My website had a DDoS attack and in the process of stopping it, I had to use Cloudflares feature “I am under attack”. Now the attack has stopped and I also blocked the attacker IP.
The problem now is that this makes my emails from Mailpoet not to send. If I deactivate the I am under attack, the emails start sending.
I contacted my webhost and they said I should reachout to cloudflare again and tell them to WHITELIST the process responsible for email sending.
I am torn between switching off the the feature so my emailing will work (but still become vulnerable to future attacks) or leaving it on, but my emailing wont work. Ideally, if Cloudflare can tell me what to do to get the best of both worlds.
Another thing - from experience, do such attackers return with another IP? This guy is a blackmailer. He asked me to pay him otherwise he shuts down my website.
Thanks in anticipation.
There are a couple of ways you can create an exception for your email process. You need to obtain the IP address that this service uses.
You can go to Firewall > Tools and create an IP Access Rule with a Whitelist action for that IP address. However, this would whitelist the IP not only from the JS Challenge (the I’m Under Attack challenge), but from any other security measure you may have set in Cloudflare.
In Firewall > Firewall Rules, you can create a rule that applies the JS challenge to every visitor, with exceptions to the email service (and you may add other exceptions if needed). This way, you can safely disable the I’m Under Attack mode, and have it enabled through a Firewall Rule:
Thanks for the insight. I will like to go with the second option.
But Mailpoet hasnt sent me an IP address yet, but they asked me to whitelist a link on my website. So can I substitute the IP address field with URL Full field, then follow all other suggestions? WIll it give same result?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.