I have a free account and the domain is movieglide.com. A ticket has been opened since last 4 days without a single response from cloudflare. Request was created under “I’m under attack” after proper research about the issue from my side after going through cloudflare dashboard and after seeking advice from hosting team. I’m very curious and at the same time disappointed about the response time. My request is #1622434. What is your criteria on resolving requests made from free accounts? I know its lowest priority for you compared to other plans. But waiting for more than 4 days for a single response for a site outage issue completely nullifies the purpose of adding my website into cloudflare. I’m really in search for answers and a possible lead to resolve the site outage issue.
Sorry to hear that. 4 days is not the usual response time. But we (the community) don’t have access to your tickets or account.
Tell us about your problem. In most cases we can assist or guide you through.
When I access the site I see this (click on the link):
Google analytics account shows “zero” traffic and my cloudflare dashboard shows this (click on the link):
When I contacted the hosting support, their reply was like this (click on the link):
Here is the dns settings:
Here is the CPU consumption:
Seems like a complicated ddos attack. Not sure though.I really dont know whats going on
Hi @movieglide, I see a ticket from Tuesday but nothing 4 days ago. Tickets are handled based on plan level, but no, you don’t need to pay to get support. All tickets are addressed regardless of plan, free just takes a bit longer sometimes.
https://www.movieglide.com/ loads ok:
The error “error establishing a database connection” sounds like a wordpress error for a site under attack.
http://prntscr.com/m5ji4d (logged in from chrome incognito mode to get rid of cookie stuff)
No, site is not at all working. You’re getting it temporary. If you try multiple times, you will possbly see the same error message as I see. The issue is still there. Ticket created on monday our local timezone (thats around 8 hrs more from now in order to get the request creation to make 4 days without response.). It’s near to 4 days just short of few hours.
The error is because CPU load is 100%, and it’s not because of site traffic, which I proved above from screenshots. Site have received no traffic. We have restarted the server multiple times, still issue is re-occurring. And most importantly, this started all of a sudden, I didnt do any single changes to the site when this happened. I hope now its clear for you.
OK, I do see it off and on when I reload. I made notes on the ticket from Tuesday morning and will track it.
Thank you @cloonan
Highly appreciate that. I will monitor this thread as well as ticket.
In case you need any inputs from my side, I will be here. Thanks again!
A quick question though. Don’t get me wrong.
Is it possible for you to check on this matter today (friday)? Because otherwise this will be pushed to next week. I guess you work on business-days only.
can you please tell me when can I expect a response for my support request? I’m willing to wait for a positive result, but otherwise let me know at the earliest please. I’m receiving complaints from our audience regarding the outage.
Could you try pausing cloudflare and seeing if it fixes the issue? “Error establishing a database connection” isn’t something Cloudflare would cause or trigger, it’s something that shows if the MySQL database doesn’t respond, which would have to be resolved by the host.
Please read across the previous posts.
I have restarted mysql and the apache server multiple times which didnt resolve my issue.
If thats a wordpress issue that would have noticed on next day itself while this issue started one day after I posted couple of posts which I usually do everyday.
This issue can happen when CPU is 100% capacity. It can happen if server resources are busy addressing requests or when layer 7 attack is executed. Moreover my cloudflare dashboard shows over 5 million traffic while Google analytics shows “zero” traffic.
I do not work for Cloudflare (so can’t read your ticket, and my response is based solely on what’s written in this thread), but I can only make some suggestions:
If you’re lucky, the attack may be coming from a small set of IPs (or from a certain country. for example my website gets most of its abuse from Russia & Romania from some reason…). You could use Cloudflare Firewall to stop access to certain IPs or whole countries. Knowing the IPs can only be done from your server logs (at least on Cloudflare free account), and further, if you haven’t set up your webserver specifically for that, all your visiting IPs will now appear to be coming from Cloudflare’s range, which will not help you. So you should do this setting to see who is still attacking you.
But before you DO set your webserver to translate Cloudflare’s IPs to the original IPs contacting your site, it is actually a Good Thing to check the logs now and see that indeed all the IPs you see are from Cloudflare. Why? Because there’s a possibility that your attacker has kept the IP addresses of your server, and keeps attacking them despite the DNS change to Cloudflare’s IPs - thus - bypassing Cloudflare’s protection altogether! If you check the logs and see that this is what happens - there are a couple of things you could do: You could use Cloudflare’s IP ranges list and allow traffic to port 80/443 only from those range. Or, if you don’t want to mess with this configuration which might be dynamic, AND your website already utilizes HTTPS before Cloudflare, you could configure your webserver to only accept TLS connections from Cloudflare’s specific client certificate (check “Authenticated Origin Pulls” under “Crypto” tab), and deny everything else. That way, any unauthenticated request, gets blocked by your server before it reaches the application and thus database layer.
Finally - optimize your Wordpress. If you’re using Wordpress in its’ out of the box configuration, it’s not as efficient as it might be. So I think using a Wordpress caching plugin, if you don’t have one, is a must. I would start with “WP Super Cache”. If you do have a caching plugin and it’s not the one I’ve mentioned, I would recommend that you try to disable your existing one and try this one. I’ll however point this: I am not the author of the plugin, it improved greatly the performance at one of my customers’ blog. Every plugin carries a risk in it. Backup your WP directory tree and DB (which you should regularly do anyway!), before making any changes.
Hope this helps, and have a nice week!
Thank you very much for the great info.
And regarding your comments.
- I did the former step as you mentioned.
- Hosting team says they only see cloudflare IP’s on logs. But when I followed your suggestion, I see that it’s already enabled and I could see it nginx.conf file. So, am I missing anything here? dont know. I followed this: https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-
I figured out the required steps. I could see real IP’s on logs now. But there are plenty out there.
Few brute force hacking attempts, other than its difficult to differentiate what is not legit.
Understand that this is possible if the attacker gets my server real IP. But I’m dying to find out answers. I have the server logs. If it’s required, I would love to share my findings along with logs to cloudflare team, but the problem is I havent received a response from them yet a week is approaching fast.
I have a caching plugin.
Some suspicious stuff found on logs:
Server connect to port 80 itself and there 4500+ active connections being made everytime no matter how many times I restart the server !!
Could it be that someone got your IP and isn’t passing through Cloudflare at all? Try to see the IPs that are connected, they should be in Cloudflare’s IP space (https://www.cloudflare.com/ips)
Here is what I see:
The masked one is my own server IP. Rest everything else from cloudflare IP space
You have over 3000 open connections from your own server?! Is that really supposed to happen?
I really have no idea why. Crazy thing is this happens even if I restart the server within few seconds.
An earlier screenshot shows the Cloudflare Overview with a ridiculous amount of traffic in the past 24 hours.
Those logs show a barrage of OPTIONS requests. I don’t see any IP addresses in that screenshot, but I’ll assume those are the ones causing problems.
I don’t recall OPTIONS requests being necessary for WordPress, so why not explore Firewall Rules and block (or challenge) OPTIONS requests to your site?
At this point I would argue the issue is with that. Without Cloudflare active does the site load?