Our website experiences daily downtime for many months. Error logs suggest the site is experiencing thousands of hits from multiple IP addresses. I enabled Cloudflare service on Dreamhost as suggested by Dreamhost support to mitigate downtime. I’m still recieving this error after the move to Cloudflare.
Dreamhost now say’s the issue is on Cloudflare’s side.

Receive error code (HTTP 200 - OK).
I would like to know the steps to resolve this issue.
Please note: I could not find the correct category for this topic.

Thank you,
JR

Hi, I don’t think Cloudflare can do much if the downtime is caused by your origin server.
If your site has a lot of visitors and your server is overloaded then downtime will occur.

If you believe the thousands of requests are due to DDos attacks, then Cloudflare can handle it. But…
If the attack is directed to your origin server IP then Cloudflare can’t do much.

What error message do you get from Cloudflare during downtime?

keizha
Thank you for your response. How do I determine that these requests are DDos attacks?
Dreamhost support say’s “The top 7 IP addresses visiting the site are bots”
Are bots DDos attacks?

I was told that moving to Cloudflare offers:
“Bot and Threat Protection - Identifies malicious threats online and stops the attacks before they ever get to your site.”
Dreamhost also updated the .htaccess file to discourage bots but the ip addresses keep changing.
I will monitor my Cloudflare messages during downtime. I have not done that as yet.

You should check your logs and find ways to reduce the load. If it’s wordpress there’s your culprit.

Thank you, can you let me know which logs I should look at? the CMS is Joomla but I don’t have this issue on any other Joomla site that I run.

I think they are just saying this to avoid putting in any effort to solve your problem. It’s easier to blame another party rather than help you solve the issue.

Start with the most basic low level stuff, being to determine if its your hosting thats experiencing downtime due to their servers rebooting, or maybe Apache or MySQL loss of service. Or to determine if its downtime caused by Joomla.

To determine above, you could setup a cURL script that will probe your Origin directly (bypassing Cloudflare) to hit a simple test.txt file (doesn’t use Joomla), and the home page of your site (which uses Joomla). Run it in a loop every few seconds and log the results.

If you find that the probing completely fails during those downtime you’ve been experiencing then its likely your Origin server is going offline, or experiencing a loss of service on Apache.

If you find that the probing continues to work fine on test.txt but fails on the home page of your site then it narrows down the diagnostics a bit more. It’s then either an issue with something in Joomla or a loss of service on MySQL (or equivalent DB service).

If your using Cloudflare then hits should not be going directly to your Origin server. You might have a misconfiguration on Cloudflare such as an unproxied record for www but proxied for apex. Or you might indeed be getting attacked or having excessive bot hits to your Origin.

This may or may not be related to the frequent downtime issue you mentioned. If your hosting resources are being overwhelmed by these hits thats causing downtime then yes, but “thousands” of hits shouldn’t be a problem that would cause your site to crash and experience downtime.

If your host provides SSH access then login and run the “top” command. Keep an eye on that.

If these bot attacks are overwhelming your Joomla then you can request an IP change and/or lockdown your server to prevent anything but Cloudflare from communicating with it. If you do get an IP change then make sure you don’t leak your origin IP again through misconfigurations on Cloudflare.

I’m not sure how tech savvy you are so hopefully you can follow what I said above, if you need additional help or clarification, just ask.

Hi!

Then you must have firewall rules that prevent bots from accessing your site. Enable Bot Fight Mode (Firewall > Bots), then use Firewall Rules to control incoming traffic to your zone by filtering requests based on location, IP address, user agent, URI, and more at Firewall > Firewall Rules.

I.e

(http.user_agent contains "bot") or (http.user_agent contains "crawler") or (http.user_agent contains "Baidu") or (http.user_agent contains "python-requests") and not http.user_agent contains "bingbot" and not http.user_agent contains "Google" and not http.user_agent contains "Twitter" and not cf.client.bot)

Etc… Etc… Etc…

You can block or challenge any user agent you want.

Thank you Keizha, I have implemented the steps you provided. I really appreciate your direction.
Thanks to all others as well who have responded to resolve our issue.

It usually occurs when our server does not respond to visitors. I think first, you should check the hosting of your website and then check the others issues and Cloudflare handles DDos attacks you should first, confirm your issue of downtime.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.