DDOS ATTACKS WITH LAYER 7

[rhackz]

hello everyone on xenforo,

i am suffering from ddos attacks i have cloudflare premium package and under attack mode turned on the hacker is able to bypass cloudflares 5 second rule and ddos me,
i have also tried to change the ip because i thought he had my real ip but he was still able to attack i did my research and i found out cloudflare is bypassable and i had to enable rate limiting i tried doing this still the hacker was able to ddos me then i researched even more and i found out about stressers i bought a package on a site and tried to attack my site with layer 7 and my site went down i literally do not know what to do the hacker is playing with me whenever he wants he will turn offf my site yesterday my site was down for a whole day if someone can fix this for me i will pay.

 

[Kirby]

How many IPs are you dealing with?
How much bandwidth?

If the bandwidth isn't too much you can get pretty good results with iptables, ipsets and tarpit.

 

[Alpha1]

For layer7 you may need a form of rate limiting. Cloudflare offers this as an expensive service, but you can also use fail2ban or some alternative of it. @eva2000 has a nice solution in his centminmod.

Another good approach is to get yourself a log analyzer and get the IP ranges used and add the CIDR format of the ranges to cloudflare firewall. This may seem an uphill battle at first but the attacker will run out of options if you combine it with cloudflare's firewall rules. You can use firewall rules to block all high risk countries as well as the attack queries used frequently by the attacker. There's quite a bit more you can do, but this should give you a head start.

Cloudflare has a few weaknesses that attackers can exploit through layer7. Its wise to look into this and close the vulnerabilities. As you might imagine I cant disclose the issues.

 

[rhackz]

For layer7 you may need a form of rate limiting. Cloudflare offers this as an expensive service, but you can also use fail2ban or some alternative of it. @eva2000 has a nice solution in his centminmod.

Another good approach is to get yourself a log analyzer and get the IP ranges used and add the CIDR format of the ranges to cloudflare firewall. This may seem an uphill battle at first but the attacker will run out of options if you combine it with cloudflare's firewall rules. You can use firewall rules to block all high risk countries as well as the attack queries used frequently by the attacker. There's quite a bit more you can do, but this should give you a head start.

Cloudflare has a few weaknesses that attackers can exploit through layer7. Its wise to look into this and close the vulnerabilities. As you might imagine I cant disclose the issues.

Could I hire you to this for me sir as I know nothing about configuring and developing

 

[WSWD]

If you have CloudFlare Premium, you need to contact their support. They will at least attempt to use the best settings to combat your attack. Doesn't always work, but they'll sure try, since you're a paying customer. Are you 100% sure they are going through CloudFlare? If they know your server's IP address, CloudFlare isn't going to do anything.