I’m looking for a bit of advice on a website of mine which I have hosted with Digital Ocean.
Currently, DNS resolution is done through CloudFlare to hide the server IP. I also have SSL enabled (Flexible). After a week of running my site, it got taken down by a DDOS attack (xml rpc attacks). I blocked the IPs, but a day later, new ones came along and took it down again. I was given advice to change the server IP, bc somehow it was found. After migrating the site over to a new server and IP, it got taken down once again. I implemented a change recently on the server to block all requests to */xmlrpc.php. We’ll see how this goes.
I assume these attackers are just scanning and targeting random IPs. I checked my CloudFlare logs and I don’t see any of the attackers source IPs, meaning, they are simply bypassing CloudFlare and attacking my server directly. Does this defeat the purpose of having CloudFront protecting my site?
I researched a bit online and I was recommended to implement a ddos protected IP/tunnel. I checked out Argo Tunnel which sounds like it will do the trick. My question is, will I run in to the same issue as I’m currently facing? With an Argo Tunnel, will DDOS and Brute Force attacks directly to my server IP be accepted or dropped by default?
Any advice or suggestions would be appreciated.