CloudFlare questions

alternadiv

alternadiv

Well-known member
I'll start by saying I don't have much experience with server stuff or advanced security. I can upload files, use cPanel and FTP programs, create databases, and that's probably it.

As my site is growing, I'm feeling more vunrable to a security attack and I feel concerned about my lack of knowledge here. I use A2 Hosting, and looking around my account there, I see I can add-on CloudFlare services for $8 extra. From my understanding, this will make my site safer and faster. Sounds good to me.

That being said, is there anything I need to know? Once I purchase this, am I basically protected and I can stop worrying? Or is there a lot more to it? What about specific to a XenForo site?

Thanks!
 
Strange most hosts provide Cloudflare for free if they are a partner, unless your paying for some of the pro stuff. It’s a global CDN so yes it will make your site faster, and since your site is behind their proxy your real world server IP wont be shown. Plus they have filters on their network to stop attacks. But mostly it’s just worth it for the speed. Make sure to turn of rocket booster with XenForo though just a FYI, they don’t work well together.
 
nodle said:
Strange most hosts provide Cloudflare for free if they are a partner, unless your paying for some of the pro stuff. It’s a global CDN so yes it will make your site faster, and since your site is behind their proxy your real world server IP wont be shown. Plus they have filters on their network to stop attacks. But mostly it’s just worth it for the speed. Make sure to turn of rocket booster with XenForo though just a FYI, they don’t work well together.
Click to expand...
Thanks. Where do I turn that off?
 
sixlxvi said:
Everything appears to be enabled and A2 support confirmed it’s working. Is there a way I can check again like you did?
Click to expand...

They are definitely incorrect. Just ping your site from a command prompt or such. It points right to your real IP address on the A2 server, looks like in the PhoenixNAP datacenter.



PING Tacoma3G.com (68.66.225.84) 56(84) bytes of data.
64 bytes from 68.66.225.84.static.a2webhosting.com (68.66.225.84): icmp_seq=1 ttl=56 time=10.6 ms
64 bytes from 68.66.225.84.static.a2webhosting.com (68.66.225.84): icmp_seq=2 ttl=56 time=10.6 ms
64 bytes from 68.66.225.84.static.a2webhosting.com (68.66.225.84): icmp_seq=3 ttl=56 time=10.7 ms
64 bytes from 68.66.225.84.static.a2webhosting.com (68.66.225.84): icmp_seq=4 ttl=56 time=10.7 ms

--- Tacoma3G.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3015ms
rtt min/avg/max/mdev = 10.609/10.706/10.799/0.143 ms
 
WSWD said:
They are definitely incorrect. Just ping your site from a command prompt or such. It points right to your real IP address on the A2 server, looks like in the PhoenixNAP datacenter.



PING Tacoma3G.com (68.66.225.84) 56(84) bytes of data.
64 bytes from 68.66.225.84.static.a2webhosting.com (68.66.225.84): icmp_seq=1 ttl=56 time=10.6 ms
64 bytes from 68.66.225.84.static.a2webhosting.com (68.66.225.84): icmp_seq=2 ttl=56 time=10.6 ms
64 bytes from 68.66.225.84.static.a2webhosting.com (68.66.225.84): icmp_seq=3 ttl=56 time=10.7 ms
64 bytes from 68.66.225.84.static.a2webhosting.com (68.66.225.84): icmp_seq=4 ttl=56 time=10.7 ms

--- Tacoma3G.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3015ms
rtt min/avg/max/mdev = 10.609/10.706/10.799/0.143 ms
Click to expand...
Thanks. Gonna ask A2 for help.
 
sixlxvi said:
Thanks. Gonna ask A2 for help.
Click to expand...

Generally speaking, you need to point your nameservers to Cloudflare (I say generally speaking, because there are exceptions). Your nameservers are still pointing to A2.

So while Cloudflare might be enabled in your hosting account, or wherever you are setting it up, the nameservers have not been changed to Cloudflare's.
 
No, it will not make your site more secure. While it will provide denial of service attack protection, it does nothing to protect security attacks made directly against your server. All someone has to do is a basic IP scan to get a list of server IPs, and connect directly to those servers, completely by-passing Cloudflare. Basic security precautions and procedures are still required on any server.
 
MySiteGuy said:
No, it will not make your site more secure. While it will provide denial of service attack protection, it does nothing to protect security attacks made directly against your server. All someone has to do is a basic IP scan to get a list of server IPs, and connect directly to those servers, completely by-passing Cloudflare. Basic security precautions and procedures are still required on any server.
Click to expand...
These are the things I'm trying to figure out. I'd like to tighten up security as far as that stuff goes but I don't know much about it yet.
 
MySiteGuy said:
All someone has to do is a basic IP scan to get a list of server IPs, and connect directly to those servers, completely by-passing Cloudflare.
Click to expand...
Huh? If the site is well configured without IP leaking, how would someone get the IP?
 
Alfa1 said:
Huh? If the site is well configured without IP leaking, how would someone get the IP?
Click to expand...

Put a server up on the Internet, whether or not its IP is published in DNS records and in under an hour, someone has already found it, guaranteed. Black hats are constantly doing IP scans on data center IP ranges. They don't need to know which domain is attached to a server.

Cloudflare may stop basic script kiddies, and DDOS attacks against a domain name, but it can't stop directly connecting to a server's IP address.
 
MySiteGuy said:
Cloudflare may stop basic script kiddies, and DDOS attacks against a domain name, but it can't stop directly connecting to a server's IP address.
Click to expand...

Very true, but since the majority of DDoS attacks are directed at either a specific domain or at an entire datacenter, it's certainly better than nothing. You then secure SSH and such, and you're going to be doing pretty well as far as security is concerned.
 
No, it will not make your site more secure.
Click to expand...

🤦‍♂️🤦‍♂️🤦‍♂️🤦‍♂️

People don't just DDOS random IP addresses for no reason. 🤦‍♂️ They do try to login to random IP Addresses using brute force but that is an easy fix with basic security. This ridiculous idea that hiding your IP Address through proxies like CloudFlare doesn't fix directed malicious attacks against your property is ridiculous. Cloudflare has use case after use case proving this ridiculous blanket statement false.
 
Last edited:
For 15 years my site has always been under attack, with regular DDoS and whatever attack script kiddies and serious hackers could think of. I dont know how many nights I have been up to deal with server security. In the last years the size and duration of those DDoS grew until earlier this year it reached the scope that is also used to take out major banks. It took out my host and surrounding major networks again and again weeks on end.

CloudFlare did put a complete stop to all of that. It surely did make my sites more secure. Its not a complete solution, but surely a big part of the puzzle. I should have listened to the advice of digitalpoint years ago and should have started to use cloudflare then. It would have saved me so many headaches and money.
 
You must log in or register to reply here.

Similar threads

E
  • Question Question
Cloudflare Turnstile - Bots spam - is it effective ?
Replies
4
Views
120
Ricsca
Ricsca
O
Mail management with Cloudflare
Replies
15
Views
137
Old Nick
O
R
Xenforo, Cloudflare, Tor
Replies
6
Views
123
Robert9
R
fionix
How do you avoid your server IP to be leaked using Cloudflare?
2
Replies
21
Views
261
MentaL
MentaL
V
  • Question Question
XF 2.3 Cloudflare Rocket Loader doesn't work with Xenforo 2.3.0
Replies
7
Views
159
cpvr
cpvr
Back
Top Bottom