[just asking] 600k request and cloudflare is down?

My webpage last night get attacked. So hackers did ddos (botnet…etc i dont know) and i see 600k request on panel and my webpage is down 10minute~. So why im using cloudflare? How can i block like this attacks? Any help please ty.

they cant automatically block all the bad traffic as they cant know which is what, but you have all the tools you need to block them and survive the attack, there is many topics about it if you need tips

  • rate limiting
  • I am under attack mode(not working with api routes)
  • firewall rules
  • IP Access Rules
  • User Agent Blocking
  • full html caching
  • worker
  • countries based rules

like:


or

5 Likes

I didn’t find this words reliable. So he mean, free version is useless and we should get to enterprise version?
Firstly cloudflare should be secure my free versions, maybe i’ll after think to bought some upgrade.

Also the free plan doesn’t guarantee uptime and no one at Cloudflare will look at the attack you are facing and will provide specific help.

Also i’ll try thats:

  • rate limiting
  • firewall rules
  • User Agent Blocking
  • full html caching
  • worker
  • countries based rules (i cant do this because %60 request on america, i can block google wrongly )

thank you for reply.

it’s not useless, me and others stopped attack like this easily with cf, but if you don’t have any technical knowledge and the rate limiting not helping you, yes you will be in problems…

the first thing I advice you is to enable “I am under attack” and rate limiting, after that get logs working, the easiest way is through Logflare


https://logflare.app/

3 Likes

if you need USA only for bots you can create firewall rule like this:

(ip.geoip.country eq “US” and not cf.client.bot)

Then…:

challenge(captcha) or block depends on your site

challenge is more safer

2 Likes

Cloudflare can and probably did mitigate most of the problem. However, Hosting Companies usually have a low tolerance for all traffic (especially with shared hosting).
CPU usage, I/O usage, physical memory usage, the number of entry processes and the number of processes can easily trigger downtime.

Have a close look at your logs and the posts provided by @boynet2.
If using WordPress, search “harden WordPress” *pay close attention to the date of the articles and do the same with Apache or Nginx which ever you’re using.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.