OMG HELP - My site is always under attack


#1

i am very new to this protection, i find it’s now working for me somehow?
people can see my ip and i am getting ddos all the time. can it be set up for me.
so my site can stay up


#2

Your server still has its IP address, so it’s possible for an attacker to bypass cloudflare and reach your IP address. I don’t publish my IP address, and I have a firewall set up to block everybody except Cloudflare.

What’s your domain?


#3

oops not working for me.
sorry my typing error. i am so stressed out., and without sleep.
how do i find an admin who knows about good setups for ddos attack undercloudflare


#4

page20.com


#5

Maybe @cscharff can answer this, but I see only one Cloudflare IP address for his site. Normally it’s two.

In Cloudflare’s Firewall settings, set your Security Level to High.

On your server, you may need to verify that requests are actually coming through Cloudflare. There’s a chance that the attacker is going straight to your IP address.

If you’re on a VPS or your own server, set up a Firewall to block everything to Port 80 and 443. Then open up access for only Cloudflare IP addresses.


#6

You are exposing your IP with a mail record!

Address: 104.xxx.xxx.xxx


#7

how do i protect that?


#8

Well. since Cloudflare doesn’t proxy other traffic than HTTP/HTTPS on several ports by default you have no chance. “Spectrum” might help

Anyway.

Is it a shared host?

I can’t access your page with the ip address only (forbidden) i need to add /page20.com behind it and i get redirected to your page.

EDIT:
ok, it seems it’s not only mail.

do you have a wildcard record? (*)

@page20news


#9

can your recheck it now i tried to fix it up


#10

my site uses wildcards


#11

what is the best way to protect the site HELP :frowning:


#12

You still have a wildcard record that’s exposing your server’s IP address.

It’s the server they’re attacking. You need to use a firewall on your server, but that’s not possible if it’s shared hosting.

If your site is important, don’t use shared hosting. Then you’ll be able to firewall your server so it can’t be reached directly.

Spectrum is Enterprise-only, so you need to come up with a server-based solution. Cloudflare can’t help you if your server is exposed, which it is.


#13

How do i hide the wildcard record A *
i use sub-domains for each city. Please I need HELP

I can change my servers ip


#14

Remove the * record from your Cloudflare dashboard if you don’t need it (should be on the top of the list) To protect wildcards with Cloudflare you need to be on an enterprise plan.

How ever, IF you are under attack they know your IP. This is something you must discuss with your Hoster.

Again: I can’t access your page via IP. I need to add /page20.com behind it and get redirected to your domain which is ptrotected.

Again my question: Is it a shared host?
Maybe your are not the target


#15

it’s not a shared host i own the server bare metal.
i need have sub domains to work on my site


#16

i took out the * till i can address the problem


#17

Then you should specify the sub domains instead of using a wildcard if there’s no special reason for it.

Depending on the type of attack you should further add some firewall rules and lock out as much as possible. At least you should allow HTTP traffic from Cloudflare IPs only. This will not prevent the attacker to reach the host but it protects your Apache, nginx or what ever you use from crashing.

Since the root cause seems to be found I’ll mark this topic as solved.


#18

too many sub domains to list


#19

This topic was automatically closed after 14 days. New replies are no longer allowed.