DDOS Attack from thousands of USA IP's


Our domain was DDOS attacked this morning , thousands of US IP’s visiting multiple times per second - our server contacted us that they’ve shut it down until I can return the traffic to normal - at that point I turned on Cloudflare’s max security , browser detection and applied Captcha for many countries including USA.

Question : What can I further do to protect against these DDOS attacks if they happen again from another country? The max security setting was put down to “HIGH” because captchas were coming on every page which ruins the site for regular users.

Any help would be great thankyou :slight_smile:

The following tutorial and a Community search on DDoS should provide a ton of information.

I recently received a DDOS attack and turned on all the CF securities , firewall rules.
Now my users see captchas all the time , is there a best setting to block DDOs attacks while not showing my good users captchas ?

You can change the frequency of CAPTCHAs shown in the firewall settings here.

Look for " Challenge Passage" - that’s where you can set it.

I applied “im under attack” and did bypass security for AU and NZ where my visitors are from.
The non AU/NZ captcha is not blocking Googlebot which is good.
If they try to DDOS again , they will see Cloudflare’s captcha and NOT overwhelm server - I have read that there are more advanced DDOS attacks which can get through this defence - is this where payment is required ?

I’ve not read such a thing regarding the CAPTCHA. Where did you see this?

This topic was automatically closed after 30 days. New replies are no longer allowed.