522 error due to DDOS from Chinese IP's

I have been having no problems with Cloudflare up until today where my website is being hit constantly by Chinese spammers which is causing a 522 error. If I disable cloudflare my website works fine albeit spammed on the forums from the abforementioned Chinese spammers. Cloudlfare stops the spammers from getting to my site but it makes my site inaccessible.

It looks like a DDOS attack but enabling I’m under attack mode just presents a browser check then the same 522 error. I’ve tried blocking and Captcha methods as well but to no avail.

Is there any way to stop this (all spam attacks come from China and I’ve already set a rule to block/captcha them) as sure the spammers are stopped but my site is unusable.

Website www.arokhslair.net

I think the problem is somewhere else.

You already set up rules and they work: you see a lot of chinese visitors are hitting the JS Challenge
This means it does not need a lot of requests to take down your server.

You can solve this in 2 ways:

  1. upgrade your WebSpace to a VPS which is capable of generating the requested pages fast enough (dont recommend this)
  2. Start Caching! As all the content you are serving on your site is static content you should cache all the pages statically.

Why this? Everytime someone visits your page your server have to rebuild your page again, again and again. When you cache it the server just have to hand out the generated file.

As you are using WordPress 5.2.4 (pleas hide the version number!) I would recomment:

  1. https://wp-rocket.me (paid)
  2. https://de.wordpress.org/plugins/wp-fastest-cache (free, but paid version also available)

After this your server should be able to handle this with ease :slight_smile:

Some additional infos would be great:

  1. where do you host your Website? (which Hoster)
  2. what Hosting is it hosted on? WebSpace? VPS? Dedicated Server? CloudServer?
  3. Which PHP Version are you running at? Hopefully 7.3?
  4. Is OPcache enabled?
  5. What is your servers OS? Debian? Ubuntu? CentOS? and which version?
  6. Do you already have implemented any kind of caching?

Hi thanks for your reply,
the site is hosted by Netweaver who are a virtual provider, they switch between server providers quite frequently with Hydra Communications being the current datacentre provider. The server is shared hosting and is running CentOS, version unknown. PHP version is 7.3.

I already use a WP caching service (I can’t access site yet to determine version) but looking at the server logs it appears that some or all of clouflare’s IP addresses are being blocked or throttled by my host. I’ve yet to get a response from them. The site hosts a PHPBB3 forum which is completely inaccessible.

I’ve also been looking at the paid versions of Cloudflare which could stop the issue but as the website is only for a couple of old games supporting a small community it could be not worth it. Logging in this morning I can see the attack is still happening and it’s from multiple IP addresses. I do have some genuine Chinese users that I don’t want to block so blocking the entire country isn’t really an option.

I’ll look at some of the things you suggested and post back. Pausing Cloudflare allows me to access the site and install any additional plugins.

Thanks,

Adrian

Hi @adrian-smith31,

If you look at the firewall events log, do you see anything common to all the requests there, other than the country? e.g. same user agent etc.

No, the user agents vary each time like the IP’s do.

After submitting a support request to my host the problem seems to have been fixed. Not had a reply but I guess that they were limiting traffic from cloudlfare IP’s.