As I understand Cloudflare can only protect against DDoS attacks if the attacker is sending the traffic to the domain, not to the IP directly. So if the attacker discovers the IP the Cloudflare orange cloud is useless.
Was there not a blog post or other announcement that the proxying of other services are being worked on? Pretty sure I saw a beta signup somewhere around here. Sure staff will chime in but this will almost certainly only be available on the upper paid tiers, I’d imagine due to the added complexity on the Cloudflare side. Have a search.
If you’re only one ftping in you can leave off the ftp dns record completely and setup a local hosts file edit on your pc to bypass ISP dns. So only you know of and can access via ftp hostname.
And/or just ftp in via real ip address and do not setup ftp dns record at all.
We are several developers working from different remote locations on the same website. That’s a reason why a local solution is not practical.
Also, the hosting provider changes the IP every so often. Giving the developers the updated IP each time would be a solution, but it’s not nice.
Currently we use a ftp subdomain with a CNAME record. That works perfectly with the regular IP changes. Also we use a different name than ‘ftp’. So it is kind of security through obscurity. But you know, security through obscurity is not the right way to try to make something safe.
Right now the decision is convenience vs. security. And with our current setup I’m still opting for convenience. But I’d really appreciate if Cloudflare would find a way, like for the web services, to combine convenience and security for FTP / SFTP.
woah never heard of a web host who changes the ip for a site frequently ! Why do they do that ? Wouldn’t it be easier to switch to a web host who doesn’t do that ?
So far, it happened once or twice a year. Reasons that I know of were:
Switch to a machine with better performance.
Datacenter got DDoSed. Seamless move of the website to another datacenter.
Other, unknown reasons.
This is a managed WordPress provider and especially the seamless move from one to another datacenter when they got DDoSed was fascinating. Just 15 Minutes downtime for the website. Almost two weeks of downtime for the DDoSed datacenter (Linode Christmas 2015). Our web host takes its job very seriously and I wouldn’t switch just because the IP may change from time to time. They do a really good job.