• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Detection of an attack on my IP address , how to fix ?

tomer628

Basic Pleskian
hi.

recently i got attack on my IP VPS (OVH Host) and this attack make my website down and my clients can't enter to my website....
and i got this email evey hours whaen attack is available :
Dear Customer,

We have just detected an attack on IP address xx.xxx.xxx.xx

In order to protect your infrastructure, we vacuumed up your traffic onto our mitigation infrastructure.

The entire attack will thus be filtered by our infrastructure, and only legitimate traffic will reach your servers.


At the end of the attack, your infrastructure will be immediately withdrawn from the mitigation.

i try to speak with the OVH suuport and i captured packets with this code:
Code:
tcpdump -w capture-ovh -c 100000 port not ssh
and i sent the capture file to the support ..
the sent me this answer :
Hello,

I must inform you that the VPS offer can not have a custom firewall VAC system like our standard dedicated servers and game servers.

Due to this situation, I invite you to build your own IPtables rules on the current services that you are using.

Otherwise, I highly suggest you to order a dedicated server. This will allow you to get a customer anti-ddos profile

i want to protect my Vps (even with money-but low cost-some single dollars...)
and if there is a free protect of course this will also good for me..

anyway this my details:
i using CloudFlare with Ddos protect
VPS Ubunto 14.04 with Plesk Onyx
12GB Ram
2 CPU

hope you can help me with taht because i realy don't know what to do with that situation

Regards,
Tomer.
 
i want to protect my Vps (even with money-but low cost-some single dollars...)
and if there is a free protect of course this will also good for me..
Use Plesk fail2ban and Web Application Firewall (ModSecurity) features for protection.
 
OK...
I will start with Comodo ModSecurity (subscription) until thiis expire..
then i will use Atomic Basic ModSecurity...

thank you again:);):):)

and hope this will fix the the issue...
anyway i wil update here if the proble, still exist..
 
yes sure mod security will help you to protect your site
 
ok, update:
24 hours after i tried the Mod security + Fail2Ban, the attackts lower than before, but still the OVH detected an attack on IP address xx.xxx.xxx.xx and they vacuumed up my traffic onto there mitigation infrastructure. ....

and this make my website down (i spoke with OVH to disable this migration-because this make my website down,and they said this cannot possible)
So i'm stack :( don't know what to do ?
 
Last edited:
Back
Top