Anti-DDoS Protection Tutorial (How to use Cloudflare correctly)

I know that by posting this, some people might misuse it by finding a new way to DDoS but I think this is a very useful tutorial for people that need some help to stop some incoming attacks.

Requirements
Cloudflare
2 hosts
Website IP Pinger or CMD could work too.

Step 1

Login to CloudFlare, click on Websites.
Select your domain, and then on the options, select DNS Settings.

Now add new A record.

Code:
A direct-connect 127.0.0.1
    Then click Add.


From this whenever someone will try to resolve your cloudflare IP they will get 127.0.0.1 , a different IP or the result would show was "Not found".

Step 2

Go into your domains threat control central and ban the following countries. I understand how important SEO is for your website but you can't keep your website down the whole day am I right? To ban just type in the country name and wait for the auto correction or whatever to popup, click on it and click block.

Recommended countries to ban

Code:
Serbia
    Russia
    China
    Bosnia


Sites being used in modern booters

Code:
Indonesia
    Venezuela
    Brazil

Step 3

Nowadays booters also use sites such as downornot to boot/hit sites offline. I would recommend blocking the following sites (Can't provide IPs). In order to do this, you must first ping the websites and after you get the websites IP then ban it on your server. If you are on a shared hosting then I think you can ban them through cloudflare.

The concept of using such sites is to send as much as bots or outgoing networks from these sites onto your site to overload the server so when it's unable to take more load it will go offline. Even if someone is using a booter that does use these sites and your site is down and lets say that 100 people use isitup or any similar site to check if the site is down or not then basically it's sending 100 packets.

Code:
http://isitup.org
http://downforeveryoneorjustme.org
http://downforeveryoneorjustme.com
http://www.isitdownrightnow.com/
http://www.websitedown.info/

Step 5

I would always recommend to keep your sites security on Low, but if you know that you have a hater around then you can keep it on medium. Keep it on high only when your site is slow and if you are receiving a massive attack then you can try keeping it on "I'm under Attack!"

The higher security, the more it can slow down your website. Speaking of slow loading, I would recommend you not to keep chatbox or similar plugins installed on a new website because it will slow down the site and it will drive away attention and lower your sites activity.

What is "I'm under Attack!" on Cloudflare?

Doesn't help much but it kinda blocks all kinds of incoming networks/signals and requires your action. Sometimes people can use an IP that's on your trust list on Cloudflare to attack your site and you won't even know and neither Cloudflare would detect it as a threat. Be extra careful while banning IPs under "I'm under Attack!" security level because some are real people.

Step 6

I would recommend you to keep 2 hosts. One can be your main hosting (Onshore or Offshore, doesn't matter) but your second hosting which will be your spare hosting can be cheap but up and must not be receiving too many downtimes. Why two hosts?

If your main hosting is receiving a massive DDoS attack and you can't handle it then move to another server from this your site would be up and nothing would happen.

When your site being attacked you obviously can't access your ACP but you can access your cpanel and from there simply download your FTP files and download all the files from PHPMYADMIN then upload the downloaded files onto your spare (2nd) hosting.

Now the main part in changing hosts.

Instead of updating your nameservers use the quicker way to change hosts.

Go to Cloudflare>Domains>Edit your domains DNS

Now what you want to do is edit all the records that contain an IP and replace your current IPs with your 2nd hosts IP. DO NOT REPLACE THE TEXT, JUST THE IP.

This will redirect your domain to your new host.
Share on Google Plus

About Vo Uu

Tác Giả là người chuyên nghiên cứu về các kỹ thuật hacking, security, marketing, là người có góc nhìn lạ và đi sâu vấn đề cũng như là một con người thẳng thắn góp ý. Nếu sử dụng bài trên blog mong các bạn dẫn lại nguồn tác giả!!! Tác Giả rất mong có sự đóng góp hội ý từ cộng đồng để cho an toàn an ninh mạng việt nam ngày càng được an toàn hơn!!

0 nhận xét:

Post a Comment