DOS from Cloudflare pull IP


#1

3 days on my site there is an attack from ip addresses of Cloudflare.
My hosting reported that I need to contact to Cloudflare.
Please help me.


#2

What do you mean by attack? Do you have your domain behind Cloudflare?


#3

I mean dos attack. When I open my site I got 503 http code.
Yes, my domain behind CF.


#4

What is your domain? What makes you think of a denial of service attack?


#5

https://aspi.com.ua/
I think this is DOS because I saw log files. There are too many requests


#6


#7

A lot of requests is not necessarily an attack.

Your security settings might be too low for Cloudflare to have reacted and stopped/challenged those requests. What is your security level set to?


#8

now I set ‘under attack’


#9

Well, not now obviously but when you had the issue.


#10

3 days ago


#11

What I meant was what your setting was when you had the issue.

Apparently it was too low.


#12

but what to do now?
Because my hosting said me “This is not our problem, this is problem Cloudflare”.


#13

Well, with the setting you have right now it should not be an issue anymore.


#14

I thought so too. but I still got 503 :frowning:


#15

That error is coming from your host, so you’ll need to contact them. If they dont want to help it might be a good idea to change host.

Your Cloudflare account does validate every request at this point, so your logfile should be back to normal at this point.


#16

Thanks.
I will write to hosting again


#17

Should they deny responsibility once again point to the error message in Ukrainian, which is obviously theirs.


#18

They told me - “Many requests come to us and the server discards them at a limit. All requests come from CF”


#19

That might have happened until you activated “under attack”, now every request is validated. I’d check the log files for the number of requests you are currently receiving.


#20

Under attack mode is activated yesterday.
Today we changed it to another mode for test and then returned to “under attack” again