New account not blocking traffic

Hi,

I’m under a DDOS attack. Everything I’ve done has not stopped my server from getting hit with requests. The mounting load on my server threatens about 80 other sites that are not having issues.

Here is what I have done:
Overview > Under Attack > toggled to “On”
Firewall > Settings > Security Level = “I’m under attack”
Firewall > Settings > Bot Fight Mode > toggled to “On”
Firewall > Managed Rules > Web Application Firewall > toggled to “On”
Firewall > Managed Rules > The following are toggled to “On”

Cloudflare Flash, Misc., Php, Specials, Wordpress
Firewall > Firewall Rules > created the following

Know Bots or Country=Hong Kong :: Block
Country=Singapore :: Block
Firewall > Tools > Rate Limiting Enabled

The bot traffic from Singapore and Hong Kong continues. What can I do to stop it?

Thanks,
Daphne

Did you verify these requests do not hit the server directly, bypassing Cloudflare?

Whats the domain?

Domain: onthechisholmtrail.com

I don’t know what you mean by “did you verify these requests do not high the server directly, bypassing cloudflare?”

I have wordfence on the site that shows a live feed of ips hitting the site. That is all I know.

Is your server configured to only accept connections from Cloudflare? If not it would be easy for them to connect directly and everything you configure on Cloudflare wont have any effect.

I have about 80 sites on the server. I only want this one to go through cloudflare. Wouldn’t what you are suggesting be an all or nothing option?

That is correct, but by keeping your server accessible from outside Cloudflare you make it vulnerable to such attacks. What you could do is configure a block on a web server level. That might not be as secure as a firewall block but could still block direct requests.

For starters you should however also check if the requests in question do come via Cloudflare or not.

1 Like

Can you go to the site. It is cached on my server but others are seeing that there is no ssl? I have it set to Full. I’ve tried all of them but the site is down. When an SSL check is done on line it says no ssl is installed.

Is the last digit of your server IP address 2?

Yes it is

the ip assigned to the domain is 66.219.107.162. The server I have it on is 66.219.109.126

This is not quite clear. Why did you mention two IP addresses now? Which one is the correct one?

Also, on 162, the certificate has expired. You should renew that.

I thought cloudflare had its own SSL so I uninstalled the dedicated SSL from the site. Should I reinstall?

Definitely, you need a certificate on your server. Cloudflare wont cover that.

I turned the SSL back on, tried to get to the site from my phone and got an error 522 connection timed out. What do I do now?

For starters

first one ending in 2

Alright, in that case you seem to have a valid certificate again, but now there is a certificate issue on Cloudflare. Have you disabled anything on Cloudflare? Can you post a full page screenshot of the SSL page?

Thats not really a full page screenshot. Also, it should be specifically of https://dash.cloudflare.com/redirect?zone=ssl-tls/edge-certificates

Alright, that explains it. Your proxy certificate is currently pending.