I am sorry to hear that, but that seems to me as a great potential of a WordPress DDoS attack someone tried
I would strongly recommend to create a Firewall Rule
to block each URI request which contains xmlrpc.php
- of course, if you do not use it (or any other plugin).
Furthermore, there are some more suggestions how to protect WordPress website using Cloudflare
- CloudFlare Firewall ile Wordpress Güvenliği Nasıl Sağlanır?
- How To Protect WordPress with CloudFlare Firewall Rules - Kazimer Corp
- How to Use Cloudflare Firewall Rules to Protect Your WordPress Website - Silva Web Designs
Therefore, some Firewall Tips are published here:
Depending on the attack type, if user-agents, crawlers, etc., there are few I would recommend to add to your Firewall Rules
, like the posted here:
Using the search :
May I suggest looking into below articles (if not already) due to the specified issue of 522 timeout:
How about checking if Cloudflare is allowed to connect to your new VPS, in case any firewall settings/configuration changed?
Kindly can you re-check if Cloudflare is allowed to connect to your origin host to as follows in the below article:
https://support.cloudflare.com/hc/en-us/articles/201897700-Allowing-Cloudflare-IP-addresses
Nevertheless, Cloudflare IP addresses list can be found here:
In case you saw Cloudflare IP addresses in your log files, I would recommend below article to restore the original visitor IP address as follows:
https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs