Hey, i run a social media platform based on “Mastodon”, so someone decided to Attack this platform, but not by directly accessing the site, but using a different social media Platform to constantly access my Profile, and thus slowing down the site till it not longer works, my profile is getting accessed 28 times per second from a lot of different IPs.
i tried rate-limiting - no luck
DDoS Protected IP - no luck
fail2ban - no luck
so i setup cloudflare (mind you i got no experience with cloudflare and only medium server experience) but the attacks keeps coming in, does anyone have a clue how i would need to setup cloudflare for this?
Then look at WAF events to determine identity the attacks to see if you can identify characteristics you can use to block - country of origin, IP, or ASN are good places to start. With DDoS attacks where multiple IPs are used it’s a bit trickier. Once you identify attacks, block or challenge the attack traffic with a WAF rule.
It may be the attacks are hitting your origin directly and bypassing Cloudflare. In that case, ask your hosting provider to configure your server to accept requests only from Cloudflare.
" No SSL certificates were found on mapsupport.de. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server’s firewall."
but my SSL Certificates are managed by my server and letsencrypt (i deactivated it in cloudflare) and are up to date.
If you want to use Cloudflare’s features, then your DNS records must be proxied and in turn that will require you to use Cloudflare’s SSL if you want HTTPS. If you have a Business or Enterprise plan, you can use Cloudflare’s SSL and upload your own certificate for use on the edge.
Ensure Cloudflare’s SSL/TLS mode set is to “Full (strict)” so Cloudflare validates the SSL certificate on your origin when it makes connections.
Enabling Universal SSL will generate the certificate.
Likely then that requests are passing through their Cloudflare account and not yours. If so your site is already DDoS protected but any settings you make in your Cloudflare account won’t have any effect as requests don’t pass through it.
As above, it looks like their protected service is over Cloudflare. I’m not familiar with it, but I guess if you disable that feature and they then give you a non-Cloudflare IP address to use, you can instead use that proxied in your Cloudflare DNS and then all requests will instead go through your Cloudlfare account and settings before going to your origin IP address.
Thx, i set the IP to normal and now have it run over Cloudflare, i deactivated the Attack Mode (still dunno how to read the WAF Site), hopefully it helps i cant keep the Attack mode running all the time as it might cause issues with the Federation of other Instances running Mastodon, Pleroma or misskey (other social media platforms)
