Help make sense of what I see in iftop
My site went down today, I’m pretty sure it was a DOS attack but what’s weird is that it came back up on its own four hours later. When I look at the CPU usage on my droplet it ran at 700+% for hours then back to normal.
When I got to a terminal the site was back to normal and CPU usage back to normal as well. I ran IFTOP to check for network traffic and here’s what I’m seeing:
10.20.0.6 => 188.8.131.52.cl.ipnet.ua 2.05kb 27.2kb 23.8kb
<= 160b 1.72kb 1.88kb
loadtest.b1000test53 => 184.108.40.206 1.41kb 1.51kb 1.56kb
<= 160b 160b 160b
loadtest.b1000test53 => google-public-dns-a.google.com 876b 175b 252b
<= 876b 175b 384b
loadtest.b1000test53 => google-public-dns-b.google.com 876b 175b 44b
<= 584b 117b 29b
10.20.0.6 => 220.127.116.11 208b 42b 10b
<= 368b 74b 18b
loadtest.b1000test53 => sellingeverywhere.com 0b 0b 127b
<= 0b 0b 81b
10.20.0.6 => 10.20.0.2 0b 0b 81b
<= 0b 0b 127b
loadtest.b1000test53 => 162-144-140-49.unifiedlayer.com 0b 0b 0b
<= 0b 0b 9b
What is the loadtest? Some sort of an attack I’m assuming. How do I stop it?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.