Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
CPanel Direct IP getting ddosed
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

CPanel Direct IP getting ddosed

I have two Cpanel servers setup for our shared hosting and a whole slue of clients. Some have dedicated IPs and some have shared IPs, however, Today the main IP for the cpanel server got hit and disrupted everyones services.

I am currently with Combahton and I have tried things like enabling permanent mitigation, etc.

Is there a way to configure cpanel so my clients don't get disrupted? Any way to change the main cpanel1 IP address?

Comments

  • WSCallumWSCallum Member, Provider

    Nullroute the IP, at least then clients services should become accessible. Nothing to stop the attackers going for your other IPs though...

    If you have DDoS protection that isnt working, contact your datacenters support team to see if any changes can be made to block the attack traffic.

    WebSound - Affordable, reliable hosting solutions
    UK SSD cPanel Web & Reseller Hosting

  • Changing the IP will likely shift the attack to the new IP. Just enable your permanent mitigation or terminate the client who is attracting the attacks.

  • NeoonNeoon Member
    edited September 2018

    Well, if its application layer, ask them, he said they have system for that in place.
    Application layer will mostly not trigger AntiDDOS, since your traffic goes encrypted over TLS.

  • jarjar Provider

    What's worse when this happens, DNS lookups go out of the primary interface causing apache reverse lookups to slow down (if they're enabled), and exim to fail to send email because it can't lookup recipient DNS.

  • deankdeank Member, Troll

    In before someone posts a complaint thread on LET that his account got terminated for no reason.

    I have not created a single thread. Verify it if you dare.

  • MikeAMikeA Member, Provider

    It could be a 30 second fix or it could be something you'd need specific protection for. Do you have any logs, assuming it's a L7 attack, from the web server, fpm, etc? What port is getting the traffic?

    ExtraVM - AMD Ryzen VPS starting @ $3.50
    USA (TX, VA, FL), CA, FR, UK, SGP, AU, RU

  • @MikeA said:
    It could be a 30 second fix or it could be something you'd need specific protection for. Do you have any logs, assuming it's a L7 attack, from the web server, fpm, etc? What port is getting the traffic?

    Its Layer 4. They are hitting the direct IP of the machine, it causes everything to go down.

  • EasedEased Member, Provider

    @Jack said:
    Offer dedicated IPs for all customers.

  • mfsmfs Banned, Member

    sharedport said:

    Its Layer 4. They are hitting the direct IP

    Unless they're actually filling up your (already DDoS protected) pipes, have you considered routing/sending all the traffic to something as simple as a dedicated NGINX instance returning a 444 for all direct IP connections + fail2ban for the offending IPs? Or, enable the SYNPROXY target.

    I've left LET since February 2019, account made inactive on request.

  • combahton_itcombahton_it Member, Provider

    @sharedport I assume that affects some of your additional ip-addresses, right? - I kindly suggest getting in touch with our customer care, we have extensive capabilities beside the regular ddos protection.

    combahton GmbH trading as fastpipe.io - providing Cloud and Dedicated Servers in Frankfurt, Germany

Sign In or Register to comment.