Last evening, one of my servers seemed to be quite slow and after a quick investigation, I discovered that one of the websites hosted on the server was under a malicious attack. With the DNS being served by Cloudflare, the first thing I did was log in there and configured the Cloudflare account for that domain to “Under Attack Mode.”
Almost immediately, the server’s performance returned to normal while I investigated further to understand what had been going on. It turned out there was an attack on the WordPress login page by several IP addresses and it was a heavy sustained attack. From log files, I was able to ascertain the IP addresses responsible and block them via the server’s firewall.
Having the DNS hosted by Cloudflare offers this kind of advantage. Switching on “Attack Mode” in Cloudflare causes a 5 second interstitial to appear when the site is visited. What happens is that the interstitial provides a javascript challenge to the browser while Cloudflare also examines the traffic. In order to pass the challenge, the browser must also have javascript turned on. If it doesn’t, then a human “challenge” is presented and that must be solved before the website can be loaded in the browser.
Of course, you wouldn’t want to have this on all the time as most visitors would not be happy with a five second interstitial that tells them that their browser is being examined. But when your website is under attack and it is slowing everything else down, it sure does come in handy to have that option.
A Cloudflare account is free although you can upgrade for further protection and features. The free or basic protections though are pretty darn good on its own.