I think it'd be great if there was a sticky somewheres that listed IP addresses that our servers should whitelist, so programs like csf / lfd doesn't blacklist them. Also, it'd be nice so if we see traffic from these IP addresses, we know they're not malicious. I just received an e-mail with the subject line of:
lfd on myhostname.mydomain.com: WHM/cPanel root access alert from 126.96.36.199 (US/United States/p3plvertigo01.prod.phx3.secureserver.net)
and the body:
Time: Tue Jul 12 21:54:21 2016 -0400 IP: 188.8.131.52 (US/United States/p3plvertigo01.prod.phx3.secureserver.net) User: root
This worries me much. How can I tell that the IP belongs to GoDaddy? Not all the secureserver.net domains belong to actual GoDaddy, right? Aren't certain customers assigned those secureserver.net domain names as well? Did someone hack into my server or is this some service that belongs to GoDaddy? What about other IP addresses? Earlier, on tech chat support, I received a list of IP addresses that I should whitelist, however, this IP is NOT in that list! That makes me worry a bit.
Is there anyway we (or at least me) can get a complete list of IP addresses that should be whitelisted? I couldn't find this information anywhere on GoDaddy's site, let alone the internet.
Solved! Go to Solution.
What you said makes a lot of sense. Are those IP addresses that are actually owned and ran by GoDaddy or are they IP addresses that are leased out to VPS's and private servers and what not, like the IP addresses I might have for my site?
For example, my server permanently blocked the IP address 184.108.40.206 earlier. That IP address tried connecting to my server's 2638 UDP port. From the list you provided, I see the IP address range 220.127.116.11 - 18.104.22.168.
22.214.171.124 would fall within that range, however, so does my VPS. I was looking not so much for a list of IP addresses that GoDaddy owns, but more or less a list of IP addresses that I should whitelist that are owned by GoDaddy.
I will give an example. When I log into GoDaddy's site and manage my server, I can do a backup of my server. I notice when I do this, in my log files, I see the IP address 126.96.36.199 connecting, with root access. If I block that IP address, backups don't work.
I'd like to know what IP addresses I should whitelist. IP addresses like 188.8.131.52 for example. I don't want to whitelist IP addresses that are being assigned to people who are leasing servers from GoDaddy because of security concerns. I'd just like to whitelist the IP's that GoDaddy might use to connect to my server, for stuff like backups and what not.
Some of the IP addresses that are owned by GoDaddy are trying to access my site. I've seen Tor Exit nodes and stuff like that. Although these IP addresses are owned by GoDaddy, I believe they're customers that are running software that's trying to connect to my server and not actually GoDaddy itself. Does that make sense? I can try to clarify a bit more if you'd like.
For security concerns, if you need to PM me IP addresses, you're more than welcome to. That way hackers don't know the IP addresses to your servers. Thanks.
I just wanted to bring this conversation back for a bit. I never got a response, but I believe that list is actual IP addresses owned by GoDaddy. For example, I believe anyone who rents a virtual private server or a shared server or maybe even a dedicated server from GoDaddy, will have an IP that might be in that list. My two IP addresses for my server are in that list. Whitelisting those IP addresses would probably be a horrible idea. If you whitelisted everything in that specific list, I'd be able to attack your server without your security preventing me.
I was mainly interested in a list of IP addresses that GoDaddy uses to connect to my machine, so I know for certain it's GoDaddy. When I log into GoDaddy and do a server backup, a GoDaddy server connects to my server to perform the backup. The IP addresses of that server should be in the list that I'm requesting.
I hope that clarifies things a bit. Thanks!
Apologies for the delay getting back to you. Looking at the information in your original post, I noticed the IP you referenced accessing your server is actually an address used from the dashboard interface provided within your customer account. Meaning this would have been a footprint showing either yourself or someone with access to your customer account accessing the server.
As for other IP addresses that we might use to access your server from a support spectrum, generally our server chat teams can provide you the specific IP address they'll likely be accessing your account from, but a few of the common ones used are as follows:
I hope that helps clarify. If you're still needing assistance, feel free to talk to our server support team via phone or chat and they should be able to help further.
Thank you. I'd imagine I'm not the only person who would benefit from this list. So, we should add 184.108.40.206 to it as well, in case other people need it. Are there any other IPs like 220.127.116.11 that might connect for backups? Or will it always be 18.104.22.168 for the backups?
These are the current ones that I believe belong to GoDaddy (not the ones they assign to VPSs / shared servers / dedicated servers, etc). Could you please verify that the list I have is correct?
22.214.171.124 # GoDaddy Support
126.96.36.199 # GoDaddy Support 188.8.131.52 # GoDaddy Support
184.108.40.206 # GoDaddy Support
220.127.116.11 # GoDaddy Support 18.104.22.168 # GoDaddy Backup 22.214.171.124 # GoDaddy Support 126.96.36.199 # GoDaddy Support 188.8.131.52 # GoDaddy Support 184.108.40.206 # GoDaddy Support 220.127.116.11 # GoDaddy Support 18.104.22.168 # GoDaddy Support 22.214.171.124 # GoDaddy Support 126.96.36.199 # GoDaddy Support 188.8.131.52 # GoDaddy Support
Anyone know if 172.30.3x.xxx is GoDaddy Support? I found 10 in this range listed in my WHM » Security Center » cPHulk Brute Force Protection.
Previously support was kind enough to note "DO NOT REMOVE - added by hosting provider" for any such entries.
Adding to the list I see backups running from the 52.8.xxx.xxx range.