Site source IP exposure to use high-protection after the line is not ok how to solve?

Title: Solutions for IP exposure using high-protection post-source stations

After the purchase of high-anti-IP, if there is an attack bypassing the high-protection direct hit to the source IP, you need to replace the next source station IP. But before you do this, be sure to check that there are no other factors that might expose the source IP, and then replace the source station IP. Otherwise the change is also white change.

It is strongly recommended that you follow these steps to troubleshoot each:

I. Possible causes of IP exposure at source station

Server has a Trojan horse, backdoor and other security risks, if you do not have security technicians can be detected, you can choose Cloud Shield SOS Service, Knight products or to the cloud market to choose the appropriate security services
There are some other source station services are not high-level, such as mail server MX records, BBS Records, and other than the Web records, please carefully check your DNS resolution of the entire content, to ensure that no records resolved to the source station IP
Web site source information disclosure, such as phpinfo () may contain IP addresses, etc.
Some malicious scans (can be protected by allowing only high anti-back source IPs on the source station)

Second, confirm that there is no business resolution to the source station

You can test the current domain name by testing the 17 or webmaster's home, and see if there is any resolution to the source station.
Check your DNS resolution configuration again to see if there are any records that resolve to the source station IP

Third, replace the source station IP

Verify that all factors that may cause IP leakage from the source station have been eliminated after replacing the source station IP

Four, inconvenient to exchange the source station IP or has changed the IP what to do?

We recommend that you hang a SLB (load balancer) in front of the backend ECS and add the following schema: client-to-high anti--->slb-->ecs, need to fill in the SLB address as the return source address on high defense.

The advantage of this way is: even if the attack directly hit the source station to make the source IP is black hole, through high-protection access to the server is still unaffected, because the SLB to the source station access (this part of the traffic network, the source station into the black hole no impact) or normal, high-defense can also be through the SLB to request the source station
Ding Feng Van van qq:2881064156

Site source IP exposure to use high-protection after the line is not ok how to solve?