Daily DDoS attacks for weeks

Hello, I’m writing this post as a vent. I’ve been experiencing DDoS attacks on my website that I can’t seem to stop, even with Cloudflare! It’s unbelievable but true. Is it possible that I can’t stop this daily attack? The person behind it floods my server with thousands of different IP addresses. I believe it’s a Layer 7 DDoS attack, but I don’t know how to stop it! I’m using the Pro plan, and I can’t mitigate the attack. Does this mean I have to say goodbye to my online business? Should I turn to the police to stop these attacks? I’m seeking advice and would like to know why Cloudflare isn’t blocking these attacks, especially since they claim to do so, particularly with Layer 7 attacks. I’m truly demoralized, and I’m asking for help. I’ll show you the CPU spiking in the screenshots. Why isn’t Cloudflare blocking these attacks?

Uploading: a.PNG…

This is what I’m receiving in the panel, it even says 'DDoS no data.

It takes a pretty high threshold of requests per second (rps) before DDoS can kick in.

Here’s a pretty good guide for defending against one:


You could easily apply a rate-limit rule. Try setting it hostname contains your “domain.com”, set 100 requests in 10 seconds and block it for 1 minute. Tune this how you need, your analytics and personal spam can determine a proper limit.

You can take the results that say spam the most in 30 minutes and block their ASN if it’s a server/proxy host.

If this is a business, you may consider regional blocks if you don’t ship to certain countries or service them. Tons of options.

The attack you’re showing is very small so limits will help right now. Don’t lose hope this is nothing. Don’t expect Cloudflare to block most attacks automatically you may need to use under attack mode and sort things yourself. It’s stressful but trust me you can solve it.


Is it possible to find out who is launching the attack? Because it’s not fair that these people get away with it. If so, who should we turn to in order to find out?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.