I'm still being Dosed

i had free cloudflare, i bought pro plan, because i was being dosed with crappy botnet, i thought pro plan is guaranteed and it would protect my site, but some kid is still using crappy weak botnet and easily taking my site down, what is this about…?
any help?!

you protection isn’t even helping by anyway, please check for me what they’re doing and block it

Can you provide details of attack and what you have done to prevent it? Just enabling CF doesn’t not protect you.


they were using botnet, i could tell by the huge visits and requests from checking cloudflare…
i stopped it by locking the directory of my site, i used a password on it…my site is lsgamerz.net if that’s needed

what can i do to secure and stop it?
i have pro plan

You might try enabling the WAF and reviewing the other steps.

1 Like
1 Like

I have enabled what i could using those 2 threads you guys sent me, i will be waiting and see if any ddos attack gonna happen again.

1 Like

it’s like i never enabled anything, attacks coming back even stronger…


4 pages of guests (bots) i tried blocking all their ips through the firewall tools, stops the attack for 1 sec then bots connect with new ips and new everything, after like 15m i rechecked the website i found there’s still 68 bots in the site, waiting to attack, I’ve been stopping their attacks using directory privacy, i locked up my forums with a password to stop that BS but as soon as i unlock it it gets down, with this error :
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [email protected] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

Apache Server at lsgamerz.net Port 443

if you need access to my website or anything tell me, i need this sh** solved, please discover wt.f they’re using and block it

Are you able to confirm that all the requests show in the firewall events list in Cloudflare, and that they are not bypassing Cloudflare and going straight for your site?

Have you got it configured on your server to only allow connections from CF IPs so they can’t bypass?

1 Like

how do you know its ddos? cant it be legal visitors to your site?
how many requests you are getting?
how many requests each of them make by average?
why they not get blocked by the rate limiting?
what is their user agent?
which countries?
so many questions

yes everything is in events log, but it just says it blocked IPs

about user limiting, i already bought pro plan and I’m not going to spend another 10$ on some sht that won’t secure or stop the attack, if there is something guaranteed and going to stop whatever they’re doing I’d pay, I’m not going to buy anything else from now on until it’s guaranteed, i aint going to throw money just to test

only 36k attacks blocked from 2.2million bruh

this BS isn’t legal visitors

Are you able to post a screenshot of https://dash.cloudflare.com/redirect?zone=firewall

It will look something like:

You can redact any sensitive info.

You could try a firewall rule like this:

Replacing YOUR IP ADDRESS with your ip.

This will show all visitors through Cloudflare apart from you a reCaptcha, and we can see if that slows it down / stops it.

my ip address you mean my site’s?

you need to understand that we are not cf support here so no reason to talk like that

so you have 1347 ips who generated 560,000 requests(where did you get that 2.2 million from?) anyway rate limiting is the best tool for this job by the info I get…
I dont think the pro plan you bought as anything to do with layer 7 ddos attack, if its worth it or not its your choice

I meant your own IP address of your device / connection so that you can still access the site as normal without the challenge.

1 Like