New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
From a quick Google it looks like it was Cloudflare's "I'm under attack" mode, where it does some sort of JS proof-of-work thing before letting you in.
Yep, and that 5 seconds delay is intentional. That's supposed to happen.
Meh, it's not very smart if you ask me... like I said, most visitors will have said "screw this" and left long before those 5 seconds are up unless they've got an overwhelmingly good reason to wait.
Skiddies do. Not think. They do. Look at that guy who used S'E' to get through WHMCS, he released everything through his site, hidden behind a CF front.
...and then he failed to remove the direct record which allowed people to circumvent Cloudflare. Btw Lulzsec was also hidden behind them and the protection never got removed.
The owner of the site turned on "Attack Mode", which means that they are experiencing a large DDoS attack and can't handle the load by themselves. If CF didn't do this, their site would be down, and downtime is not good. CF keeps their site up, but visitors might have to wait 5 seconds for it to load. It's better than not having the site up at all. Pretty smart if you ask me.
@flam316 I also believe its a one time load as well
The proof-of-work page you saw only happens when a site is explicitly put into "I'm under attack mode". It's not standard. Normally you would just get a CAPTCHA if you happened to be on a blacklisted IP in the first place, and judging from my usage of it it almost never has false positives. The closest thing to a 'false positive' is people using TOR having to enter a CAPTCHA.
How does that work?
Good point. I suppose I would be concerned if cloud flare cut your load time in half, not necessarily that of a visitor on the other side of the globe.
Well, some of my sites are in KC, some are in Miami and some are in Denver. CloudFlare has a PoP in Newark (NJ), which I'm 40 or so miles away from. They also serve your content from literally thousands of SSDs, which I don't have on any of the servers my sites are on. Also, I use their minify and asychronous JS loader (RocketLoader) features, so yes, it still loads about twice as fast for me even though my origin servers are in the US.
The site was behind Cloudflare, but whatever requests were used to compromise it got through. It was (as far as I could figure out/guess) a bog standard exploit used to inject spam links in every .php file it could find. Nothing special but a pain in the backside to clean up.
Ultimately it was my fault for not looking after it well enough but it would've been nice if CF had caught the initial exploit. Still, I'll be leaving it behind CF anyway because spam is enough of an issue and they're doing a good job of catching that.
Were you using the free plan?
The butthurt in this thread is amazing. Good, good, let it spread throughout you more
If it really was crap, sites as large as 4chan wouldn't have adopted it, silly kids.
If it really was crap, sites as large as 4chan wouldn't have adopted it, silly kids.
Then why was 4chan down for weeks at a time with CF
And if that really was true, they'd not be still using it ヽ( >∀<)ノ AHAHA AHAHA AHAHAHAHA
I'm not sure "butthurt" is the right word to describe comparing experiences on an often misused and misunderstood CDN, but ok. I see a lot of people thinking it'll speed up their website, locally, for no real reason. It's only of benefit if it benefits you, not something to use in all cases as some like to think.
As for the stats which was commented earlier in this thread, Cloudflare just posted a new entry on their blog relating to page views: http://blog.cloudflare.com/update-more-page-view-counting-refinement
Yeah, so no advanced security/WAF, and I probably didn't even have the security settings on High (I incorrectly assumed mod_security on the server + free CloudFlare + up-to-date Wordpress was good enough to keep the crap at bay, but I forgot about the theme...)
Still, the compromise likely came from a compromised server/botnet - the sort of thing you'd hope would be given a challenge page whether or not the advanced stuff picked up on the specific attack.
Then I can't really see how Cloudflare had anything to do with it, and how it makes them 'far from perfect'... if you assume they provide a feature that is clearly said to not be provided, I think the 'fault' is not with Cloudflare.
I doubt it came from a botnet. Typically servers are compromised from a shell on a hacked legitimate server, and these shells are not really used for any other things, so it's unlikely they are on any kind of blacklist until the moment it's already too late. I don't think you can expect anything like Cloudflare, Project Honeypot, Drone blacklists, etc, to block these IPs.
They quite clearly advertise security as a feature, including:
I don't think I was being unreasonable in my assumption that it would be likely to block what was, as best I could determine a month later without any logs, a two-year-old common Wordpress theme exploit. That it didn't suggests that, at the very least, the free service that pretty much every LET reader is going to go for is not as effective as the marketing copy suggests it is (something that is obvious in hindsight).
But whatever, I already said that it was ultimately my screw up, and that I'm very happy with how they've cut the amount of comment spam and other crap that hits my sites.
Gee, a service promising a completely free, unlimited bandwidth CDN and people have lots of issues with it.
What. A. Shock.
@rainsog308 If I remember correctly they get their bandwidth very cheap. I think at one time they said to defend against a 1gbps ddos would only cost them a few dollars, bandwidth wise that is