New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
We tried cloudflare rate limits, under attack mode and other options, no luck.
And having the site down was demoralizing for our gaming community.
@jonesolutions is there any indication or tests you have run or feedback you received that something "years ago" persists and has not been improved/modified/enhanced?
We didn't look back after we ditched it. When we reported it, they said they found no issues on their server but we did. It is about the tampering issue.... Not sure if they recognized it already or fixed it.
BunnyCDN uses Cloudflare too for NS. Besides I don't see how that is unprofessional myself as bunnyCDN is great in what it does. Optimizing and speeding up websites around the world.
layer 7 attacks need more fine grain control and understanding of the web app you're trying to protect but it can be done for Xenforo on Cloudflare. For instance 120 requests/min can be either too high or too low depending on the endpoint being targeted and underlying technology and server resources serving that endpoint - static web server or dynamic php etc.
custom Cloudflare Firewall rules https://developers.cloudflare.com/firewall/cf-firewall-rules/ will also help before they even get to rate limiting stage.
some examples at https://developers.cloudflare.com/firewall/recipes/
We can't hire someone to keep the site and firewall rules up 24/7 to respond whatever some dumbfuck that has bothered us for years with ddos comes up on his free time. All of us have real life jobs, and he has only time during the work hours.
At least not when the other option is to just use something that works out of the box.
I mean, look at this shit we get from the guy, sometimes even middle of night when were a sleep and not able to respond to the attacks.
You can see we're dealing with a lunatic that has all the time in the world to attack us.
We did try some of the stuff mentioned in those links, and had limited success with it untill he came up with other methods to take the site or the origin webserver behind it down or slow it down considerably.
For example attacking our sourcebans page that is far less optimized compared to xenforo main forums which even that, he still could take offline. Taking down the sourcebans is not an option either as players rely on it to submit their ban protests and check the server status and player amounts.
Not even once we went down after switching. That's the best revenge against the DDoSer. Hes been going nuclear against our gameservers ever since we got the website back online.
Are you guys from Portugal by any chance?
They are hehe.
When you pretend to offer DDOS protection (could it be mostly OVH DDOS protection?) using the DNS server of one of the world biggest DDOS protection / CDN company sounds fucked up. Just my opinion. I can understand why they use it though. In the context of BunnyCDN, who don't pretend to offer DDOS protection it makes more sense: they have their own anycast DNS but use CF in case there is a serious problem with their network so that they can inform their userbase. When it seems like you don't have your own DNS, being dependent upon CF while you basically offer for a fee what they offer for free sounds fishy.
Why use word "pretend", and "OVH DDoS Protection". When it actually works without any pretending needed, and as for the OVH, they don't offer any L7 capabilities so I can imagine the actual DDoS protection for the websites is their inhouse tweaking.
Whatever, as long as it keeps working for us, I don't mind speaking up for it. However its useless to recommend it here as its not LET kosher choice and only causes anger amongst the community here. Besides I agree they are clunky when it comes to billing or adding subdomains.
Well I never tried it, and they have no free offer so we can try their stuff, nor do they offer any clear information on their website. I just write what I understand. They want to give potential customer more information? Nice, let's hear what they have to say! In the meantime we can only guess from what we see...
I remember some guys selling DDOS protection while it was in fact nginx on VPSes in each BuyVM location. In this field you can't expect new companies to come with a serious setup unless that's proven.
If CF works for you sure, but I had a persistent attacker who kept downing my website. Cloudflare couldn't protect it. UAM didn't even work as well as rate limiting.
Also with Cloudflare there is no Auto UAM. You have to enable or disable it manually. With Flux my site is now always online and it's in sensor mode, so UAM will auto enable once an attack starts and disables when it ends. I haven't been down since.
I find it much more user friendly and the of/on protection just works. I don't need all the CF bells and whistles.
I'm sure it's possible but I don't want to do that. I just want my site not to go down and I don't care how it's done. With fluxcdn it stopped going down and I didn't need any recipes
I agree the site still needs a lot of work. In fact they are probably losing customers over it. There is not much automated but it's a work in progress.
I'm really impressed with the protection though which is what matters most for me.
Front up and first I want to say something clearly: What I wrote was not meant against @fluxcdn ! It is simply about concerns I see and think they might want to address. But of course I wish every new player related to our field good luck and success.
Probably true, at least in the beginning, but that's not how most potential clients see it. You know the game: "more is better".
True, but now there already exists a favourite cheap-but-really-good player with BunnyCDN. Plus there are plenty hosting providers offering DDOS protection.
Even assuming that you are right, can an Anti-DDOS company live and grow from you and very similar cases?
Yes, that's the reason for a part of my concerns/questions.
@marvel
Customers like you are their "treasure", the factor that could help considerably with their start.
Again, I wish fluxcdn well and may they succeed. But for now I stay sceptical.