This article is for new customers who are transitioning to X4B services as a direct result of currently being under attack. While every case is different we hope the following basic steps will be of use. These steps assume a Reverse Proxy style of setup (most simple). If you are an existing customer, and are currently experiencing issues with mitigation (e.g leaking traffic) please see the Adjusting Mitigation article.
Step 1: Get a new IP. Keep this IP secret, do not share it with anyone, do not make it public via DNS.
Step 2: Get your currently under attack IP null-routed if it is not already. If this is your main IP you may need to get the SSH or other remote access software adjusted for continued access at a new IP.
Step 3: Setup your backend services to be exclusively bound to this new IP address.
Step 4: Setup your X4B DDoS Protection service to forward traffic to your new IP address. There are tutorials for many common setups in this Knoweldgebase.
Please be aware:
- We can't mitigate traffic that is currently hitting your backend IP. Similarly we can't connect/route traffic to a nullrouted or offline backend server. Your server will need to be online to begin using our services.
- Your attacker already knows your backend address. This should now be changed, for this speak to your backend server provider.
- Good mitigation systems respond dynamically to attacks, detecting a difference between the learnt "clean" traffic and then new "attack" traffic. Routing traffic to us while already under attack does not allow the system to learn a profile for clean traffic, limiting it's effectiveness.
- Your backend provider may not be willing to provide you with additional IPs for free, normal fees for additional IPs are $1-3 per IP.
- Try not to expose your backend service IP inadvertently through poorly secured software or services.
- Mail services: We recommend using an external mail relay. To ensure security check the mail headers for IP addresses.
- FTP services: Make sure to use the "FTP" type port.
- Fetcher services (i.e remote avatar fetching): These should be disabled if possible. If this is not an option either using a proxy, or an additional IP address is recommended.