Getting 522 errors on random times only

Hello to all the Cloudflare community.
I am getting HTTP 522 errors since 27th January 2021 on my website mastercoria[.]com. I already visited the 5xx troubleshooting page of Cloudflare and did so much diagnostic, and I’ll explain to you what I found:

  1. My hosting is not blocking Cloudflare IPs (I asked them).
  2. keepalives are enabled and correctly configured in the hosting (I asked them).
  3. Cloudflare is pointing to the correct DNS since Cloudflare was correctly configured in the hosting (partner) via CDN.
  4. Discovered: Webserver is getting down and shows 522 error, but…

I discovered that My webserver is getting down at random times, you can check it here: https://statuspage.mastercoria.com (UptimeRobot).
As you can see, these events started on Jan 27th continuously:

In my hosting account memory usage, I can see that my server is getting down and by those times, it shows error 522:

I am not achieving any limits… but the estranging thing is that my server uses an average of 100-120 MB of ram continuously and before a downtime, occurs a peak. In Cloudflare stats, I can see that it logs the downtime:

You can see on statuspage.mastercoria[.]com that downtimes are random and not fixed… When I activate the IUAM, the server stops getting down as shown in the first photo. My hosting said that it is probably that someone is attacking my website via DDoS because the hosting’s defend system activated Null routing to the IP by those times.
I bought the Cloudflare Pro plan and by the first instance, it didn’t solve the problem. Now, I got deep and activated the IUAM (I’m Under Attack Mode) mode and saw the following things:

By the pass of the days, threads are increasing, now (9/03/2021) stats of security are the following:
(By this moment, I reached the limit of a new user, PLEASE open in new tab removing “[.]” to “.”).

aws1.discourse-cdn[.]com/cloudflare/original/3X/b/6/b6da05e16013ad88182aff7e578053c638691367.png

In my firewall stats, I see the following:
aws1.discourse-cdn[.]com/cloudflare/original/3X/9/8/98078452dbe8c3243dc2dbee65fce474518215a1.png

As you can see, a lot of requests are arriving at the file l2[.]mastercoria[.]com/sw.js, and I applied a JS Challenge first to the sw.js file, and it didn’t stop the problem, then Block all requests to the sw.js file, and didn’t work… then I applied a JS Challenge to the entire l2[.]mastercoria[.]com subdomain and it didn’t stop the problem… And when I activated IUAM to the entire mastercoria[.]com the problem stopped… But as you can see, there are no many requests to other subdomains.

I DON’T KNOW WHAT TO DO ANYMORE… These are the things I already discovered since 27th Jan till now…

I am asking for advice on what to do in order to not use IUAM forever and stop these threads. Thank you for your help and support.

This could be related to PHP?

Do you have any caching setup at your host/origin?

Maybe you have some openned ports?

Obviously via your host IP address or how else could it be? (via Ajax possible …)

This when activated, challenges everyone trying to access your Website.

sw.js is a service-worker or?
If so, what does it do?

I cannot be sure, but 522 errors are related to host/origin mostly:

Have you tried writing a ticket and contacting Cloudflare support due to your issue?
Login to Cloudflare and then contact Cloudflare Support by clicking on the Get More Help button.

I just have a cache plugin for WordPress at blog.mastercoria.com
I do not have another cache on other subdomain.
My hosting offers me a cache for my entire domain, do you recommend me to activate it?

Yes, it is a Service Worker. It is from AdMaven ad network, and use it in order to show Push Notification Ads in that subdomain, but I don’t know why I am receiving a looot of requests to it. I tried challenging and blocking requests to the file without success.

This topic was automatically closed after 30 days. New replies are no longer allowed.