New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Server ip exposed?
So I setup a new site on VPS and using Cloudflare to hide real IP to avoid any sort of DDoS attack. But last night I saw bot visiting my server IP http://prntscr.com/l3ejb3 on wordfence? How does that happen? Any solution?
Its review site and I post real reviews and chances of DDoS is really good.
Comments
I think those were just random visits, probably that IP had some site earlier
What you can do is block port 80 and 443 on your VPS using iptables and just whitelist Cloudflare IPs it should help, you can find their IP list somewhere in their Knowledge base articles
0.0.0.0/0 IP Scanning
close your web port using iptables, just open the port for cloudflare's ip (https://www.cloudflare.com/ips-v4).
it would be better if you use ipset, flush and adding ips into the set periodically, because cloudflare might change their ip.
Any guide to do that?
You can try to use this. It's just an example, you may find other solutions
Iptable installation guide :
source : https://www.geek17.com/fr/content/debian-9-stretch-securiser-votre-serveur-avec-le-firewall-iptables-32
http://lea-linux.org/documentations/Iptables
http://www.fr.linuxfromscratch.org/view/blfs-svn/postlfs/iptables.html
Latest version
wget http://www.netfilter.org/projects/iptables/files/iptables-1.6.2.tar.bz2
Years pass by yet this mantra remains strong
hopefully he's installing iptables using the package manager included in his distro tbqhfam
man pages (man as in "manual", it's not brogrammer speak) are fine too
If i do this, my site wont get any downtime? i mean i dont want to block real peoples from my site? Plus i wont get issue with vesta cp and putty ? if i do this?
Was there a Host: HTTP header or just the IP was used? If the latter, you should have a .conf for your web server that deals with such requests as a default