I have a cPanel server and it is using the main IP.
I got it from Online.net, now my main concern is how to change the IP of the server with a failover IP?
There is a DDoS attack on the main IP, and i want to turn it off completely and use a failover IP instead, all the DDoS attack on that IP, should be auto dropped as that ip won't be used.
How to do it?
Thank You.
PS: I have already started using Cloudflare, that's why i want to change the IP to prevent the DDoS.
Its very simple just follow methods:
WHM => Basic cPanel & WHM Setup => Basic Config
Check below screenshot:
And finally Save changes.
To secure from DDOS use Use CSF Firewall and use Comodo ModSecurity Apache Rule to protect your websites from hackers
Related
I recently signed up for CloudFlare to take advantage of the security feautres the service provides. Specifically, I'm interested in its use against DDOS attacks (which are a problem I'm facing).
My web application employs nginx as a reverse proxy (with gunicorn as the application server). The Ubuntu-based virtual machine - procured via Azure - has a static/reserved IP (used as a VIP). I've read that after connecting to CloudFlare, it's best practice to change server IP so that malicious actors can't directly DDOS the said server.
Being a newbie, I'm unsure whether this guideline was applicable to the public VIP (virtual IP) or to the internal IP (which is entirely different). Can someone please conceptually and functionally clarify this for me? Can really use some help in setting this up!
What services like CloudFlare do is acting like a CDN for your website. They become front-end of your content delivery to clients while they have vast network for doing so (resources i.e. bandwidth which are consumed by DDoS). Then your IP is just known by the anti-DDoS service provider to fetch the content and deliver on your behalf.
You see if the IP is leaked by any mean the whole defense mechanism become useless since attackers can directly point to your machine while dynamic DNS of CloudFlare would distribute requests to its network and serve clients via them.
Since your website was up for a while before you migrate to CloudFlare your current public IP is known to attackers and hiding behind CloudFlare is useless since they don't ask CloudFlare DNS service and directly attack your server. This is the reason you need a new IP and the new one should not be revealed by any mean. Just set it in your CloudFlare panel and don't use it for other purposes.
I faced attacks too and used CloudFlare to prevent them, however, I have learned how to perform those attacks by myself and also how to bypass CloudFlare and take down the protected website. The best practice is to secure your server by yourself. Using nginx as a reverse proxy is a good option.
I set up DNS server using CloudFlare few days ago. After then I found that CloudFlare provides reverse proxy. In "off-the-orange" state, I can connect server through ssh but In "orange" state, it's not.
Now I know that I have to register other A-Record like "ssh.domain.com" In "off-the-orange" then I can get what I want. However I can't sure it's right.
Is there other way to connect server through other protocol?
No, there is no other way, that's exactly what Cloudflare expects you to do, see: How do I SSH? and DDoS Prevention: Protecting The Origin. Cloudflare doesn't offer reverse proxy without DDoS protection.
If you have only one domain, you add subdomain A record for actual server, pointing to the server IP. Then you add CNAME for protected website. Cloudflare uses CNAME flattening so it's possible to have CNAME like my-domain.com -> actual.my-domain.com.
That setup has security implications: If someone finds out the subdomain, it exposes the real IP address and attacker can bypass Cloudflare protection.
Cloudflare DNS is very strict on how they respond. They don't leak anything, you have to explicitly know domain and record type to get the answer. Ie. digmy-domain.com ANY does not give away anything, you have to ask for a record type: dig my-domain.com A which returns Cloudflare proxy IP. And obviously, they don't respond to AXFR request either so only way to get actual IP from Cloudflare DNS is brute-force. I have feeling Cloudflare might detect and block such attempt.
Of course, you don't want to rely on obscurity only. Some things you could do to protect your server in case IP/subdomain is exposed:
throttle ssh connections (ufw tutorial)
configure your HTTP server to respond only desired host names ie. my-domain.com and maybe www.my-domain.com (nginx example)
also, you could deny HTTP(s) connections coming outside of Cloudflare Network.
