{"id":345,"date":"2026-03-01T23:28:49","date_gmt":"2026-03-02T05:28:49","guid":{"rendered":"http:\/\/blog.supportpro.com\/?p=345"},"modified":"2026-03-27T02:49:45","modified_gmt":"2026-03-27T08:49:45","slug":"detect-a-ddos-attack-on-a-linux-server","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/detect-a-ddos-attack-on-a-linux-server\/","title":{"rendered":"How to Detect a DDoS Attack on a Linux Server ?"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"345\" class=\"elementor elementor-345\">\n\t\t\t\t\t\t<section class=\"penci-section penci-disSticky penci-structure-10 elementor-section elementor-top-section elementor-element elementor-element-28820961 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"28820961\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"penci-ercol-100 penci-ercol-order-1 penci-sticky-ct    elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-193c9718\" data-id=\"193c9718\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-708cb75f elementor-widget elementor-widget-text-editor\" data-id=\"708cb75f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><\/p>\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\"><p><\/p>\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\"><p><\/p>\n<p>A sudden traffic spike on a Linux server can indicate a <strong><a href=\"https:\/\/www.supportpro.com\/blog\/distributed-denial-of-service-ddos-attacks\/\" title=\"\">DDoS (Distributed Denial-of-Service) attack<\/a><\/strong>. Knowing how to detect DDoS traffic quickly helps prevent downtime, performance loss, and service disruption. During a DDoS attack, multiple IP addresses send massive amounts of traffic to your server, overwhelming system resources such as CPU, memory, or network bandwidth. This guide explains how to check if your server is under attack using built-in Linux commands.<\/p>\n<p><\/p>\n<p><\/p>\n<h1 class=\"wp-block-heading\">What Is a DDoS Attack?<\/h1>\n<p><\/p>\n<p><\/p>\n<p>A Distributed Denial-of-Service attack occurs when attackers use multiple compromised systems to flood a target server with traffic.<\/p>\n<p><\/p>\n<p><\/p>\n<p>The goal is to:<\/p>\n<p><\/p>\n<p><\/p>\n<ul class=\"wp-block-list\"><p><\/p>\n<li>Exhaust server resources<\/li>\n<p><\/p>\n<p><\/p>\n<li>Disrupt service availability<\/li>\n<p><\/p>\n<p><\/p>\n<li>Cause downtime<\/li>\n<p><\/p>\n<p><\/p>\n<li>Impact business operations<\/li>\n<p><\/p><\/ul>\n<p><\/p>\n<p><\/p>\n<p>Modern DDoS attacks are often automated and highly distributed, making them harder to detect.<\/p>\n<p><\/p>\n<p><\/p>\n<h3 class=\"wp-block-heading\">Quick Check (30-Second Test)<\/h3>\n<p><\/p>\n<p><\/p>\n<p>If you see:<\/p>\n<p><\/p>\n<p><\/p>\n<ul class=\"wp-block-list\"><p><\/p>\n<li>hundreds of connections from one IP<\/li>\n<p><\/p>\n<p><\/p>\n<li>many SYN_RECV states<\/li>\n<p><\/p>\n<p><\/p>\n<li>bandwidth maxed<\/li>\n<p><\/p>\n<p><\/p>\n<li>high load average<\/li>\n<p><\/p><\/ul>\n<p><\/p>\n<p><\/p>\n<p>Your server may be under attack.<\/p>\n<p><\/p>\n<p><\/p>\n<h1 class=\"wp-block-heading\">How to Check Active Connections by IP Address<\/h1>\n<p><\/p>\n<p><\/p>\n<p>One of the fastest ways to detect abnormal traffic is by identifying which IP addresses are making the most connections to your server.<\/p>\n<p><\/p>\n<p><\/p>\n<p>Run the following command in your SSH terminal:<\/p>\n<p><\/p>\n<p><\/p>\n<pre class=\"wp-block-code\"><code>netstat -anp | grep 'tcp\\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n<\/code><\/pre>\n<p><\/p>\n<p><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><\/p>\n<p>Note: You may need <code>sudo<\/code> or root privileges to view all connections.<\/p>\n<p><\/p><\/blockquote>\n<p><\/p>\n<p><\/p>\n<h2 class=\"wp-block-heading\">Example Output<\/h2>\n<p><\/p>\n<p><\/p>\n<pre class=\"wp-block-code\"><code>45 192.168.1.10<br>120 203.0.113.7<\/code><\/pre>\n<p><\/p>\n<p><\/p>\n<p>This output shows:<\/p>\n<p><\/p>\n<p><\/p>\n<ul class=\"wp-block-list\"><p><\/p>\n<li>The number of connections<\/li>\n<p><\/p>\n<p><\/p>\n<li>The corresponding remote IP address<\/li>\n<p><\/p><\/ul>\n<p><\/p>\n<p><\/p>\n<p>If one or a few IPs have an unusually high number of connections, your server may be under stress or attack.