Getting DDOS'D FROM Cloudflares IP range... 172.64.0.0/13 specifically 172.68.146.40


#1

My server is under attack from a SINGLE IP: 172.68.146.40
So, I was able to click “Under Attack Mode” and that stopped the guy…
Wait an hour, turn it back to normal - 172.68.146.40 attacks me again…
so - I say “F it” and I go to my WEB HOST MANAGER in CPANEL, and use my ConfigServer Security & Firewall CSF FIREWALL and try to JUST BLOCK the single IP…
It says CANT BLOCK - the DAMM IP is inside the CLOUDFLARE WHITELISTED IP RANGE OF: “172.64.0.0/13”

SOMEBODY HELP ME!!!


#2

You could try email abuse AT cloudflare DOT com and let them know the IP address of your server and the IP address of the attack, though I suspect something else is going on. Cloudflare is just a proxy, so it’s most likely a misconfigured account here.

How many hits per second are you getting?


#3

I am getting like 10 or more per second - and it’s only to my Billing / Support system (that’s what they attack) - but somehow unless I click “I am under attack” cloud flare just allows the traffic constantly - I know who is logged in - so these are all failed logins - so I know they are just ddos


#4

Yes, you will see traffic from Cloudflare IP, but it isn’t Cloudflare that is initiating the request. If you have visitor IPs restored you can determine the true visitor IP address and block it. https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

You can also potentially use Access to protect the billing system by requiring login to visit the site/page. Or you could look at rate limiting as well.


#5

This topic was automatically closed after 14 days. New replies are no longer allowed.