tThecraftyowl.co.uk was subjected to a DDoS attack a few months ago. I employed the services of Cloudflare (as suggested by my ISP) and that seems to have allowed them to activate the site again. However, I tried switching it off “I’m under attack” about a month after it started and the attack was still going on and it caused them to switch the site off until I had activated Cloudflare’s “I am Under Attack” mode. They subsequently switched the site back on and I haven’t deactivated the attack mode since.
I have some bots (Bloglovin.com) that skim the site and consolidate my posts. This service no longer works since the bot can’t negotiate the attack feature of Cloudflare. I also use PayPal for some online payments and the post-back from there has also stopped working.
This is causing me substantial issues and I am hoping you can help.
Is there any way (through your logs) of determining where the DDoS is coming from and if it can be stopped? Are they attacking a particular page that might be alterable to stop the attack? Are they using the IP address or the domain name? If it’s the IP address would switching it to a different host/server IP help? I have SSL certs but they non-secure pages are still visible. Is it possible that is the issue?
If you can think of anything then please let me know. I am close to moving the site to WordPress.com in its entirety and only maintain a secure blog.
Thanks in advance.