Any advice for an ecommerce site that is repeatedly getting hit with DoS attack?

Hello there, I have recently been having repeated DoS attacks on my ecommerce site. I have been turning on “I am under attack” and that helps, but do you have any other suggestions for additional settings I can set to help mitigate this as its becoming a chronic problem.

Additionally, is there a way to set a sensor to trigger “I am under attack” when it hits a certain threshold.

I have set up rate limiting but it doesnt seem to be helping.

This is crippling my business

1 Like

I’d first create a Firewall Rule for any visitors not in your target audience country, and add a JS Challenge.

Other than that, you really need to look at the traffic that’s getting through. There’s a tutorial that covers this:

3 Likes

Thank you for the response

If I want to hire someone to assist me with all this where would be a good place to look?

This topic was automatically closed after 30 days. New replies are no longer allowed.

I have been subject to intense DoS attacks (relative to my business size) for months now.

In the past 24 hours I got 3 million hits) from over 8000K users above my normal 800-900.

I have been going through and blocking the highest hitting IPs but I am curious, if this is someone who is obviously part of a network that does this professionally, should I waste my blocking individual IP addresses?

Does anyone have any idea where I might be able to find a list like this of bots to exclude or IP addresses?

Thank you so much

1 Like

If you’re still using Under Attack mode, it shouldn’t be blocking good bots. But Firewall Rules have a Good Bots rule:
cf.client.bot
Described in the FAQ:
https://developers.cloudflare.com/firewall/known-issues-and-faq

3 Likes

I am a small ecommerce site that has drawn the ire of a competitor.

I have been battling their attacks with repeated adjustments to our firewall.

Today they started making bogus orders to the website, which isnt bringing the website down, but it really is annoying and this is different than the typical brute force attack we get.

Anyone have any suggestions or advice for me?

Any insight on why they would be doing this, instead of their typical attack?

I am slowly going crazy from all this

You could use the “i’m under attack mode” while you implement some sort of captcha for your ordering system. If the fake orders are made by bots you could look at your firewall log and see if there is anything unique about their requests, and block that… e.g ip address or User Agent

I know its in firewall rules, but can someone tell me exactly what I should be adding?

Would it be the website checkout URL to user path–> captcha, or can anyone tell me exactly what I should put there?

I would really appreciate some advice on this!

It looks like /cart/ leads to /checkout/, so this should work as long as you don’t have some other page with the word “checkout” in it. If so, then set it to “Equal” /checkout (or it might need the trailing slash as well).

Do you service customer worldwide or just a specific region/country? Could you start by using some rules like

ALLOW Good bots
BLOCK Some countries
CHALLENGE some visitors

If you need some specific help, I have a day between now and day after tomorrow to perhaps have a go at helping create some rules. See if you contact me here otherwise search for me…