My site was attacked for 5 days, my traffic went from ±8GB/day to 2.5TB a day
What steps have you taken to resolve the issue?
I’ve turned on monitoring with my hosting provider, but I’d like to know how the attack got past Cloudflare. It’s ended up costing me a fortune in hosting fees, and preventing bot attacks is the primary reason I use Cloudflare.
Was the site working with SSL prior to adding it to Cloudflare?
Check to see if the same traffic is reflected in your Cloudflare dashboard analytics. That will indicate whether the requests came through Cloudflare or went direct to your origin - ensure your origin only allows Cloudflare to connect to prevent Cloudflare being bypassed.
If in Cloudflare then take a look at the traffic and your settings to check you have rules in place for bots (Bot Fight Mode on a free plan, Super Bot Fight Mode on a paid plan - that latter is much more configurable), caching in place for any static assets and add custom WAF rules to harden protection if particular URLs or hostname are targeted. Challenging this list of ASNs in a custom WAF rule can help…
