IP ATTACK

aaP_negevmandelboard

Hello everyone.
Let's imagine a situation where the attacker discovered the IP of the site.
And it directly attacks the IP
Is there a way to block the attacks?

It uses a lot of IP addresses

he allready bypass cloudflare and find my ip
he just DDoS my ip with BOOTER

what can i do ?
some rate limit ? or WAF ?
cuz NGINX WAF ITS ONLY FOR DOMAIN

zimmer

aaP_negevmandelboard
use Fail2Ban in that case, even some basic rules can help you but if not use regex to manage the behavior of your server.
You can install Fail2Ban from the App in the menu of aapanel.

aaP_negevmandelboard

zimmer HI
i allready try this, the attack some sfrom port 80 and my Server ip the 'Fail2Ban can not stop it

aaP_loonysnow

I advise you to make these settings

aaP_negevmandelboard

aaP_loonysnow

where i can put port 80 from the server side
?

aapanel_power

adk Thank you very much for your answer
aaP_negevmandelboard
I also agree with adk, there should be no restriction on your source IP access, you can set it to be hidden in your network security group (if any), CF's CDN. Small CC and DDOS attacks should be ignored in this case, but it will work better if you change IPs

adk

The source site leak is a very serious security incident. It is recommended that you apply for an operator to replace an ip and do some security protection after the new ip is running.

adk

I guess it may be that your origin site ip has not restricted access, causing some security scanning agencies to scan your origin site content, causing a leak, such as shodan, try to block all access via ip through Nginx! (Of course, this is after you change the new ip)

aaP_negevmandelboard

Hi Guys I Sloved it
I just Install SNORT and Rate limit