Why are my threads being closed? I need community support. I'm not breaking rules

Hi,

I implemented the “rate limit” and it has stopped the attack but has turned almost every image on my site into a broken image (won’t load). I know this is because of the rate limit rules because rate limiting was the first thing I attempted at the start of the attack and noticed when it’s implimented the images don’t load.

How can I fix this issue? Do I get another VDS for just the images? I need a solution not just a bored mod to lock this thread. I will report Laudian to other cloudflare community admins if it happens again.

Thanks

The topics were closed as they’re all related to the attack. In an effort to keep the discussion focused they were closed.

In reviewing them, there are some open questions.

Did you change the rate limit to see if that corrects the image issue?

Can you share the name of the site?

On that thread about the attack you confirmed the attack was being reduced. What requests are getting through and what additional steps have you taken to block or challenge those?

Are you blocking or challenging by ASN and user agent in addition to country?

Some additional resources that may be helpful https://www.cloudflare.com/learning/ddos/how-to-prevent-ddos-attacks/, How to prevent DDoS attacks · Prevent DDoS attacks · Learning paths and this one is a good entry point that will lead to some of the above resouces.

If it’s traffic from a country where the challenge by geo and blocks by ASN or user agent are not effective, you may want to block that country until you can refine the rules.

Sharing the site name will help others to check that. Until then, you may want to clear browser cache or try from a different browser to verify the results you are seeing.

1 Like

Attack mode does absolutley nothing.

I currently have 90% of the globe blocked, rate limit set to 10 per 10 seconds (breaking all the images) DDos in the security rules set to HIGH and attack mode on. The moment I get rid of the rate limit even with the other settings, my server goes down. This is a full scale attack sending 300 million requests a day. I’m looking for a way where the rate limit doesnt break all my images on my site or another method I’m unaware of burried in this extremely complicated software.

even with rate limit set and all those rules employed the site is being taken down via ddos. Does cloudflare just not work?

Could I buy multiple servers and have cloudflare direct new clients to ones that aren’t being attacked?

You could load balance between multiple servers, but I don’t think that is the solution.

Are the attacks on your origin and bypassing cloudflare? If so, you can take a couple of steps, this is the first, Authenticated Origin Pulls (mTLS) · Cloudflare SSL/TLS docs. Next, you can take steps on the origin so that only traffic from cloudflare is allowed, Allow Cloudflare IP addresses · Getting started · Learning paths.

And, on one of the thread I’d mentioned a big hammer, have you tried to block country of origin as opposed to challenging?

1 Like

Are the attacks on your origin and bypassing cloudflare?
Not sure what that means, I’m not a cyber security expert

[Authenticated Origin Pulls (mTLS) · Cloudflare SSL/TLS docs
I need someone I can pay money to, or can tell me for free hat to enable step by step this software is extremely complicated and my site will be destroyed before I learn it

I blocked 90% of the world but the attacker has aquired a botnet with mainly USA/UK ips now and thats whats hitting the site. I cant block those countries because thats my target audience.

1 Like

I’d challenge the countries, that will affect traffic you want, but it will slow them down.

Next, it sounds like you can identify the traffic in your logs for the botnet IPs you mentioned. Block those ASNs & IPs. Once you have rules to block them you can stop the challenges by country to allow traffic you do want.

We need the following to be able to help you

  1. Unique visitors visiting your site during the attack:
  2. Unique visitors that normally visit your site:
  3. Percent of requests cached:
  4. Firewall Events overview: (Image)
  5. Firewall Top events by source (image)
  6. Activity log: (Image of at least five random examples with status BLOCK, CHALLENGE or CAPTCHA)
  7. Current plan of Cloudflare:
  8. Custom firewall rules that you deployed (if any):
3 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.