The "Orange Cloud" icon on the DNS tab of your CloudFlare Dashboard indicates that all HTTP/HTTPs requests sent to that address are going to be forwarded through CloudFlare's reverse proxy system. This means that all connections will actually hit CloudFlare's server, then CloudFlare will "proxy" the connection and pull the page from your webserver.
When you proxy connection through CloudFlare, no direct connections are created between the client and your actual web server. If you have an "A Record" in place for a purpose other than HTTP requests, you will need to create a new record without the "Orange Cloud" icon.
How to create a new record:
Select the website you would like to create a new record for.
Select the "DNS" tab.
Select the record type you would like to create.
Enter the subdomain or record name you would like to create.
Enter in the details or IP you would like to point this record to.
Example:
If you create a new record (Like sshdirect.example.com) and point it to your server's IP, and ensure that the cloud icon is grey. You can then attempt to connect to that hostname instead of your standard one.
this is my first question here =)
I'm setting my webserver at home (trying both apache and nginx) and I've found that you can easily get and use free dynamic dns (sub) domain to make your server available not only with your home ip that would be changed next time after disconnect and connect to the internet. Actually I've made it working and it's great..
But the problem is that my personal unique data (account id/machine name) could be retrieved with reverse dns look up and I can not hide my real ip that is attached to server.
You can use proxy while browsing the internet, but how to proxy your web server (apache) that have free dyn dns (sub) domain?
I've already tried to create VirtualHost configurations, also with the use of proxy modules (mod_proxy, mod_proxy_http, mod_proxy_html) and additionally with proxifier tool, but no luck.
Some people say that it is possible to hide ip with nginx, but I never used to work with nginx. Still believe it is also possible with Apache, just can't figure it out.
I'm using private proxy in format [proxyip:port]. I must attach it everytime to my home ip to make it work. Maybe it's better to get login/password auth proxy, but at first I should find the way how to use it with web server.
Is there anyone who have luck with it? Can you explain, please, the proper config for apache? Currently I'm using version 2.4.
Many thanks and have a good day!
I was running my webserver on Plesk platform before moving to CPanel due to my perceived perception of Plesk's over-sensibility to threats to security.
After the migration, my site runs quite alright but a sister site that has my IP in its A records couldn't connect through me anymore. It only brings a default website CGI page. Please, I need help.
Have you created your second site on your cPanel server ? If yes, then there is an issues with the IP, Please check your domain IP and httpd configuration file on cPanel server and try update that IP in your DNS zone which are you using on cPanel server. Most of the time this type of issues occur due to wrong IP.
All i did was to create a wildcard subdomain which was attached to the subdomain already created on the other server i was trying to point to. That did the magic. Sorry my response seems belated.
I'm using Windows Vista, I have Apache installed already. Apache is working great, but I want to allow my website to be viewed publicly.
When I entered my ip address(the one hosting the website) on other computers, the page doesn't show up. It just loads but don't show up.
How can I edit my httpd to allow everyone to have access to my website?
Thanks
-- EDITED
Yes, I forwarded it already. Here's the screenie:
alt text http://www.picamatic.com/show/2009/02/26/09/29/2470958_522x128.jpg
Is it correct way? Or do i need to change the port?
You will need to configure the server's firewall to allow incoming connections, and your router to forward connections to the servers.
Also be aware that many ISPs block incoming port 80 connections to avoid having their customers host their own sites (Check your ISP's contract, you may be violating it by hosting a web server)
It's possible to set your router to use a different port and forward it as port 80 to your server if your ISP is blocking port 80. Check with your router's user's manual about forwarding ports. Some routers might not support changing the incoming port to a different one, in which case you would have to change the port Apache runs on as well.
From your screen shot set the public port to something other than 80 (by convention use a port between 1024–49151), and leave the private port to 80.
Also, make sure you're using your public IP on other clients. Do not use the 192.168.. addresses, they're meant only for private networks.
Outside users should then be able to use the link http://[your public router IP]:[new port] to connect.
Be sure if you are using any type of router that you enable "IP forwarding" otherwise your server remains hidden behind it.
This option can be changed on the configuration webpage for the router.
`bstpierre' is correct in that some ISP's block port 80. I use port 8080 myself. Good luck!