Ubuntu Prevent Attacks - Ubuntu Linux Server
by jkramer from LinuxQuestions.org on (#4XXWV)
Hi all,
I have a WP website and tool/application hosted on a droplet with digitalocean, running Ubuntu. I have developers who have helped me develop everything, but they're not so aware on the security side of things.
Since launching the site, it's been taken down several times already from a DDOS attack (xml-rpc-attacks). I created IP Tables to drop the source IPs but new ones keep coming at the server and continue to take it down. I installed the WP plugin to disable xml-rpc, but that did not solve it. The attackers seem to know the server IP address somehow. The site is already sitting behind CloudFlare CDN, so my DNS A records are pointing towards CloudFlare servers, so I'm boggled on how they know the servers IP.
So I decided to spin up a new server and IP address, migrated everything over. With in 2 days, the new server has been brought down by the same xml-rpc attacks. I researched some more, and found a method to block xml-rpc attacks directly on the server by modifying the /etc/nginx/sites-available/example.com file and adding the below.
server {
"
location /xmlrpc.php {
deny all;
}
}
Hopefully this will fix it, but not sure.
I'm looking for some advice.
1. How can I apply DDOS protection directly on the server, not just against xml-rpc attacks? CloudFlare is not helpful in my situation, as they're targeting my server directly.
2. How are the attackers finding the Server IP?
3. How can I protect the server against any hacks, other than DDOS?
4. Are there any monitoring tools or programs I can install which gives me more visibility with regards to any unauthorized access or attacks which are ongoing?
Thanks!
I have a WP website and tool/application hosted on a droplet with digitalocean, running Ubuntu. I have developers who have helped me develop everything, but they're not so aware on the security side of things.
Since launching the site, it's been taken down several times already from a DDOS attack (xml-rpc-attacks). I created IP Tables to drop the source IPs but new ones keep coming at the server and continue to take it down. I installed the WP plugin to disable xml-rpc, but that did not solve it. The attackers seem to know the server IP address somehow. The site is already sitting behind CloudFlare CDN, so my DNS A records are pointing towards CloudFlare servers, so I'm boggled on how they know the servers IP.
So I decided to spin up a new server and IP address, migrated everything over. With in 2 days, the new server has been brought down by the same xml-rpc attacks. I researched some more, and found a method to block xml-rpc attacks directly on the server by modifying the /etc/nginx/sites-available/example.com file and adding the below.
server {
"
location /xmlrpc.php {
deny all;
}
}
Hopefully this will fix it, but not sure.
I'm looking for some advice.
1. How can I apply DDOS protection directly on the server, not just against xml-rpc attacks? CloudFlare is not helpful in my situation, as they're targeting my server directly.
2. How are the attackers finding the Server IP?
3. How can I protect the server against any hacks, other than DDOS?
4. Are there any monitoring tools or programs I can install which gives me more visibility with regards to any unauthorized access or attacks which are ongoing?
Thanks!