We had an apparent Russian bot attack on Friday 15th 10am-1pm GMT which dramatically slowed down the site and produced Cloudflare timeouts. The same thing also happened on one occasion in December last year.
Looking af Cloudflare’s stats, there were various Russian traffic spikes from 10am onwards, at 1.15pm there was a massive spike to just under 14k visits from Russia, but by 1.30pm it dropped to 30.
Cloudflare’s Firewall tab showed a massive increase in Challenges during the same period, which all seem to originate from the “country” TOR (The Trouble with Tor), and most of which were served by the origin server, rather than CF.
Our webhost confirmed that our server was performing normally during that time period. But Google Analytics shows that our normal traffic was halved during the attack.
Our webhost has said:
“That all makes sense in terms of the clients being bots or certainly ‘not normal’ users.
This said, it still doesn’t explain why this would result in lower than usual analytics data for regular user types.”
Could anyone point us in the right direction about how to prevent such an attack in future? And why our regular traffic was so badly affected?