Discover Centmin Mod today
Register Now

Cloudflare Cloudflare Announces Unmetered DDOS Mitigation For All Plans

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Sep 26, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    51,969
    11,976
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,473
    Local Time:
    5:53 AM
    Nginx 1.25.x
    MariaDB 10.x
    Good news, Cloudflare made the announcement on their blog that all plans are getting unmetered DDOS migitation protection https://blog.cloudflare.com/unmetered-mitigation/ :cool:

    upload_2017-9-26_5-39-51.png

     
  2. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    8:53 PM
    1.9.x
    10.1.x
    How does Cloudflare protects from Layer 3 and 4? I never understood that. A layer 4 attack is an attack directly to the server IP in order to full the network bandwith causing a denial of service. If we attack the server IP, Cloudflare is completely bypassed.
     
  3. eva2000

    eva2000 Administrator Staff Member

    51,969
    11,976
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,473
    Local Time:
    5:53 AM
    Nginx 1.25.x
    MariaDB 10.x
    believe they're referring to DDOS mitigation at Cloudflare Edge servers
    so technically they're protecting themselves (Cloudflare) and not charging Cloudflare customers for it heh

    upload_2017-9-26_7-35-44.png
     
  4. eva2000

    eva2000 Administrator Staff Member

    51,969
    11,976
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,473
    Local Time:
    5:53 AM
    Nginx 1.25.x
    MariaDB 10.x
  5. eva2000

    eva2000 Administrator Staff Member

    51,969
    11,976
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,473
    Local Time:
    5:53 AM
    Nginx 1.25.x
    MariaDB 10.x
    more clarification https://community.cloudflare.com/t/l7-mitigation-on-pro-plan/6010

     
  6. RB1

    RB1 Active Member

    292
    75
    28
    Nov 11, 2016
    California
    Ratings:
    +122
    Local Time:
    12:53 PM
    Nginx 1.21.x
    MariaDB 10.1.x
    I guess it's about time that I stop DDoSing centminmod.com
     
  7. eva2000

    eva2000 Administrator Staff Member

    51,969
    11,976
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,473
    Local Time:
    5:53 AM
    Nginx 1.25.x
    MariaDB 10.x
    :eek::LOL:o_O
     
  8. rdan

    rdan Well-Known Member

    5,434
    1,395
    113
    May 25, 2014
    Ratings:
    +2,181
    Local Time:
    3:53 AM
    Mainline
    10.2
    Only Cloudflare can stop this attack :|

    upload_2022-5-26_0-41-10.png

    upload_2022-5-26_2-5-3.png
     
    Last edited: May 26, 2022
  9. eva2000

    eva2000 Administrator Staff Member

    51,969
    11,976
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,473
    Local Time:
    5:53 AM
    Nginx 1.25.x
    MariaDB 10.x
    woah what was the peak requests there ?
     
  10. rdan

    rdan Well-Known Member

    5,434
    1,395
    113
    May 25, 2014
    Ratings:
    +2,181
    Local Time:
    3:53 AM
    Mainline
    10.2
    Not sure what you ask :D

    But here's the complete graph from the time I enable Cloudflare CDN, until the attack stop.
    [​IMG]
     
  11. eva2000

    eva2000 Administrator Staff Member

    51,969
    11,976
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,473
    Local Time:
    5:53 AM
    Nginx 1.25.x
    MariaDB 10.x
    request/sec etc

    Cloudflare FTW (y)
     
  12. duy13

    duy13 New Member

    16
    3
    3
    Oct 22, 2016
    California, USA
    Ratings:
    +16
    Local Time:
    2:53 AM
    1.13.x
    MariaDB 10.x
    Have you ever encountered attacks where attacker queries bypass hcaptcha and cloudflare js? and cloudflare itself doesn't do anything with those queries (cloudflare business)
     
  13. rdan

    rdan Well-Known Member

    5,434
    1,395
    113
    May 25, 2014
    Ratings:
    +2,181
    Local Time:
    3:53 AM
    Mainline
    10.2
    I haven't encountered it yet.
    That's bad if those firewall can be bypassed.
     
  14. duy13

    duy13 New Member

    16
    3
    3
    Oct 22, 2016
    California, USA
    Ratings:
    +16
    Local Time:
    2:53 AM
    1.13.x
    MariaDB 10.x
  15. rdan

    rdan Well-Known Member

    5,434
    1,395
    113
    May 25, 2014
    Ratings:
    +2,181
    Local Time:
    3:53 AM
    Mainline
    10.2
    Okay, I will try this myself then agains't my own domain.
     
  16. rdan

    rdan Well-Known Member

    5,434
    1,395
    113
    May 25, 2014
    Ratings:
    +2,181
    Local Time:
    3:53 AM
    Mainline
    10.2
    1.9 - 2 million request per second average attack :|
    Not sure what is the peak as Cloudflare alerts isn't accurate.

    upload_2022-11-3_5-12-57.png
     
  17. eva2000

    eva2000 Administrator Staff Member

    51,969
    11,976
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,473
    Local Time:
    5:53 AM
    Nginx 1.25.x
    MariaDB 10.x
    Wow 490+ million connections closed and 754+ million blocked ! Which country/ASNs were these coming from?
     
  18. rdan

    rdan Well-Known Member

    5,434
    1,395
    113
    May 25, 2014
    Ratings:
    +2,181
    Local Time:
    3:53 AM
    Mainline
    10.2
    But for that attack, 780 million successfully reach my server :|.

    upload_2022-11-3_7-8-56.png

    upload_2022-11-3_7-9-10.png
     
  19. eva2000

    eva2000 Administrator Staff Member

    51,969
    11,976
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,473
    Local Time:
    5:53 AM
    Nginx 1.25.x
    MariaDB 10.x
    Attack traffic or legit? That's huge either way! How did Centmin Mod server hold up? :D Still using OVH servers? OVH DDOS protection would of helped? Or layer 7 attacks not much help?

    Looks like a lot of VPS/cloud providers. If there isn't any reason for cloud ASNs requests, you can block them off for some urls/paths.
     
  20. rdan

    rdan Well-Known Member

    5,434
    1,395
    113
    May 25, 2014
    Ratings:
    +2,181
    Local Time:
    3:53 AM
    Mainline
    10.2
    Attack 99%, 1% legit traffic.

    1st attack, site hangs up for a minute, second attack site was down for a minute.

    Yes :)

    It surely helps with Layer 3/4 attack, but not with layer 7.

    Managed challenge is enough for now, as I have lots of legit VPN users.