Getting down by DDoS

Hello, no matter what i do, when my site is being ddosed it’s getting down. I’ve under attack mode activated, bot fight mode on, some rules active, it doesn’t matter, they keep getting me down easily. They manage to bypass the protection. Before getting offline completly i can see on my forum that there are 120-150 guests online, obviously bots. How can i manage to stop getting down. I’ve tried absolutly everything, nothing seems to work. :frowning:

Does your server have a firewall configured to block any traffic that does not come through cloudflare.com/ips?

Yes, and the real ip is not leaked, even if you look in ip history or something, the only ip you can find are those from cloudflare

Until you can fine-tune your firewall rules, you may have to settle for a CAPTCHA. I also suggest you open a ticket. Post the number here. There are some support engineers online right now who can probably take a look immediately if your site is still under attack.

To contact Cloudflare Customer Support, login & go to https://dash.cloudflare.com/?account=support and select get more help. If you receive an automatic response that does not help you, please reply and indicate you need more help.

Can you show me how can i challange everyone that enters my website, like absolutly everyone has to do the captcha, the one with selecting images. Thanks.

I’d set up three firewall rules in this order:

  1. If it’s your Home IP address or “Known Bots”, then Allow. (Known bots are “good” crawlers Cloudflare trusts.
  2. If it’s somewhat trustworthy, like your own country, then JS Challenge. This rule is more of a placeholder for now as an intermediary step.
  3. If it’s your hostname, then CAPTCHA challenge. This is more of a catchall to stop the DDoS.

As you discover good traffic, you can move them up the ranks to your JS Challenge, or Allow rules.

1 Like

Thank you, i much appreciate it. Now everyone has to do the captcha and it kinda works. I will buy cloudflare pro anyway today maybe. Thanks again for your help.:slight_smile:

I like Pro, but it really doesn’t do much more for DDoS than Free.

2 Likes

Exactly this, PRO only helps against very poorly formatted HTTP requests, which is not the case for you. If they are showing as visitors (guests) and you have a modern forum CMS such as IPS, then it means these bots are in fact executing the javascript that is presented to them.

1 Like

What’s the URL?