HTTP flood from cloudflare

Hi there,

I use Cloudflare, but another Cloudflare account has somehow got my server IP pointed its own domain to my IP address and is flooding me with connections from China. Because of this I can’t use any cloudflare features to block the connections, nor can I block the IPs at the server because I use cloudflare myself.

At the moment I’ve setup a 301 redirect on nginx to blackhole the connections to their domain, but that is still causing my performance issues.

Any advice on what I can do? I’ve put in an abuse report about the domain but it hasn’t been actioned upon.

 52 172.68.26.86
 52 172.69.67.98
 53 162.158.163.152
 53 172.70.254.116
 54 162.158.227.243
 55 162.158.227.237
 57 162.158.163.151
 57 172.70.143.22
 59 172.70.55.60
 60 172.69.55.142
 60 172.70.55.59
 62 172.70.143.21
 70 172.70.82.202
 75 172.69.55.133
 77 172.70.82.203
 78 172.69.55.132

ss --numeric -o state time-wait | wc -l
27388

Any advise would be very welcome.

If anyone is interested the offending domain is nosec.shitflare.asia

Try using an authenticated origin pull with your own certificate to make sure only the Cloudflare connections for your domain are accepted by your origin. These happen early at the TLS handshake so each connection should result in less effort by your origin to reject them.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.