Hi Community…
My website is facing an attack, I think it’s a DDoS attack from India.
The average number of live visitors on my website based on Google Analytics was (6-12) online visitors. After the attack, I can reach up to 140 visitors, and each one can visit up to 12 pages on my site.
The traffic appears in Google Search Console, they use targeted keywords that show my site on the first result.
The visitors sign up and confirm to my email list and they can follow websites links I put on my site and sign up to these websites as well.
The big issue is that they can escape the Cloudflare JS Challenge and the Interactive Challenge as well. I set a rule for India with the JS Challenge and another time with the Interactive Challenge action, but they fail to stop the coming traffic from India.
Finally, I decided to block India until the attack stops. I did but one month later the attack didn’t stop.
I thought it may be real traffic because they escape challenges, do sign up and confirm email subscriptions, they come from Google, organic traffic. But the only thing that shows they are not is that they come from certain IPs.
And when blocking these IPs, other ones appear.
Please help me guys.
