One of our websites continually has gone up and down for the past week. The service desk resolved the issue and said the following: The problem is your xxxx website was being hammered by hack attempts that Cloudflare was not blocking. The servers fail2ban and bitninja protection kicked in and thus blocked Cloudflare ipv4 ipaddress. Then your attempts to use the control panel features that go through third parties using cloudflare service and any service that needed to go through Cloudflare was blocked because of the ip4 blocks on the server. Let’s encrypt issue was because since the server doesn’t use ipv6 there were no further ipadresses from Cloudflare ipv4 range, so curl tried connecting to ipv6 ipaddress which since your server doesn’t have ipv6 address this failed and thus why you got the let’s encrypt failures. I have allowlisted Cloudflare on your fail2ban, though the downside to this is any domain you are utilizing with Cloudflare if Cloudflare system doesn’t stop the attacks then the server could end up crashing as we are no longer blocking the attacks they let through.
The problem is our xxx website never was set up with Cloudflare. I checked the DNS to make sure.
If your site is not on Cloudflare, then someone may have deliberately or accidentally pointed a Cloudflare site at your host. In that case your host should not allow the Cloudflare IP addresses, but block them. But to be sure and before doing that, can you give your domain name so people can check. Sometimes people have Cloudflare accounts that have been set up for them by their developer or someone else.
2 Likes
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.