Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    CPanel Direct IP getting ddosed
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    CPanel Direct IP getting ddosed

    I have two Cpanel servers setup for our shared hosting and a whole slue of clients. Some have dedicated IPs and some have shared IPs, however, Today the main IP for the cpanel server got hit and disrupted everyones services.

    I am currently with Combahton and I have tried things like enabling permanent mitigation, etc.

    Is there a way to configure cpanel so my clients don't get disrupted? Any way to change the main cpanel1 IP address?

    Comments

    • WSCallumWSCallum Member, Provider

      Nullroute the IP, at least then clients services should become accessible. Nothing to stop the attackers going for your other IPs though...

      If you have DDoS protection that isnt working, contact your datacenters support team to see if any changes can be made to block the attack traffic.

      WebSound - Affordable, reliable hosting solutions
      UK SSD Web & Reseller Hosting

    • Changing the IP will likely shift the attack to the new IP. Just enable your permanent mitigation or terminate the client who is attracting the attacks.

    • NeoonNeoon Member
      edited September 2018

      Well, if its application layer, ask them, he said they have system for that in place.
      Application layer will mostly not trigger AntiDDOS, since your traffic goes encrypted over TLS.

    • jarjar Provider

      What's worse when this happens, DNS lookups go out of the primary interface causing apache reverse lookups to slow down (if they're enabled), and exim to fail to send email because it can't lookup recipient DNS.

    • In before someone posts a complaint thread on LET that his account got terminated for no reason.

      Amitz has passed. The end is truly nigh.

    • MikeAMikeA Member, Provider

      It could be a 30 second fix or it could be something you'd need specific protection for. Do you have any logs, assuming it's a L7 attack, from the web server, fpm, etc? What port is getting the traffic?

    • @MikeA said:
      It could be a 30 second fix or it could be something you'd need specific protection for. Do you have any logs, assuming it's a L7 attack, from the web server, fpm, etc? What port is getting the traffic?

      Its Layer 4. They are hitting the direct IP of the machine, it causes everything to go down.

    • JackJack Member, Provider

      Offer dedicated IPs for all customers.

    • @Jack said:
      Offer dedicated IPs for all customers.

      ​All views and opinions expressed are personal opinions and do not represent those of any company. No liability can be held for any damages or hurt feelings, however caused, to any readers of this message.

    • mfsmfs Banned, Member

      sharedport said:

      Its Layer 4. They are hitting the direct IP

      Unless they're actually filling up your (already DDoS protected) pipes, have you considered routing/sending all the traffic to something as simple as a dedicated NGINX instance returning a 444 for all direct IP connections + fail2ban for the offending IPs? Or, enable the SYNPROXY target.

      I've left LET, account made inactive on request.

    • combahton_itcombahton_it Member, Provider

      @sharedport I assume that affects some of your additional ip-addresses, right? - I kindly suggest getting in touch with our customer care, we have extensive capabilities beside the regular ddos protection.

      combahton GmbH trading as fastpipe.io - providing Cloud and Dedicated Servers in Frankfurt, Germany

    Sign In or Register to comment.