9 of 10 ip addresses disappeared, websites down.

Wanabo

Verified User
Joined
Jan 19, 2013
Messages
339
After rebooting my server (after a ddos attack) all most all my websites are down.
I have latest DA and 10 ip addresses for my server, OS is Centos 8.
All ip's were properly added to DA and used on different users/sites. Was working ok for 2 months.
The host ip address is not working anymore so I can't get access to DA on port 2222.

ifconfig shows only 1 ip address instead of 10.
How to rebuild? I still have root access with the 1 working ip.
 
Yes csf is running. But disabeling csf makes no difference. My ip is whitelisted too.

I'v managed to get the ip addresses back by disabling virtio interface (in virtualisor) and enabling again. Before that there was only 1 ip address.
But still no access to DA or some websites.

removed parts of ip addresses.
Code:
[root@host ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:16:xx:xx:xx:34 brd ff:ff:ff:ff:ff:ff
    inet 5.xx.xx.30/24 brd 5.xx.xx.255 scope global dynamic noprefixroute ens3
       valid_lft 21599913sec preferred_lft 21599913sec
    inet 78.xx.xx.140/24 scope global ens3
       valid_lft forever preferred_lft forever
    inet 79.xx.xx.74/24 scope global ens3
       valid_lft forever preferred_lft forever
    inet 193.xx.xx.24/24 scope global ens3
       valid_lft forever preferred_lft forever
    inet 5.xx.xx.36/24 scope global secondary ens3
       valid_lft forever preferred_lft forever
    inet 5.xx.xx.244/24 scope global secondary ens3
       valid_lft forever preferred_lft forever
    inet 78.xx.xx.154/24 scope global secondary ens3
       valid_lft forever preferred_lft forever
    inet 79.xx.xx.114/24 scope global secondary ens3
       valid_lft forever preferred_lft forever
    inet 193.xx.xx.28/24 scope global secondary ens3
       valid_lft forever preferred_lft forever
    inet 193.xx.xx.170/24 scope global secondary ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::xxxx:xxxx:xxxx:42a9/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
[root@host ~]#
 
Last edited:
looks propper. can u ping the add. ips from localhost? if yes connect to your switch and check the counters, maybe also clear the arp cache on the switch, this solved my add. ip problem in the past. if not stop csf and drop all iptables rules, connect to imm or ilo or drac and shutdown the interfaces and take it up manually
 
On command line as root I can ping all ip addresses and have 0% packetloss.
Stopped CSF and did csf -f and csf -tf

I'm renting a vps, so there is no switch or counters for me to check.

Don't know what you mean by, "mm or ilo or drac and shutdown the interfaces and take it up manually "
 
Check:
Code:
ip a

See post #3.

Problem seems to be resolved now.

My guess is that the virtualisor software was malfunctioning possibly due to een ddos attack. After changing VPS configuration in virtualisor from Virtio to Realtec (no ip address at all) to Intel E1000 (1 ip address) back to Virtio, all ip addresses reappeared in ip a (or nmcli). But still only 1 ip address was reachable.

I've restarted the vps a couple of times but still only 1 ip reachable, no matter the state of the firewall. Then, frustrated as I was, I took a break and watched some TV. After that suddenly all was back to normal.

Let's hope it stays that way. I'm not very happy with this hoster, still problems with rdns.
 
Back
Top