Yesterday I went to my site and found it was not loading right the page was scrambled. usually this just means I need to clear my cache on my site and on cloudflare. or just cloudflare itself. From past experiences of being hacked I’ve learned that the page needs to be refreshed several times to be sure and tested with GT metrix.
One refresh and the page refuses to load. I get that 500 error where it shows the browser, cloudflare, and my site server. My site server has an X over it. So now I’m thinking i got hacked again. Having a backup, I delete the current site then restore it. It worked at first but when i refreshed it, it would not load again and I got that same 500 error. So now I’m curious about the other sites I have on the server that are subfolder sites, so I gp look and all of them are doing the same thing. Now my hacks are always the main site, I’ve never had my subsites hacked before. But i have backups so I delete all sites, restore them. Then again the page loads but when refreshed it won’t and the same 500 error.
So I go to cloudflare and start disabling certain things just trying out what maybe the problem. Then I decided to disable cloudflare altogether just to see and site came back up and refreshes just fine. Everything loads. I’ve tried different SSL settings nothing worked there. Turned off all the page rules, nothing there. Disabled a few other things, nothing there. Also when the site refuses to load on my browser, it also refuses to load for GT matrix. So it’s not a personal computer, IP or browser thing.
So here’s what i am thinking. My host must have updated something, added more security, or the cloudflare IP addresses some how got off the whitelist. Anyway, I e-mailed my host and included the page with the IPs on it. And also asked if any of the security has been updated. That maybe one of the setting thinks cloudflare is a actual hacker.
Any other ideas?
One more thing. Somebody accessed my site 20,000 times from a IP that traces to SiteGround.servers. I blocked it. I told SiteGround security about this and sent a screen shot of my evidence, they gave me the run around. I think someone there got pissed off at me because I cancelled within the 30 day period because there was zero help.
Right now Cloudflare is off, site loads just fine. Here’s the link if anyone needs to see code in page or something else. Site has been hacked 12 times since January. Cloudflare was the only way i stopped them. I hear Russia has a bunch of teenage hackers who are bored and have nothing better to do. So I blocked that totally. And man did that block spike traffic trying to get in.