I have a forums software setup on my site. It’s very low traffic - or it should be. I would expect a maximum of 30-50 users online at any one time.
I was getting hammered with bots - 4000+ connections at a time. With Cloudflare protecting the site, it’s improved, but sometimes it creeps up to 3,000 or more active connections! Obviously bots or scrapers.
If I enable “Under Attack Mode” then they all go away and its back down to about 30 to 50 users.
But all of the documentation seems to say “do NOT leave your site in Attack Mode all the time.” So what am I supposed to do to mitigate this?
I will add that sometimes I encounter the “Cloudflare Verification” message when visiting other sites, so do they have Under Attack Mode turned on all the time? Or is there some other way to cause verification of each visitor without using Under Attack Mode?
Really, I just want to enable this for the forums.example.com subdomain.