<\/p>\n<p><\/p>\n<p><\/p>\n<h3 class=\"wp-block-heading\">Suspicious Connection Thresholds<\/h3>\n<p><\/p>\n<p><\/p>\n<figure class=\"wp-block-table\">\n<div class=\"pcrstb-wrap\"><table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th>Server Type<\/th>\n<th>Normal<\/th>\n<th>Suspicious<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Small VPS<\/td>\n<td>&lt;150<\/td>\n<td>&gt;400<\/td>\n<\/tr>\n<tr>\n<td>App server<\/td>\n<td>&lt;800<\/td>\n<td>&gt;2000<\/td>\n<\/tr>\n<tr>\n<td>High traffic<\/td>\n<td>&lt;5000<\/td>\n<td>&gt;12000<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/figure>\n<p><\/p>\n<p><\/p>\n<h1 class=\"wp-block-heading\">What This Command Does (Step-by-Step)<\/h1>\n<p><\/p>\n<p><\/p>\n<p>This pipeline command:<\/p>\n<p><\/p>\n<p><\/p>\n<ol class=\"wp-block-list\"><p><\/p>\n<li>Lists all active TCP and UDP connections<\/li>\n<p><\/p>\n<p><\/p>\n<li>Extracts the remote IP address<\/li>\n<p><\/p>\n<p><\/p>\n<li>Counts how many times each IP appears<\/li>\n<p><\/p>\n<p><\/p>\n<li>Sorts IPs by connection count<\/li>\n<p><\/p><\/ol>\n<p><\/p>\n<p><\/p>\n<p>It provides a quick snapshot of traffic concentration.<\/p>\n<p><\/p>\n<p><\/p>\n<h1 class=\"wp-block-heading\">Alternative Command to Detect DDoS Connections<\/h1>\n<p><\/p>\n<p><\/p>\n<p>On newer distributions, <code>netstat<\/code> may not be installed by default.<\/p>\n<p><\/p>\n<p><\/p>\n<p>You can use:<\/p>\n<p><\/p>\n<p><\/p>\n<pre class=\"wp-block-code\"><code>ss -antup<\/code><\/pre>\n<p><\/p>\n<p><\/p>\n<p>The <code>ss<\/code> command is faster and more efficient for viewing socket statistics.<\/p>\n<p><\/p>\n<p><\/p>\n<h1 class=\"wp-block-heading\">Important: Why High Connections Alone Don\u2019t Prove a DDoS<\/h1>\n<p><\/p>\n<p><\/p>\n<p>Modern DDoS attacks are more sophisticated.<\/p>\n<p><\/p>\n<p><\/p>\n<p>Attackers may use:<\/p>\n<p><\/p>\n<p><\/p>\n<ul class=\"wp-block-list\"><p><\/p>\n<li>Thousands of distributed IP addresses<\/li>\n<p><\/p>\n<p><\/p>\n<li>Fewer connections per IP<\/li>\n<p><\/p>\n<p><\/p>\n<li>Rotating source IPs<\/li>\n<p><\/p>\n<p><\/p>\n<li>Layer 7 (application-level) attacks<\/li>\n<p><\/p><\/ul>\n<p><\/p>\n<p><\/p>\n<p>In such cases, no single IP appears suspicious \u2014 but aggregate traffic overwhelms the server.<\/p>\n<p><\/p>\n<p><\/p>\n<p>Always analyze:<\/p>\n<p><\/p>\n<p><\/p>\n<ul class=\"wp-block-list\"><p><\/p>\n<li>Traffic spikes in monitoring tools<\/li>\n<p><\/p>\n<p><\/p>\n<li>CPU and memory usage<\/li>\n<p><\/p>\n<p><\/p>\n<li>Network bandwidth consumption<\/li>\n<p><\/p>\n<p><\/p>\n<li>Access logs<\/li>\n<p><\/p><\/ul>\n<p><\/p>\n<p><\/p>\n<p><strong>Example suspicious log entry:<\/strong><\/p>\n<p><\/p>\n<p><\/p>\n<pre class=\"wp-block-code\"><code>203.0.113.7 - - [10\/Feb\/2026:10:22:11] \"GET \/login HTTP\/1.1\" 429 -<\/code><\/pre>\n<p><\/p>\n<p><\/p>\n<h1 class=\"wp-block-heading\">Inspecting Connection States and Ports<\/h1>\n<p><\/p>\n<p><\/p>\n<p>You can further analyze connection activity using:<\/p>\n<p><\/p>\n<p><\/p>\n<h3 class=\"wp-block-heading\">View Established Connections<\/h3>\n<p><\/p>\n<p><\/p>\n<pre class=\"wp-block-code\"><code>lsof | grep ESTABLISHED<\/code><\/pre>\n<p><\/p>\n<p><\/p>\n<p>Shows currently active connections.<\/p>\n<p><\/p>\n<p><\/p>\n<h3 class=\"wp-block-heading\">View Listening Services<\/h3>\n<p><\/p>\n<p><\/p>\n<pre class=\"wp-block-code\"><code>lsof | grep LISTEN<\/code><\/pre>\n<p><\/p>\n<p><\/p>\n<p>Displays services waiting for incoming connections.<\/p>\n<p><\/p>\n<p><\/p>\n<h3 class=\"wp-block-heading\">Inspect a Specific Process<\/h3>\n<p><\/p>\n<p><\/p>\n<pre class=\"wp-block-code\"><code>lsof -p PID<\/code><\/pre>\n<p><\/p>\n<p><\/p>\n<p>Helps identify which application is handling suspicious traffic.