CPanel Direct IP getting ddosed
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

CPanel Direct IP getting ddosed

I have two Cpanel servers setup for our shared hosting and a whole slue of clients. Some have dedicated IPs and some have shared IPs, however, Today the main IP for the cpanel server got hit and disrupted everyones services.

I am currently with Combahton and I have tried things like enabling permanent mitigation, etc.

Is there a way to configure cpanel so my clients don't get disrupted? Any way to change the main cpanel1 IP address?

Comments

  • WSCallumWSCallum Member, Provider

    Nullroute the IP, at least then clients services should become accessible. Nothing to stop the attackers going for your other IPs though...

    If you have DDoS protection that isnt working, contact your datacenters support team to see if any changes can be made to block the attack traffic.

    WebSound - Affordable, reliable hosting solutions

    UK SSD Web & Reseller Hosting / VPS / Semi-Dedicated VDS - www.websound.co.uk

  • Changing the IP will likely shift the attack to the new IP. Just enable your permanent mitigation or terminate the client who is attracting the attacks.

  • NeoonNeoon Member
    edited September 14

    Well, if its application layer, ask them, he said they have system for that in place.
    Application layer will mostly not trigger AntiDDOS, since your traffic goes encrypted over TLS.

  • jarjar Provider

    What's worse when this happens, DNS lookups go out of the primary interface causing apache reverse lookups to slow down (if they're enabled), and exim to fail to send email because it can't lookup recipient DNS.

  • In before someone posts a complaint thread on LET that his account got terminated for no reason.

    Serenity now. It is coming.

  • MikeAMikeA Member, Provider

    It could be a 30 second fix or it could be something you'd need specific protection for. Do you have any logs, assuming it's a L7 attack, from the web server, fpm, etc? What port is getting the traffic?

    ExtraVM DDoS Protected VPS

  • @MikeA said:
    It could be a 30 second fix or it could be something you'd need specific protection for. Do you have any logs, assuming it's a L7 attack, from the web server, fpm, etc? What port is getting the traffic?

    Its Layer 4. They are hitting the direct IP of the machine, it causes everything to go down.

  • JackJack Member, Provider
  • @Jack said:
    Offer dedicated IPs for all customers.

    ​All views and opinions expressed are personal opinions and do not represent those of any company. No liability can be held for any damages or hurt feelings, however caused, to any readers of this message.

  • mfsmfs Member

    sharedport said:

    Its Layer 4. They are hitting the direct IP

    Unless they're actually filling up your (already DDoS protected) pipes, have you considered routing/sending all the traffic to something as simple as a dedicated NGINX instance returning a 444 for all direct IP connections + fail2ban for the offending IPs? Or, enable the SYNPROXY target.

  • combahton_itcombahton_it Member, Provider

    @sharedport I assume that affects some of your additional ip-addresses, right? - I kindly suggest getting in touch with our customer care, we have extensive capabilities beside the regular ddos protection.

    fastpipe.io ::: Webhosting, Cloud Server and Dedicated Server in Frankfurt, Germany
    Providing also Colocation, IP-Transit, Remote DDoS Protection, Redundant and Custom Solutions - see combahton.net

Sign In or Register to comment.