Ddos thing

Tapao

think my website got a ddos attack but cloudflare doesn’t show the ip of attacker what should i do cus server request the api by it self why doesn’t by the client

Tapao

I know this after I have got install the view count extension

clarkwinkelmann

Flarum only logs IPs when a user posts a comment or starts a discussion.

You might be able to find IPs in your webserver visit logs, if that's enabled.

What exactly are you trying to find or do?

Tapao

Oh I got it it from the rss that fresh by zipper but why it fresh the other api without call

luceos

You can configure CloudFlare to check all requests using the "I am under attack" button or similar. Every visitor then is going to be verified.

matteocontrini

luceos in my experience that's almost useless, unfortunately... Cloudflare's UAM mode is very easily bypassable, and in general Cloudflare isn't good at all at handling HTTP flood attacks. It will easily pass thousands of requests per seconds per source to the origin as if there could be something legitimate about it (and much less than this is enough to bring Flarum on a small VPS down).

In this case, however, it doesn't seem we're actually talking about a DDoS attack since there doesn't seem to be an actual denial of service.

I'm not sure I understand the last message of the user, though, so I don't really understand the problem here.