Help with DDoS attacks please

Hi!
I’ve been getting DDoS attacks for several weeks now causing my server to crash or run too slow. Cloudflare was recommended to me and it improved my situation but did not completely resolve it:

My website works fine when “Under Attack” is activated but the orders that my clients place are not sent automatically since the APIs are blocked. When I select High Security Level, my website starts to slow down or crashes due to these attacks … What solution can you provide? If I upgrade my account to PRO, do I get any way to completely avoid these attacks?
My website is hosted on a VPS with Cpanel. Hopefully you can help me, thank you.

Hi @rojo-ezee,

You could start narrowing down who you present the Javascript challenge to. If that is stopping the attach, you could create a firewall rule with an action of JS challenge and challenge everyone unless they meed certain criteria. You would need to look at your logs to see what requests are not going through and need to and then create the firewall rule accordingly.

1 Like

CF Pro and higher account will allow you to utilise CF WAF (web application firewall) which has preset rules you can use and enable additional ones for your web site which may help depending on the attack. Pro also has higher page rule and firewall rule quotas so you can configure custom rules for your particular web app’s targeted urls by the attack.

You can also enable Bot Fight Mode https://blog.cloudflare.com/cleaning-up-bad-bots/ on free plan and pro and higher

Example WAF rules for Wordpress

OWASP rule sets

Firewall events that are caught from various WAF rules

But this depends on the type of DDOS attack, layer 3/4 network layer is what CF automated protection focuses on. Application layer 7 attacks are not fully automated.

Cloudflare has no way of automatically knowing what your application is and whether it’s a legit request/traffic type for your application. You’d have to tell Cloudflare what is legit or not via CF WAF/Firewall Rules or custom CF Worker based logic. But Cloudflare isn’t useless, as there are other DDOS attacks at a network level which can be even more costly to defend against where Cloudflare helps for such attacks.

But if your real origin server’s IP address is exposed or leaked, then CF won’t be able to protect you as they can bypass CF proxy and hit your origin server directly. You can further secure your origin using CF Authenticated Origin Pull https://support.cloudflare.com/hc/en-us/articles/204899617-Authenticated-Origin-Pulls and/or firewall configuration on origin server to prevent all traffic other than CF’s IP addresses https://support.cloudflare.com/hc/en-us/articles/201897700-Allowing-Cloudflare-IP-addresses

1 Like