaps’ where the empty entries used to be. You can see it below, where the indices are [1] and [3] and not [0] and [1].

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$myArray = array( 0, 'red', '', 'blue' );
print_r( array_filter( $myArray ) );
Array
(
  [1] => 'red'
  [3] => 'blue'
)

print_r( array_diff( $myArray, array( '' ) ) );
Array
(
  [0] => 0
  [1] => 'red'
  [3] => 'blue'
)

array_slice can remove those gaps:

1
2
3
4
5
6
7
8
$myArray = array( 0, 'red', '', 'blue' );
$myArray = array_filter( $myArray );
print_r( array_slice( $myArray, 0 ) );
Array
(
  [0] => 'red'
  [1] => 'blue'
)

I haven’t benchmarked it to see whether it is faster than a loop.

Học lập trình web căn bản với PHP

Bài 1: Các kiến thức căn bản Part 1:  https://jimmyvan88.blogspot.com/2012/05/can-ban-lap-trinh-web-voi-php-bai-1-cac.html Part 2:  https://...