Request flood based attack

Over the past two weeks we’ve seen an odd attack that Cloudflare is passing to us. We normally deal with 6.5 Million requests per day via Cloudflare but somehow someone is throwing 20 Million at us in an incredibly short time choking our Nginx temporarily. Whatever this is does not seem to be a bandwidth based attack its just pulling data at a rapid rate.

We’ve checked the CF WAF and there does not seem to be anymore we can do with that to help.

CF Rate limiting is not really cost effective (for us) with the amount of requests we have as for 201m / into 10k blocks x 0.05 would be $1,000 p/m for an annoying blip now and then.

Before we spend the time jerryriging the I’m under attack API to something to detect this does anyone have any idea what the heck this is?

thanks in advance

Figuring out what kind of request flood is being sent to your application would probably be your first step. I would probably contact Cloudflare support, to see if the IP’s being used to flood your network are all the same or random, etc. That way you can come up with a plan on how to stop this type of attack. Utilizing “I’m under attack” isn’t a bad idea too… that will help to stop the performance loss you are getting from these requests.

You need to add image verification on your form, otherwise its too easy to flood even 1 victim visitor could be used in attack with like 500 requests per second.

This topic was automatically closed after 30 days. New replies are no longer allowed.