DDos my site even with CF "I'm under attack mode"

#1

Hi,

I have a site which is constantly attacked, mainly by DDos.
Recent attacks succeed in taking my apache server down, even when setting CloudFlare’s “I’m under attack mode” to true.
I see A LOT of requests in httpd/access_log which have the referer of Cloudflare javascript challenge… Does that mean they found a way to overcome Cloud Flare security?
Below is an example of one of the thousands of requests I’m receiving:
Does anyone know how this can be solved?

#2

You can use rate limiting for such an attack.

1 Like
#3

Also, when hiding your site behind :orange: Cloudflare proxy, all traffic will appear to be from Cloudflare.

#4

Thanks for the answer. Did that just now, though it might catch some legit users (as it’s a fast chatting site).
For me it would be best to present ALL users with a capcha on their first time coming to the site (or every hour or so), is it possible to do it in cloudflare?

Thanks!

#5

Now you have enabled rate-limiting you can set the Security Level for your domain to High in the Settings tab of the Firewall and see how it works for you.

#6

Hi, the Security Level for my domain has been in “I’m under attack” mode for the last day, and the server keeps going down (even though I have enabled rate-limiting).
Is there a way to force a captcha to appear for EVERY user? I think it would be best.

#7

You can create a Firewall Rule that will impose a Captcha to everyone. Ideally, you should exclude “good bots” to avoid SEO penalties (I’m Under Attack will do it automatically, but if you create a Firewall Rule, you must be explicit about it.)

You can always replace the string I created with some other random string. You can tinker with this rule. After you’ve enabled it, you will see under Firewall > Events more details about who’s promoting this attack. Then you may create a more refined rule. For instance, if most attacking bots come from, say, Germany and China, you may restrict the Captcha to visitors from these countries. Or you can create specific rules for User Agents and IP addresses.

Also, you should go to Firewall > Settings and set a generous time for the time it will take for a Captcha to be shown again for your legit users, otherwise they may just give up on your website.EDIT: Also, if you enable this rule, don’t forget to turn off I’m Under Attack Mode. Your visitors will appreciate it.

2 Likes
Is "I'm Under Attack Mode" messing up with the SEO?
#8

Thank you so much, You helped me a lot!!

1 Like
closed #9

This topic was automatically closed after 14 days. New replies are no longer allowed.