One of my site is being attacked and the atack goes througth cloudflare network without being treated as suspicious activity.
How I know that is going throught cloudflare?
Looking at the information tab of my domain (here in cloudflare), I have normally 30K-100K request per hour depending on the hour, when the site is being attacked I could see more than 4 millons reques per hour registered here.
The “under atack” mode does not mitigate this either.
At first I have created a rule to block the countries from where the traffic was being originated, but after a few hours it seems that the atacker has updated his method and that does not work anymore.
The atack consist on thousands of requests to my dynamic urls.
Examples:
- search/{randomString}
- wp-loguin.php?redirect_to={randomString}
- wp-admin/admin_ajax.php
The only thing that is working is blocking the atacked urls altogether on NGINX.
How is that kind of trafik going throuth Cloudflare?
Yes, I am on a free plan, but I am willing to upgrade to a PRO plan if this kind of attacks are blocked.