Jump to content
MaxCheaters Official Group on Discord
--> Place your ad text here <--

Cloudflare Ddosing Me

Szakalaka

By Szakalaka
in Off-Topics

 Share

Recommended Posts

Szakalaka Newbie

Szakalaka

Posted
Posted

Hi, is there anyone with experience on CF? I got small web server on my vps (literally nothing interesting here), i allow only IPs from cloudflare range, so it's impossible to connect directly. Now, i am under ddos, and CF seems not to filter out the requests. At this point there were total 80kk requests from ONLY 30 unique visitors. How can i configure CF to ban IPs that connect lets say more than 1k times over an hour? I spent hours digging in their documentation and tools...

Link to comment
Share on other sites
Szakalaka Newbie

Szakalaka

Posted
  • Author
Posted

I know i can do it with iptables. The thing is, its just a tiny tiny vps, so every connection = check in the iptables. I just wanted cloudflare to take responsibility of filtering, not to let them into my server at all.

Link to comment
Share on other sites
xxdem Newbie

xxdem

Posted
Posted

I know i can do it with iptables. The thing is, its just a tiny tiny vps, so every connection = check in the iptables. I just wanted cloudflare to take responsibility of filtering, not to let them into my server at all.

 

None will do that for free. 

 

Keep in mind that iptables has nearly zero overhead and a very slight one in case of a few million records

Link to comment
Share on other sites
eressea Newbie

eressea

Posted
Posted (edited)

iptables is your friend, it can do anything you describe and literally ALL firewalls are just user interfaces for plain iptables. Just look for a guide on the net

 

Unless you have some special hardware like Radware DefensePro

 

I know i can do it with iptables. The thing is, its just a tiny tiny vps, so every connection = check in the iptables. I just wanted cloudflare to take responsibility of filtering, not to let them into my server at all.

 

I fear you won't find any free service for it; or at least service you can count on

 

Keep in mind that iptables has nearly zero overhead and a very slight one in case of a few million records

 

Depends on how many rules do you use, whether you use conntracking (and whether you use it the right way - then it can help much because you check only SYN packets and pass through the rest) etc...

There's also lot of additional settings that might interest you like SYN cookies.

 

Szaka: If I were you, I'd start with iptables and try to find something better only if iptables won't do it

 

EDIT: In case you need to check whether IP belongs to some set, don't set rules for all those addresses. Use ipset http://ipset.netfilter.org/

Edited by eressea
Link to comment
Share on other sites
xxdem Newbie

xxdem

Posted
Posted

Unless you have some special hardware like Radware DefensePro

 

AFAIK even hardware firewalls internally use iptables.

Except if someone writes his own OS for the firewall a case I really doubt since the iptables that comes with the linux Kernel is an extremely good and reliable base.

I may be wrong because I don't have much hands-on experience with firewalls

Link to comment
Share on other sites
eressea Newbie

eressea

Posted
Posted

AFAIK even hardware firewalls internally use iptables.

Except if someone writes his own OS for the firewall a case I really doubt since the iptables that comes with the linux Kernel is an extremely good and reliable base.

I may be wrong because I don't have much hands-on experience with firewalls

 

When it's Linux-based, it will use iptables, that's fact. There are some other options that are used commonly, for example pfSense which is FreeBSD-based. Also Cisco has it's own operating system (IOS, don't confuse with iOS)

Link to comment
Share on other sites
Sdw Newbie

Sdw

Posted
Posted

Depending on how, you can act on iptables or webserver, cloudflare, beside declaring yourself under attack you can't do shit. I wouldn't even consider those guy to protect me.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


  • Posts

    • nn04
      [Report] AVE Scamming

      By nn04 · Posted

      imbadon.com If u deleted me from the content, it is your problem. This 200 euro is not money at all. But you... just scammer. People should know about you. I can share the whole conversation if you want, but it will not change that you are a scammer. 
    • Ave
      A few ideas for MaxCheaters.com

      By Ave · Posted

      For upcoming changes, You should consider making those 3 tabs (or whatever more You will have with new games) more visible and standing out, because right it looks like all topics hidden under those 3 tabs.
    • Ave
      ⚜ Custom UPDATER / LAUNCHER ⚜

      By Ave · Posted

    • Salty Mike
      A few ideas for MaxCheaters.com

      By Salty Mike · Posted

      While not particularly active over the years, I've been around for as long as I could remember, so here are my 2 cents too. On top of what has already been said, I'd like to touch on a few thing that might be improved upon. While it is easy to notice and say "there's lack of engagement" or "community has outgrown the ganre", I've seen numerous forums get forgotten and die while others continue to thrive to this day. The main issue, in my humble opinion, is that the sector has been commercialised to an unsustainable extent. When nobody is willing to share anything, even if it is just a rework of an open-sourced or already-shared resource, the sense of "community" gets deminished. Now back on the pressing matter. From what I've seen, the lack of engagement could be circumvented with a redesign and functionality expansion that would/could/should include: - a built-in chat functionality. - incentives for engagement/interaction, ideas of which I'll list as separate pointers, as not to limit your creativity. But just as an example, from a more user/human perspective, having an easily identifiable way to get into "the club of the cool kids on the block", figuratively speaking, is an incentive on its own. - separation of the reputation into reactions and reputation. One to be used to posts, such as up-vote and what not, while the other to be awarded as means of appreciation. - automated ranks with actual benefits/perks, not like the current ones providing nothing. - the ability to hide text for user/group of users, not just premium/no premium. - increased visibility of the HOT topics and the RECENTLY ACTIVE threads/posts. Can be also expanded to most liked posts, etc. ps.: I'll update my post when I have some free time on my hands.
    • Ave
      [Report] AVE Scamming

      By Ave · Posted

      There was no way I didn't refunded or delivered files. I don't see You on my conrtact list on Discord, can You send me a message or at least tell me for what project was this updater? I always resolve if I can't deliver on time or customer bailes.

  • Topics

×
×
  • Create New...