Cameron Worts

Member
Apr 22, 2015
15
5
53
Australia
cPanel Access Level
Root Administrator
One of our sites we look after is currently being targeted by a DOSS attack and we have moved to a different IP and the DOSS followed to the new IP so we changed to another network.

We decided to change the nameserver records on the account to cloudflare to try stopping the DOSS attacks. We also moved the dns records such as whm.<domainname> and cpanel.<domainname> dns records so the people who are attacking the site do no know where the site is hosted.

I know you can use tools such as a cloudflare resolver to pick up the end IP however, those tools are slowly disappearing however, if I type <domainname>/cpanel or <domainname>/whm, that will redirect me to the server hostname.

How can I stop this so it is harder for people to try and gain access. The only other way is to isolate the website and put it on a simple LAMP server.
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
97
78
India
cPanel Access Level
Root Administrator
Twitter
Hi,

What level of firewall protection you have on your server i.e, have you configured firewall on your server? Did you look for hardware firewall option from your DC?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
I know you can use tools such as a cloudflare resolver to pick up the end IP however, those tools are slowly disappearing however, if I type <domainname>/cpanel or <domainname>/whm, that will redirect me to the server hostname.
Hello,

You can update the settings under the "Redirection" tab in "WHM >> Tweak Settings" to control the destination when accessing those URLs. If you want to disable the /cpanel or /whm aliases completely, there's a thread on that topic at:

SOLVED - Remove domain.com/cPanel & WHM URL

You may also find this thread helpful:

Solutions for handling ddos attacks?

Thank you.
 

Cameron Worts

Member
Apr 22, 2015
15
5
53
Australia
cPanel Access Level
Root Administrator
Yep, We had CSF enabled and the host has got DOSS protection but they found that the attack was coming via a different upstream provider so we had to move it to another provider that specialize in DDOS attacks for now they've stopped but paying a lot more for the service.