We are being DDOSed again, and cloudflare is catching most of it so the site is still usable. We are tweaking the settings of our DDOS protection to make it load faster

submitted by magnora7 from (self.SaidIt)

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 7 insightful - 2 fun7 insightful - 1 fun8 insightful - 2 fun -  (7 children)

Did you get a bunch of 429 responses too? Nginx rate limiting should have caught you.

[–]notaddos1 5 insightful - 2 fun5 insightful - 1 fun6 insightful - 2 fun -  (1 child)

Yes, although when we noticed the 429s, the other IP addresses that we didn't have also returned 429. Are you sure you're limiting the real IPS, not the IPS cloudflare?

The end point does not matter. Any url, the url contains a random xxxxxx number that is appended at the end to avoid some caching

[–][deleted] 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

Thanks. Yeah the rate limiting is supposed to act on visitor ips not CF ips, but maybe it's misconfigured.

[–]notaddos1 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (4 children)

If the attack is real we most likely hit / login / with a unique POST so no cache

503 when commenting very annoying. we have to try 10+ times to succeed in comment

[–][deleted] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (3 children)

503 when commenting very annoying.

??? The site is messing up now, post attack?

[–]notaddos1 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (2 children)

we think increased cloudflare protection why. from tor

[–]Mnemonic 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

Tor can access, that's how I'm here :D

[–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

Hahaa so you DOS the site for an hour, take it down, then come on and complain about Tor access. Got it.