DDoS attack that escapes Cloudflare JS Challenge and the Interactive Challenge

Hi Community…

My website is facing an attack, I think it’s a DDoS attack from India.

The average number of live visitors on my website based on Google Analytics was (6-12) online visitors. After the attack, I can reach up to 140 visitors, and each one can visit up to 12 pages on my site.

The traffic appears in Google Search Console, they use targeted keywords that show my site on the first result.

The visitors sign up and confirm to my email list and they can follow websites links I put on my site and sign up to these websites as well.

The big issue is that they can escape the Cloudflare JS Challenge and the Interactive Challenge as well. I set a rule for India with the JS Challenge and another time with the Interactive Challenge action, but they fail to stop the coming traffic from India.

Finally, I decided to block India until the attack stops. I did but one month later the attack didn’t stop.

I thought it may be real traffic because they escape challenges, do sign up and confirm email subscriptions, they come from Google, organic traffic. But the only thing that shows they are not is that they come from certain IPs.
And when blocking these IPs, other ones appear.

Please help me guys.

Are you restoring visitor’s IP addresses? More details: Restoring original visitor IPs.

No, I am not restoring visitors’ IP addresses.

This issue happens one month ago.


Are the locations & top IP requests from google analytics?

I’d do a few things, restore original IPs, ask your hosting provider to adjust your server firewall to only accept traffic from Cloudflare IPs IP Ranges, and finally ask your hosting provider to rotate your origin IP address and update your A record to reflect the new IP.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.