Issue - Detection of an attack on my IP address , how to fix ? | Plesk Forum

Issue Detection of an attack on my IP address , how to fix ?

Discussion in 'Plesk Onyx for Linux' started by tomer628, Apr 21, 2017.

  1. tomer628

    tomer628 Basic Pleskian

    10
    85%
    Joined:
    Feb 17, 2016
    Messages:
    69
    Likes Received:
    3
    hi.

    recently i got attack on my IP VPS (OVH Host) and this attack make my website down and my clients can't enter to my website....
    and i got this email evey hours whaen attack is available :
    i try to speak with the OVH suuport and i captured packets with this code:
    Code:
    tcpdump -w capture-ovh -c 100000 port not ssh
    and i sent the capture file to the support ..
    the sent me this answer :
    i want to protect my Vps (even with money-but low cost-some single dollars...)
    and if there is a free protect of course this will also good for me..

    anyway this my details:
    i using CloudFlare with Ddos protect
    VPS Ubunto 14.04 with Plesk Onyx
    12GB Ram
    2 CPU

    hope you can help me with taht because i realy don't know what to do with that situation

    Regards,
    Tomer.
     
  2. IgorG

    IgorG Forums Analyst Plesk Team

    45
    64%
    Joined:
    Oct 27, 2009
    Messages:
    23,366
    Articles:
    3
    Likes Received:
    839
    Location:
    Novosibirsk, Russia
    Use Plesk fail2ban and Web Application Firewall (ModSecurity) features for protection.
     
  3. tomer628

    tomer628 Basic Pleskian

    10
    85%
    Joined:
    Feb 17, 2016
    Messages:
    69
    Likes Received:
    3
    do you have for me a good guide to do that right ?
     
  4. IgorG

    IgorG Forums Analyst Plesk Team

    45
    64%
    Joined:
    Oct 27, 2009
    Messages:
    23,366
    Articles:
    3
    Likes Received:
    839
    Location:
    Novosibirsk, Russia
  5. tomer628

    tomer628 Basic Pleskian

    10
    85%
    Joined:
    Feb 17, 2016
    Messages:
    69
    Likes Received:
    3
    thank you a lot !!!!!:)
    i will try that and hope the attackts will gone...
    by the way what is better to choose:
    Comodo ModSecurity (subscription) or Atomic Basic ModSecurity ?
    i did the Comodo ModSecurity (subscription) but this will expire in 04/2018 and i'm not sure about that..
    so if you can suggest me this will be perfect for me :)
     
  6. IgorG

    IgorG Forums Analyst Plesk Team

    45
    64%
    Joined:
    Oct 27, 2009
    Messages:
    23,366
    Articles:
    3
    Likes Received:
    839
    Location:
    Novosibirsk, Russia
    Sorry, I can't ;)
    It's up to you.
     
  7. tomer628

    tomer628 Basic Pleskian

    10
    85%
    Joined:
    Feb 17, 2016
    Messages:
    69
    Likes Received:
    3
    OK...
    I will start with Comodo ModSecurity (subscription) until thiis expire..
    then i will use Atomic Basic ModSecurity...

    thank you again:);):):)

    and hope this will fix the the issue...
    anyway i wil update here if the proble, still exist..
     
  8. Pankaj K

    Pankaj K Plesk Certified Professional Plesk Certified Professional

    15
    80%
    Joined:
    Mar 13, 2017
    Messages:
    9
    Likes Received:
    2
    Location:
    India
    yes sure mod security will help you to protect your site
     
  9. tomer628

    tomer628 Basic Pleskian

    10
    85%
    Joined:
    Feb 17, 2016
    Messages:
    69
    Likes Received:
    3
    ok, update:
    24 hours after i tried the Mod security + Fail2Ban, the attackts lower than before, but still the OVH detected an attack on IP address xx.xxx.xxx.xx and they vacuumed up my traffic onto there mitigation infrastructure. ....

    and this make my website down (i spoke with OVH to disable this migration-because this make my website down,and they said this cannot possible)
    So i'm stack :( don't know what to do ?
     
    Last edited: Apr 23, 2017
Loading...