<\/p>\n<p><\/p>\n<p><\/p>\n<p>This is useful for determining whether:<\/p>\n<p><\/p>\n<p><\/p>\n<ul class=\"wp-block-list\"><p><\/p>\n<li>A web server (Apache\/Nginx) is targeted<\/li>\n<p><\/p>\n<p><\/p>\n<li>A database port is exposed<\/li>\n<p><\/p>\n<p><\/p>\n<li>A specific service is overloaded<\/li>\n<p><\/p><\/ul>\n<p><\/p>\n<p><\/p>\n<h1 class=\"wp-block-heading\">Temporary Mitigation Options<\/h1>\n<p><\/p>\n<p><\/p>\n<p>If you identify a malicious IP, you can temporarily block it using firewall rules such as:<\/p>\n<p><\/p>\n<p><\/p>\n<ul class=\"wp-block-list\"><p><\/p>\n<li><code>iptables<\/code><\/li>\n<p><\/p>\n<p><\/p>\n<li><code>firewall-cmd<\/code><\/li>\n<p><\/p><\/ul>\n<p><\/p>\n<p><\/p>\n<p>However, manual IP blocking is not a long-term solution for large-scale DDoS attacks.<\/p>\n<p><\/p>\n<p><\/p>\n<p>For production environments hosted on platforms like <strong><a href=\"https:\/\/www.supportpro.com\/blog\/what-is-cloud-infrastructure-management-in-aws\/\" title=\"\">Amazon Web Services<\/a><\/strong>, built-in tools such as <strong>AWS Shield<\/strong> can provide automated mitigation.<\/p>\n<p><\/p>\n<p><\/p>\n<h1 class=\"wp-block-heading\">Best Practices for DDoS Prevention<\/h1>\n<p><\/p>\n<p><\/p>\n<p>Beyond command-line checks, organizations should implement:<\/p>\n<p><\/p>\n<p><\/p>\n<ul class=\"wp-block-list\"><p><\/p>\n<li>Real-time monitoring systems<\/li>\n<p><\/p>\n<p><\/p>\n<li>Rate limiting<\/li>\n<p><\/p>\n<p><\/p>\n<li>Web Application Firewalls (WAF)<\/li>\n<p><\/p>\n<p><\/p>\n<li>CDN-based traffic filtering<\/li>\n<p><\/p>\n<p><\/p>\n<li>Load balancing<\/li>\n<p><\/p>\n<p><\/p>\n<li>Auto-scaling policies<\/li>\n<p><\/p><\/ul>\n<p><\/p>\n<p><\/p>\n<p>Proactive planning reduces operational risk significantly.<\/p>\n<p><\/p>\n<p><\/p>\n<h1 class=\"wp-block-heading\">Conclusion<\/h1>\n<p><\/p>\n<p><\/p>\n<p>Monitoring active connections is a quick and effective first step when investigating unusual traffic spikes. Commands like <code>netstat<\/code>, <code>ss<\/code>, and <code>lsof<\/code> provide immediate visibility into server activity.<\/p>\n<p><\/p>\n<p><\/p>\n<p>However, modern DDoS attacks require a broader defensive strategy that includes proactive monitoring, structured escalation processes, and layered security controls.<\/p>\n<p><\/p>\n<p><\/p>\n<p>Understanding traffic patterns early can help reduce downtime, protect infrastructure, and maintain service availability.<\/p>\n<p><\/p>\n<p><\/p>\n<h2 class=\"wp-block-heading\">Frequently Asked Questions<\/h2>\n<p><\/p>\n<p><\/p>\n<h3 class=\"wp-block-heading\">How many connections from one IP is considered suspicious?<\/h3>\n<p><\/p>\n<p><\/p>\n<p>There is no fixed number. It depends on your server capacity and traffic patterns. Sudden spikes or unusual patterns are stronger indicators than raw numbers.<\/p>\n<p><\/p>\n<p><\/p>\n<h3 class=\"wp-block-heading\">Can netstat detect all types of DDoS attacks?<\/h3>\n<p><\/p>\n<p><\/p>\n<p>No. It helps identify connection-based attacks, but application-layer attacks require log analysis and monitoring tools.<\/p>\n<p><\/p>\n<p><\/p>\n<h3 class=\"wp-block-heading\">Should I block suspicious IPs immediately?<\/h3>\n<p><\/p>\n<p><\/p>\n<p>Temporary blocking may help, but improper firewall rules can block legitimate users. Always verify traffic behavior first.<\/p>\n<p><\/p>\n<p><\/p>\n<h3 class=\"wp-block-heading\">How can I quickly check if my Linux server is under a DDoS attack?<\/h3>\n<p><\/p>\n<p><\/p>\n<p>You can run commands like <code>ss -antup<\/code> or <code>netstat -an<\/code> to inspect active connections. A sudden spike in connections, especially from multiple IPs or unusual states like SYN_RECV, may indicate suspicious traffic.<\/p>\n<p><\/p>\n<p><\/p>\n<h2 class=\"wp-block-heading\">Need Expert Help?<\/h2>\n<p><\/p>\n<p><\/p>\n<p>If you suspect a DDoS attack or need help analyzing your server traffic, contact<a href=\"https:\/\/www.supportpro.com\/contactus.php\" title=\"\"> <strong>SupportPRO<\/strong><\/a> server administrators for immediate analysis and mitigation.