I have been encountering recurring DDOS attacks on three websites I manage for the last year and Bot Fight Mode as well as international limiters are not bringing the problem under control.
I was told that the server may have been targeted by bots before I started working for this company, and the additional activity as I updated and created new websites drew their attention. The problem was “solved” when we paid for more server space so at least we don’t have crippling slowdowns while the attacks persist, but I would like a more practical solution.
Is this something I just have to learn to put up with, or is there something I could do through Cloudflare that I haven’t thought of yet? I am very new to cyber security and am not familiar with best practices, including how to configure the WAF rules.