Insane cloudflare response causing DDOS like effects

so, earlier today, I ran a scan on vladhog.ru, with permission obviously, me and the owner are working on a feature, and I offered to do a security vulnerability scan…and we both lost connection about 3-5 minutes into the scan, like we were being DDOSed until the scan was aborted, after which, recovery took approximately 15 minutes or so, according to vladhog.ru’s owner.

his systems received over 400k requests in the span of minutes(I do not believe I am capable of that many within the timeframe).

It appears that somehow, the requests from the scan were somehow amplified to a level capable of actually being harmful, not only to vladhog.ru’s systems, but also to my own.

neither of us have any idea what happened, so any and all insights would be amazing.

The described sounds to me and familiar behaviour like known tools and services does for WordPress for example, probing with 50k+ requests in minute or two.

Nevertheless, may I ask if you the device IP which was running the scan was allowed at your zone / domain, otherwise sounds like it triggered Cloudflare’s DDoS response which is a good thing if it happened, obviously.

If it passed-in, not triggering some Security Settings, then you might want to double-check and tune them to the level where you’d block that kind of requests, someday, hopefully, not causing you the harm and the time needed to get back online.

How does that relate to the Cloudflare?
As far as I am aware, Cloudflare doesn’t offer “scan tool” for that kind of context.

If you’ve used 3rd-party tools or services, I’d suggest contacting them about the behaviour they’re using, producing and learn more about how do they work.

So uh, we BOTH got knocked off the web, so cloudflare couldn’t have been working right, unless DDOS response is explode the network on both ends,lol.

as for the scan tool: rengine. I’ve scanned cloudflare websites before, with 0 lashback or ill effects, so I have no idea what’s up with this incident.

Interesting, by the description of that tool, you could end-up baking your CPU or NIC like that, if so.

reNgine is an automated reconnaissance framework for web applications

I do suppose wordpress could have absolutely had something to do with it…hmmmm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.