<\/p>\n<p><\/p>\n<p><\/p>\n<p class=\"has-text-align-center\">\n<\/p><p><\/p><\/div>\n<p><\/p><\/div>\n<p><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"penci-section penci-disSticky penci-structure-20 elementor-section elementor-top-section elementor-element elementor-element-748aeb1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"748aeb1\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"penci-ercol-50 penci-ercol-order-1 penci-sticky-ct    elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-6b23689\" data-id=\"6b23689\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c511c27 elementor-widget elementor-widget-text-editor\" data-id=\"c511c27\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"color: rgb(49, 49, 49); font-family: Nunito, sans-serif; font-size: 32px;\">Partner with&nbsp;<\/span><span style=\"font-weight: 700; font-size: 32px; color: rgb(49, 49, 49); font-family: Nunito, sans-serif;\">SupportPRO<\/span><span style=\"color: rgb(49, 49, 49); font-family: Nunito, sans-serif; font-size: 32px;\">&nbsp;for 24\/7 proactive cloud support that keeps your business secure, scalable, and ahead of the curve.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-79e5f8a elementor-widget elementor-widget-shortcode\" data-id=\"79e5f8a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\"><!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper\" id=\"hs-cta-wrapper-3350a795-db50-482f-9911-301930d1b1be\"><span class=\"hs-cta-node hs-cta-3350a795-db50-482f-9911-301930d1b1be\" id=\"hs-cta-3350a795-db50-482f-9911-301930d1b1be\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/2725694\/3350a795-db50-482f-9911-301930d1b1be\" ><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-3350a795-db50-482f-9911-301930d1b1be\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/3350a795-db50-482f-9911-301930d1b1be.png\"  alt=\"Contact Us today!\"\/><\/a><\/span><script charset=\"utf-8\" src=\"https:\/\/js.hscta.net\/cta\/current.js\"><\/script><script type=\"text\/javascript\"> hbspt.cta.load(2725694, '3350a795-db50-482f-9911-301930d1b1be', {\"useNewLoader\":\"true\",\"region\":\"na1\"}); <\/script><\/span><!-- end HubSpot Call-to-Action Code --><\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"penci-ercol-50 penci-ercol-order-2 penci-sticky-ct    elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-16623ea\" data-id=\"16623ea\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f8aadf6 elementor-widget elementor-widget-image\" data-id=\"f8aadf6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"904\" height=\"931\" src=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup.png\" class=\"attachment-large size-large wp-image-12943\" alt=\"guy server checkup\" srcset=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup.png 904w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-291x300.png 291w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-768x791.png 768w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-585x602.png 585w\" sizes=\"(max-width: 904px) 100vw, 904px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>A sudden traffic spike on a Linux server can indicate a DDoS (Distributed Denial-of-Service) attack. Knowing how to detect DDoS traffic quickly helps prevent downtime, performance loss, and service disruption.&hellip;<\/p>\n","protected":false},"author":4,"featured_media":15826,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-345","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-miscellaneous"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/comments?post=345"}],"version-history":[{"count":27,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/345\/revisions"}],"predecessor-version":[{"id":16272,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/345\/revisions\/16272"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media\/15826"}],"wp:attachment":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media?parent=345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/categories?post=345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/tags?post=345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}