MyBB Community Forums

1. You're not protected from DDOS/DOS with cloudflare. It takes two seconds to resolve the real IP address. Also, even if you can't resolve the real IP from a cloudflare resolves there are new sneeky methods of attacking. (Layer-7 attacks) What a Layer-7 attack can do is:
Rudy
Get
Head
Post
Slowloris

The most dangerous I've seen/tried on my own web server is Rudy, Head, Post attacks. Those will just bypass cloudflare protection and still cause a Denial of Service attack. See, free version of cloudflare does not protect you from Layer-7 attacks. They charge you to be protected from Layer-7.

Just as a example you are not protected. Let's take a simple website like ubers.org, now the cloudflare IP resolves to 108.162.196.112 but if your resolve the cloudflare it goes to *************.ubers.org resolves to 178.***.**.*** (ip censored). So, it proves to point you are never really safe.

This is just a security tip.

ubers is a example due to its big and nice. If you are owner of ubers and viewing this, I can notify you how I was able to resolve the IP address and you can fix it.

Well Anyone Could Bypass

He Could Change Dns Records From CLoudflare Then You Cant Bypass

cpanel.ubers.org

direct-connect.ubers.org

From Those You Can Get Real Ip

Yes, of course. I am just stating that every website has a leak to get the real IP address, so its never safe.

Your post is full of obvious statements and a lot of misunderstanding.

Unsure why you think a FREE service would stop a level-7 DDOS attack.
Unsure why you think a FREE service would make your site safe. It just offers options to make it "safer" which is all any service free or otherwise can do.

What's your beef?

(2012-09-11, 09:51 PM)labrocca Wrote: [ -> ]Your post is full of obvious statements and a lot of misunderstanding.

Unsure why you think a FREE service would stop a level-7 DDOS attack.
Unsure why you think a FREE service would make your site safe. It just offers options to make it "safer" which is all any service free or otherwise can do.

What's your beef?

People say "cloudflare is amazing. it helps you site. it stops ddos/dos" but it really does not. So this is a warning that it does not.

And how many skids know how to do a level 7? This thread isn't very constructive. the only reason I'm leaving it open is to see if Damon has any input.

Not many skids. All though, you'd be surprised who was the time, power to do that.

I've used CF for a while now as PART of my overall DDOS protection scheme. If you know what you're doing it can HELP. They do not advertise their FREE service as DDOS protection. So why in the world are you making statements that are obvious.

Cloudflare is an AMAZING service and it does HELP you stop ddos attacks.

What's not accurate about that statement?

Really Jesse? It does if you pay the stupid fee. It cannot however block some Layer-7 attacks. Still making your websites able to be attacked.

Lets be honest Jesse Labrocca, you can't migrate attacks at all so you have to get something/someone to do it for you.

(2012-09-11, 08:40 PM)Marks-Mans Wrote: [ -> ]Well Anyone Could Bypass

He Could Change Dns Records From CLoudflare Then You Cant Bypass

cpanel.ubers.org

direct-connect.ubers.org

From Those You Can Get Real Ip

I was about to say this. You can't find the IP if you change the DNS Records. Also, why would a free package block a layer-7 attack?