VPS got DDoSed, site went down. No signs of DDoS in server logs. Why did Cloudflare go down?

Looks like Cloudflare did a great job of preventing the requests from reaching my VPS, as there are no server logs pointing to a DDoS.

However, the site still went down. This points to the fact that the Cloudflare server failed to serve my site when it was getting flooded.

Why is this? Do I have something misconfigured?

Thank you in advance.

Can you define “go down”? What error did you see? Did you continue to see requests from Cloudflare hitting your VPS and your web server serving them correctly?

1 Like

The site would load infinitely. Out of the 8,000,000 requests sent within the span of 5 minutes, none of them reached my VPS. CPU was unaffected, RAM unaffected, visitors did not spike

Actually spoke to my host which offers DDoS protection. Asked them why my site went down in the event of a DDoS. They said they checked out the server and saw no history of any DDoSes hitting the server (in addition to me checking)

Any WordPress website running without a proper cache configuration? I am just guessing …

Maybe it was the spoofed UDP flood which hit directly the IP? (for example, if exposed via A mail or MX records, if you run that service beside the web server on your VPS too, etc.)

Not exactly, but I believe it could be discussed. Otherwise, like If the ports were open, no Firewall on the origin host like UFW, the UDP requests were allowed, etc., again I am just guessing the scenarios.

How about the network?

Hopefully it was active and enabled.

Anyone else affected as far as you are running a VPS?

Would be good in future to install some kind of a monitoring service or agent, even the HetrixTools has got free and a good one to install the agent and get the alerts when anything occurs.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.