How a Business Owner became victim of a DDoS Attack and mitigated using Cloudflare?

Yesterday I found an interesting case on Twitter where a Bhanu Teja who owns the product faced DDoS attacks. Intriguing coincidence, his product was on the front page of Hacker News the previous day.

And the next day he receives this alert from Cloudflare, while facing alot of spam email user registrations for his product.

An ex-Cloudflare employee, Adam helped him mitigate this using the Cloudflare firewall and other features.

He made a thread on this as well –

I found this case interesting, and learned more about DDoS attacks.

Cloudflare has a good resource on identifying and fixing DDoS as well –

Personally, I use a few custom Cloudflare rules to ensure my site remains safe, like rate limiting my login pages of WordPress (1 rule is Free).

I hope you all find this helpful.

Did you all ever face DDoS attack on your websites?


Thanks for sharing…
If I could help with one of your rules:

/wp-login/ doesn’t really need protecting, but wp-login.php does… ie uri contains wp-login.php
All requests for /wp-admin/ get pushed to wp-login.php anyway.

Your rules above allow for no rate limiting on wp-login.php currently.