deslocotoco
Well-known member
As i can see, XenForo turned on yesterday the CloudFlare protection system against attacks (DDoS?), i don't know if is only country applied or for every visitor.
Is XenForo under attack now? Just curiosity.
But, about the subject, i had a very bad experience with CloudFlare on mitigate heavy duty DDoS attacks, unfortunately. For some context, i have a very busy Forum that deals with politics and news on my country that is very divided right now.
In the last year, i had to contract the professional plan from CloudFlare to protect my site. I was victim of all kinds of attacks to shut down my server, specially with DDoS, force login methods, infinite GETs requests, bots, all the basic stuff easily contracted in obscure sites. Vast majority from China, and the rest, divided to Russia, some minor countries and other computers bots around the world.
The result, after expending some hundreds of dollars to pay to the service, CloudFlare was unable to protect my site, even properly configured to mitigate all kinds of attacks. The ip/country block was a joke for the attackers, basically. I never seen in my life so many attacks requests on my CloudFlare. Was bizarre.
In that time, i was using a managed hosting service in my country, that doesn't handled well the question. Moved to KnownHost, trying to seek a more professional solution. Nothing. One month of my site completely dark and burning money like Joker in the Batman movie, without any kind of revenue coming from Ads, i was completely broke and using pay-to-use services from CloudFlare.
Both KnownHost and CloudFlare stopped to reply to my emails. KnownHost abandonned my ticket after one month. More than one month trying to seek a solution specially with KnownHost, and they didn't have the courtesy to offer some kind of refund, since, well, one month without my site online is one month that a service was not provided.
I gently asked to refund my bills, on that basis, the reply was very corp style, that they will analyze the case and return back. More than one year passed after this last e-mail.
Since the KnownHost is very expensive for my currency, i had to get back to my old host solution. The attacks still going full mode and i just have to maintain at least my DB intact.
After all that, with attacks persisting in this war, after almost two months of a forced shutdown, i had a great idea to implement a cache for visitors. Had some trouble setting this up with my old, small and reliable hosting company, with a very simple solution: almost every attack was going to the cache wall. The site was back on, but with all kinds of problems with cookies. Users logging in the Forum with another credentials, even with administration powers, just because a bad configured cache. This add-on solved the problem.
After that, or the money from the group/organization who was attacking me burned out, or, the cache solution resolved all my problems.
What i don't know is why KnownHost, a very large and professional group was unable to think outside of the 'firewall' and 'ip/country blocks' common thinking and implemented this or other solution in the time. I am a very disappointed ex-consumer of KnownHost, since mostly of administrators tell wonders about their service. Day after day in the ticket, was a new guy after the old guy finished his shift, with a not so good new solution and tryout to see if was going to work.
CloudFlare just limited to reply in the time that a 'internal case study' or some kind of 'audit' was going to happen. Yeah, ok, thanks. Cancelled and got back to the free plan. Was the same service for me, paid or not.
My experience. In the middle of the chinese pandemic, loosing money day by day.
What a nightmare.
Is XenForo under attack now? Just curiosity.
But, about the subject, i had a very bad experience with CloudFlare on mitigate heavy duty DDoS attacks, unfortunately. For some context, i have a very busy Forum that deals with politics and news on my country that is very divided right now.
In the last year, i had to contract the professional plan from CloudFlare to protect my site. I was victim of all kinds of attacks to shut down my server, specially with DDoS, force login methods, infinite GETs requests, bots, all the basic stuff easily contracted in obscure sites. Vast majority from China, and the rest, divided to Russia, some minor countries and other computers bots around the world.
The result, after expending some hundreds of dollars to pay to the service, CloudFlare was unable to protect my site, even properly configured to mitigate all kinds of attacks. The ip/country block was a joke for the attackers, basically. I never seen in my life so many attacks requests on my CloudFlare. Was bizarre.
In that time, i was using a managed hosting service in my country, that doesn't handled well the question. Moved to KnownHost, trying to seek a more professional solution. Nothing. One month of my site completely dark and burning money like Joker in the Batman movie, without any kind of revenue coming from Ads, i was completely broke and using pay-to-use services from CloudFlare.
Both KnownHost and CloudFlare stopped to reply to my emails. KnownHost abandonned my ticket after one month. More than one month trying to seek a solution specially with KnownHost, and they didn't have the courtesy to offer some kind of refund, since, well, one month without my site online is one month that a service was not provided.
I gently asked to refund my bills, on that basis, the reply was very corp style, that they will analyze the case and return back. More than one year passed after this last e-mail.
Since the KnownHost is very expensive for my currency, i had to get back to my old host solution. The attacks still going full mode and i just have to maintain at least my DB intact.
After all that, with attacks persisting in this war, after almost two months of a forced shutdown, i had a great idea to implement a cache for visitors. Had some trouble setting this up with my old, small and reliable hosting company, with a very simple solution: almost every attack was going to the cache wall. The site was back on, but with all kinds of problems with cookies. Users logging in the Forum with another credentials, even with administration powers, just because a bad configured cache. This add-on solved the problem.
After that, or the money from the group/organization who was attacking me burned out, or, the cache solution resolved all my problems.
What i don't know is why KnownHost, a very large and professional group was unable to think outside of the 'firewall' and 'ip/country blocks' common thinking and implemented this or other solution in the time. I am a very disappointed ex-consumer of KnownHost, since mostly of administrators tell wonders about their service. Day after day in the ticket, was a new guy after the old guy finished his shift, with a not so good new solution and tryout to see if was going to work.
CloudFlare just limited to reply in the time that a 'internal case study' or some kind of 'audit' was going to happen. Yeah, ok, thanks. Cancelled and got back to the free plan. Was the same service for me, paid or not.
My experience. In the middle of the chinese pandemic, loosing money day by day.
What a nightmare.
