How to find DDOS attack

wget -q -O /tmp/acces http://127.0.0.1/whm-server-status

cat /tmp/acces |awk '$0 ~/nowrap/ {print $0}'|awk -F "</td><td nowrap>" '{print $2}' | sort | uniq -c | sort -n

for i in  21 25 22 80 110 143 993
do
 echo "Port $i: "
 netstat -tan | grep ":$i " | awk '{print $6}' | sort | uniq -c
done;

for i in 21 25 22 80 110 143 993
do  
  echo -n "Port $i: ";
  netstat -plant  | grep ":$i" | wc -l;
  echo -n "Port $i ( esta ): ";
  netstat -plant  | grep ":$i" | grep -i esta | wc -l;
  echo -n "Port $i ( time_wait ): ";
  netstat -plant  | grep ":$i" | grep -i time_wait | wc -l;
  echo -n "Port $i ( syn ): ";
  netstat -plant  | grep ":$i" | grep -i syn | wc -l ;
done

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

netstat -plan |grep :80 | grep -i esta | awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n

netstat -plan |grep :80 | grep -i syn | awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n

netstat -plan |grep :80 | wc -l

netstat -plan| grep :80| awk {'print $4'} | cut -d: -f1|sort|uniq -c|sort -n

netstat -plan | grep  :80 | awk {'print $5'} | cut -d: -f1 |sort |uniq -c|sort -n

awk '{print $4,$5}' /var/log/httpd/access_log  | cut -d: -f1,2 | sort | uniq -c

find /var/www/vhosts/ -type f -maxdepth 4 -mindepth 4 -iname access_log.processed -exec awk ' $7 ~ /?/ && $7 ~ /http/ {print $1" "$4" "$7" "FILENAME}' {} \;

cat /tmp/file | awk '{print $12}' | sort | uniq -c | sort -n