Hi.
The truth is that this question, I do not know if it goes in this section of the forum ...
The point is, perhaps, you should divide it in two; I tell you my problem and with what you advise me, I do:
For almost a month, a ddos attack started on my server, initially, I could mitigate it, but as I was adding rules, the attack was also reconfigured, to the point that it affects other machines where I have my VPS and my server, although they have informed me that they try to mitigate it, they can no longer, so, I have had to suspend the intermittent moto account.
I'm behind Cloudflare, but it hasn't been enough, I think the attack is direct to the IP of my VPS.
Between my server and I we have considered that the best option is to move my current VPS to another, to have a new IP, in the new one leave only the web service, and in the old one, the mail service.
Through cloudflare, they won't know the new ip of the web service, and that's the idea.
However, and seeing the scale of the attack (in 15 years I had not suffered anything like this), I want to prevent. I do not know if it is "crazy" or simply, it lacks value, but there comes a point that despair begins (I have been offline for 20 hours).
Would it be possible to configure the webserver so that it only accepts cloudflare ip's on ports 80/443? all others denied.
I use a firewall, which I know is third-party and there is no support for it here.
Or any other idea you can think of ...
Funny because, since yesterday, the load on my server was normal, but if I did a netstat there were hundreds of IP's connected, the load on the server did not go up, but where I host the server, they told me that it affected other machines. Of course, browsing the web was impossible.
Thanks in advance!
The truth is that this question, I do not know if it goes in this section of the forum ...
The point is, perhaps, you should divide it in two; I tell you my problem and with what you advise me, I do:
For almost a month, a ddos attack started on my server, initially, I could mitigate it, but as I was adding rules, the attack was also reconfigured, to the point that it affects other machines where I have my VPS and my server, although they have informed me that they try to mitigate it, they can no longer, so, I have had to suspend the intermittent moto account.
I'm behind Cloudflare, but it hasn't been enough, I think the attack is direct to the IP of my VPS.
Between my server and I we have considered that the best option is to move my current VPS to another, to have a new IP, in the new one leave only the web service, and in the old one, the mail service.
Through cloudflare, they won't know the new ip of the web service, and that's the idea.
However, and seeing the scale of the attack (in 15 years I had not suffered anything like this), I want to prevent. I do not know if it is "crazy" or simply, it lacks value, but there comes a point that despair begins (I have been offline for 20 hours).
Would it be possible to configure the webserver so that it only accepts cloudflare ip's on ports 80/443? all others denied.
I use a firewall, which I know is third-party and there is no support for it here.
Or any other idea you can think of ...
Funny because, since yesterday, the load on my server was normal, but if I did a netstat there were hundreds of IP's connected, the load on the server did not go up, but where I host the server, they told me that it affected other machines. Of course, browsing the web was impossible.
Thanks in advance!
