and similar.
Even though I’ve turned on Under Attack mode, it still reached my servers.
OVH filtered it, but it bogged down the server a bit, to like 5.00 loads and some missed clients.
How can I prevent this in the future?
My server is configured to DROP all connections except CF’s IPs and mine.
Few outgoing connections are allowed but that doesn’t matter.
With the given details it is impossible to provide an exact answer, but there is a good chance they went straight for your server. If that is the case the only way to prevent this in the future is to change your IP address and make absolutely sure it does not leak anywhere.
Well I think I was too impatient.
After turned off the Under Attack mode I wanted instant results.
Now still when I turn off UA mode, the POST / requests come thru.
When I turn on UA mode again, it takes 4-5 minutes for all POST / requests to disappear and legit traffic come thru…
Probably it’s a filtering delay or something I was not aware of.
Now when using UA mode the attack is mitigated, so server IP is not compromised.
Yes, they have passed the under attack mode again with POST and GET requests.
What would be a good rate limit you’d recommend to not cause false positives but keep the DDoS attack off?
Thanks!
Its site specific… start from big value and lower it as much as you can, you can start trying challenge first (so even if legitimate traffic gets challenged its not that bad, and its a lot harder for bots to pass google recaptcha)
