My site is under atack

What I need to do to protect my site from DDOS atack ?
I allready do Essential steps from https://support.cloudflare.com/hc/en-us/articles/200170196-I-am-under-DDoS-attack-what-do-I-do-
But site is down

What is your site? If there is a chance that your IP address ever leaked there is little you can do at this point, short of requesting a new address.

And I have messages “Failed to get zone (Code: 1102)”

which kind of attack? is it layer 7? do you see anything in your server logs? did enabled rate limiting? did you enabled I am under attack mode?

5kings.ru

Well, your site is behind Cloudflare and it does have a challenge enabled right now, however it cant connect to your server. What do your server logs say?

Is there any chance your IP address ends in 48?

Yes. address ends 48

In that case I’d advise to get that address changed. That address has been archived earlier, which could be in theory accessed by anyone who might want to attack your server, hence bypassing Cloudflare.

I see nothing interesting in access logs.
Many requests with the answer 502. Where to look?

Your log file shows requests with 502?

Yes. Access log show 502 error

Thank you!
I think you are right

A 502 in your log file would indicate a different issue though. It would seem your server actually proxies it to another server. Do you have such a setup?

No, I do not have this setting. I solved my problem by changing the IP address. My real IP was cached by some resources, because at first I didn’t use Cloudflare

That explains how someone might have bypassed Cloudflare and went straight for your server, however it does not explain the 502 error in your log file.

That error specifically refers to the case when the server acts as proxy and received an error from the upstream server. If you say you dont have such a setup you should not have a 502 error in your log file.

So much just as clarification, if everything is working again everything is fine of course.

In general, strictly speaking, the web server proxies to itself. That is, on the internal port on which processes are listening FCGI processes .
That is, the 502 response was given by the web server because it believed that those FCGI processes are dead, because they did not respond for a long time.

That explains it. Perfect!

This topic was automatically closed after 30 days. New replies are no longer allowed.