Possible DDOS attack


If I enable Under Attack Mode I understand this will stop a lot of the visits to my site, however it will also affect my customers as they will have to complete a Gotcha to enter the site. It will cause an adverse affect on my SEO and rankings.

How long do I need to have Under Attack Mode enabled?

You can actually dive into the analytics and look at the source of the attack. Then, create a firewall rule to JS challenge the specific traffic source based on your findings, so you don’t have to enable I’m Under Attack! mode all the time.

1 Like

Hi Eric,

Appreciate the response. I’m not very technical is there an easy way to do this?

I am currently on the CloudFlare Pro Plan.

I don’t think so. This requires some analysis to be done.

Since you are on Pro plan, you should be able to find out which country or ASN is sending a lot of attacks to your website, by looking at the Firewall events (below screenshot is an example)

And then from the analysis, create a firewall rule that looks like this:

This is just an example, but you can craft your own rules based on your requirements.
By doing this, you can narrow down the number of visitors getting challenged by Cloudflare instead of everyone.

1 Like

Hi Eric

Thanks for your help with this.

I see traffic coming from Ukraine, Tor & Lativia.

I’ve set up this rule, does it look ok?

If you don’t have any visitors or customers in these countries, you can safely block that. Otherwise, JS challenge or challenge can be used too.

1 Like

Thanks for your help Eric

I noticed that I have visitors from TOR.

Is there anything I can do with these?

1 Like

If you want to prevent Tor users to access your website, you can block them as well.

1 Like

Cool, thanks.

Which Rule do I use to block these?

Just add to the existing rule should be fine.

1 Like

Hi Eric

Thanks for all your help!

Like this?

1 Like

You are correct.


Thank you!

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.