Experiencing a DDoS Attack

Hey everyone, I was wondering if someone can let me know if I am doing the correct thing…

I received an email from my host saying:
Checking it we have found that load was caused by high activity in the horrornewsnetwork.net website (cronjobs + wordfence) [1], it looks like your website is under DDoS/bruteforce attack. As we can see, it is pointed to the server vis Cloudflare and we recommend to enable there the “under attack mode” feature.

In order to stop overloading of the server we had to disable web access to site - immediately load on the server has returned back to normal level. We have initiated malware scan on the server, but due to huge number of files under domain it will take some time.

I then asked if it was still happening and they responded:
Please enable DDoS protection in Cloudflare first, then we will try to enable web access to website and see if it still causes overload for whole server.

I then logged into my Cloudflare dashboard and set this, but I am not sure if that is right, or if I have to go into the rules and do something different?

Can someone please let me know?

Your host is asking you to enable Cloudflare’s Under Attack Mode.

Within your Cloudflare dashboard, go to the zone overview. In the upper-right, under Quick Actions, there’s a toggle switch for Under Attack Mode.

Is your origin IP 72.xx.xx.x? Are your DNS records for this domain proxied (orange-cloud)? It would appear as though your naked domain is a gray-cloud, which redirects to www via WordPress at the origin, and www is an orange-cloud.

If that’s the case, the attackers will likely have your origin IP as well. While Cloudflare can mitigate attacks that traverse their network, attacks directly to your origin bypass Cloudflare altogether.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.