Firstly How to determine whether the server has been DDOS attack Either renting or server hosting, no one has been to ensure smooth sailing. generally exhibit afterthe server suffers DDOS, CC attack : website stuff seriously , or not open when you visit the Web site , or open the prompt "server unavailable", after the refresh it is still the case , the server remotely difficult , very tough to use remote connection to the desktop card , or the remote into the desktop is black. Some users could just go in a remote desktop connection , but operational difficulties , CPU at 100 percent , memory usage is high , the server has been paralyzed. Let us talk about How to doWhen the server is under DDOS attack 1. Ensure that all servers use the latest systems , and security patches . Computer Emergency Response Coordination Center found that nearly every system by DDoS attacks are not patched in time . 2. Ensure that administrators check on all hosts , not just for key host. This is to ensure that each host system administrator to know what is running ? Who is using the host ? Who can access the host ? Otherwise , even if the hacker violated the system , it is difficult to identify . 3.Make sure to remove unused services from the appropriate directory server or file database , such as FTP or NFS. Wu-Ftpd like that, there are some known vulnerabilities , hackers can gain access to the system through the root privilege attack , and can access other systems and even protected by a firewall system. 4. To ensure that all services running on Unix has TCP wrappers to limit access to the host. 5. Disable internal network through Modem connecting to the PSTN system. Otherwise, the hacker line found unprotected hostthrough the telephone, will be able to instantly access extremely confidential data? 6. Prohibit the use of network access procedures, such as Telnet, Ftp, Rsh, Rlogin and Rcp, PKI-based access to programs such as SSH substituted. SSH is not transmitted over the Internet in clear text passwords, and Telnet and Rlogin the opposite, a hacker can find these passwords, which immediately access critical servers on the network. In addition, the Unix should .rhost and hosts.equiv file deletion, because you do not guess the password, these documents will provide login access! 7. Limit file sharing and network outside the firewall. This will have the opportunity to hackers intercept system files, and replace it with Trojan horses, file transfer function is no different to a standstill. 8. Ensure that there is a new network topologyOn your hand. This map should indicate in detail TCP / IP addresses, hosts, routers and other network equipment, should also include internal confidential part of the network border, the demilitarized zone (DMZ) and the network. 9. Run the port scanner port mapping program or on the firewall . Most events are due to improper firewall configuration , so that DoS / DDoS attack success rate is high , so he must carefully check privileged ports and non-privileged port . 10 . Check all logs network equipment and host / server system. As long as a loophole or a time log to change appears almost certain : the associated host security threat has been .