Cloudflare and ddos protection

[DOST_FRIEND59]

Hello Everyone,

I have few servers with me, all have cpanel. i have been receiving massive amount of DDOS attack on all of our servers lately which many times cause service to go down a lot of time.
today i decided to move to cloudflare.
the attacker know the server Ip address, if I get my domains into cloudflare ip, will the attacker be able to attack the server ?

lets say my server Ip is 1.1.1.1 and cloduflare gave me Ip 2.2.2.2

now the attacker will be able to attack ip address 1.1.1.1 or he will attack 2.2.2.2 ?

 

[wedge1001]

depends on your attacker.
cloudflare could help, if he just uses DNS, if he uses the ip, you have bad luck.
check your logs, what is attacked and how - perhaps you can also block him out by adding some firewall-rules.

also be aware, that cloudflare will only migitate your attacks, if you go to the 200$-account
the migitation on the lower levels aren't really that much, and if the attack is to string, they will (more or less) force you to move away of buy the ddos-plan.

 

[saninokia]

Hello DOST_FRIEND59,

Best solution for you :

If you have VPS or server, Enable cloudflare for your site, and block all ips to your server ip, only whitelist cloudflare ips, in this way no attacker can reach your server directly, only way is to go via cloudflare. i hope it will fix your problem for sure!

Hello Everyone,

I have few servers with me, all have cpanel. i have been receiving massive amount of DDOS attack on all of our servers lately which many times cause service to go down a lot of time.
today i decided to move to cloudflare.
the attacker know the server Ip address, if I get my domains into cloudflare ip, will the attacker be able to attack the server ?

lets say my server Ip is 1.1.1.1 and cloduflare gave me Ip 2.2.2.2

now the attacker will be able to attack ip address 1.1.1.1 or he will attack 2.2.2.2 ?

 

[DOST_FRIEND59]

if I change the server Ip address, then can he find the new Ip and attack it ?

 

[saninokia]

Hello,

First add cloudflare protection, then after 1 or 2 hour, you can change your ip, as long as your server ip not visible to public, you are safe.

if I change the server Ip address, then can he find the new Ip and attack it ?

 

[DOST_FRIEND59]

Hello,

First add cloudflare protection, then after 1 or 2 hour, you can change your ip, as long as your server ip not visible to public, you are safe.

if I change the server Ip address, then can he find the new Ip and attack it ?

thanks a lot for the Info

 

[hetnix_srl]

Hello,

First add cloudflare protection, then after 1 or 2 hour, you can change your ip, as long as your server ip not visible to public, you are safe.

thanks a lot for the Info

Or, if you want to be able to run your business without cloudflare, we can provide Dedicated Servers with DDoS Mitigation for you
Please take a look here: https://www.hetnix.com/dedicated-servers.xml

 

[Sonic]

Hello DOST_FRIEND59,

Best solution for you :

If you have VPS or server, Enable cloudflare for your site, and block all ips to your server ip, only whitelist cloudflare ips, in this way no attacker can reach your server directly, only way is to go via cloudflare. i hope it will fix your problem for sure!

Worst suggestion that I've seen. So as his site will track user ips, logs, sessions, country, etc?

first of all cloudflare offers DDoS protection for business and enterprise plans (+200 USD): https://www.cloudflare.com/plans

My recommendations are:
-Disable ICPM ping
-Block all ports except 80, 443 (and PORT 25 if you would like to receive emails from your server).
-White list you home ip address on your server to use port 22, 21, etc. to mange your site.
-Tunne your apache/nginx/varnish/mysql/etc for header sizes, body size, buffers, connections and timeouts
-Use the terminal/SSH to watch the incoming TCP/UDP traffic and block the IP addresses with more than 120 connections to your server.

Some tools that may help to mitigate a DDoS attack: mod_security, mod_evasive(apache), DDoS deflate, CSF firewall

Good luck!

 

[BlaZe]

The only solution is get a hardware level DDoS protection or switch network and let your traffic pass through a 3rd party filter.

 

[REAK]

Hello DOST_FRIEND59,

Best solution for you :

If you have VPS or server, Enable cloudflare for your site, and block all ips to your server ip, only whitelist cloudflare ips, in this way no attacker can reach your server directly, only way is to go via cloudflare. i hope it will fix your problem for sure!

Worst suggestion that I've seen. So as his site will track user ips, logs, sessions, country, etc?

first of all cloudflare offers DDoS protection for business and enterprise plans (+200 USD): https://www.cloudflare.com/plans

My recommendations are:
-Disable ICPM ping
-Block all ports except 80, 443 (and PORT 25 if you would like to receive emails from your server).
-White list you home ip address on your server to use port 22, 21, etc. to mange your site.
-Tunne your apache/nginx/varnish/mysql/etc for header sizes, body size, buffers, connections and timeouts
-Use the terminal/SSH to watch the incoming TCP/UDP traffic and block the IP addresses with more than 120 connections to your server.

Some tools that may help to mitigate a DDoS attack: mod_security, mod_evasive(apache), DDoS deflate, CSF firewall

Good luck!

That's some solid advice, and most of the people in the business (atleast here in WJ) don't know this.

Just my $0.02, This would only work when there is no bottleneck in network, let's suppose you have a 100mbit dedicated network running through your host's switches
Usually hosts would have 10GigE lines running through the switches, so bottleneck will occur at the switch when the traffic is routed at your 100mbit line.

A good analogy explaining this is

If there is no bottleneck all these software techniques will work, if it's more you'll have to ask your host to mitigate useless traffic from the switch with the help of ACLs (useful in UDP Flood)
In case of TCP Flood etc, You'll have to use a dedicated hardware to perform DPI and filter out the offending traffic from real traffic.

 

[DOST_FRIEND59]

Leasweb not provide hardware level DDOS protection

The only solution is get a hardware level DDoS protection or switch network and let your traffic pass through a 3rd party filter.

 

[Sonic]

Leasweb not provide hardware level DDOS protection

The only solution is get a hardware level DDoS protection or switch network and let your traffic pass through a 3rd party filter.

Server Police is right. This depends on the type of attack. there's different types of DDoS attacks

For DDoS protection at hardware level you can try:
reliablesite.net (dont allow warez)
OR
voxility.net (allow warez)

Also add the following to your /etc/sysctl.conf

kernel.exec-shield = 1
kernel.randomize_va_space = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.rp_filter = 1

 

[saninokia]

Basically if you add cloudflare protection, then everyone will try to enter your site, they have to go via cloudflare, only the attacker will try to get your main server ip to attack, if you block access to your site ip directly means no abuser/attacker can reach your server directly, only way they can access your site is via cloudflare ( you have to add cloudflare ips to your server whitelist ) and cloudflare already filtering bad traffics for you. so you are safe.

Note : Not matter what others advice, but used to be it's the best solution.

 

[m107]

Do not count on Cloudflare free service for DDOS protection, try to use a cheap but paid service.

 

[DOST_FRIEND59]

I am keeping a check on the situation.

Will update to paid one soon