• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Detection of an attack on my IP address , how to fix ?

T

tomer628

Basic Pleskian
hi.

recently i got attack on my IP VPS (OVH Host) and this attack make my website down and my clients can't enter to my website....
and i got this email evey hours whaen attack is available :
Dear Customer,

We have just detected an attack on IP address xx.xxx.xxx.xx

In order to protect your infrastructure, we vacuumed up your traffic onto our mitigation infrastructure.

The entire attack will thus be filtered by our infrastructure, and only legitimate traffic will reach your servers.


At the end of the attack, your infrastructure will be immediately withdrawn from the mitigation.
Click to expand...

i try to speak with the OVH suuport and i captured packets with this code:
Code: 
tcpdump -w capture-ovh -c 100000 port not ssh
and i sent the capture file to the support ..
the sent me this answer :
Hello,

I must inform you that the VPS offer can not have a custom firewall VAC system like our standard dedicated servers and game servers.

Due to this situation, I invite you to build your own IPtables rules on the current services that you are using.

Otherwise, I highly suggest you to order a dedicated server. This will allow you to get a customer anti-ddos profile
Click to expand...

i want to protect my Vps (even with money-but low cost-some single dollars...)
and if there is a free protect of course this will also good for me..

anyway this my details:
i using CloudFlare with Ddos protect
VPS Ubunto 14.04 with Plesk Onyx
12GB Ram
2 CPU

hope you can help me with taht because i realy don't know what to do with that situation

Regards,
Tomer.
 
tomer628 said:
i want to protect my Vps (even with money-but low cost-some single dollars...)
and if there is a free protect of course this will also good for me..
Click to expand...
Use Plesk fail2ban and Web Application Firewall (ModSecurity) features for protection.
 
OK...
I will start with Comodo ModSecurity (subscription) until thiis expire..
then i will use Atomic Basic ModSecurity...

thank you again:);):):)
and hope this will fix the the issue...
anyway i wil update here if the proble, still exist..
 
yes sure mod security will help you to protect your site
 
IgorG said:
Just read Plesk documentation:

Protection Against Brute Force Attacks (Fail2Ban)
Web Application Firewall (ModSecurity)
Click to expand...
ok, update:
24 hours after i tried the Mod security + Fail2Ban, the attackts lower than before, but still the OVH detected an attack on IP address xx.xxx.xxx.xx and they vacuumed up my traffic onto there mitigation infrastructure. ....

and this make my website down (i spoke with OVH to disable this migration-because this make my website down,and they said this cannot possible)
So i'm stack :( don't know what to do ?
 
Last edited:
You must log in or register to reply here.

Similar threads

F
Question Plesk Slave DNS & DNS Security
Replies
1
Views
1K
Peter Debik
P
B
Question IP Address Mail Blacklisted SORBS- Cannot remove
Replies
3
Views
1K
Peter Debik
P
C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
508
Change Maker
C
B
Question How to deny all IPs in Plesk Firewall except certain IPs (e.g. Cloudflare IPs)?
Replies
0
Views
1K
BernieG
B
marvin
Issue IMAP requires security certificate? Maybe?
2 3
Replies
40
Views
5K
Peter Debik
P
Back
Top