Pages

Monday, November 17, 2014

CloudFlare Scare

One of my clients was getting tens of thousands of pageviews a day, but not getting sales to justify that amount of traffic. I went looking and found a lot of foreign traffic from places where they are not likely to make any sales at all.

I experimented with .htaccess, but this is a shared hosting environment and I wasn't even sure Apache was paying any attention to my custom rules. To make things worse, the shared hosting provider was having a bunch of downtime. Even though my account wasn't being directly effected, it made their ticket system about five times slower than normal. (No exaggeration!)

Then, by fate or divine intervention, I stumbled on someone somewhere talking about CloudFlare. I had never heard of it, but it turns out that my hosting provider includes it in CPanel, so I thought I'd give it a try.

I installed it on my own site, the effected site, and another site that I noticed was going slow.

I used it to block a bunch of regions that I recognize as high risk and for the effected account I set a security level that was labled "I'm under attack".

Check out this graph from their analytics page:



The double peak is because I turned the level down to "High" for a day and then back to "I'm under attack". From 15,000 pageviews down to 100-200 pageviews a day. Much more like this customer should expect. For this, I am very thankful.

Now for the scary part.
I went to log in to my own site by FTP. In my FTP program, I had used "www.tecbrat.com" where one might put the domain name or IP. My FTP program was failing to connect and I didn't recognize the IP it was trying to connect to. I was starting to think my router had been hacked, or that I had some other DNS problem. I opened a windows command prompt and pinged my domain "tecbrat.com" and it gave the expected IP. I changed my FTP program to "tecbrat.com" and it connected just fine.
I pinged "www.tecbrat.com"  and THERE WAS MY ANSWER. No hack, just

"Pinging www.tecbrat.com.cdn.cloudflare.net"

Phew! Now I understand. The "www" subdomain was being re-directed to Cloudflare, and they were not passing on the FTP traffic. Don't know if it's even possible that they could. I'm one or two college degrees short on that issue.

So, if you're using CloudFlare AND you use your domain name in your FTP program, AND you see an unfamiliar IP in your FTP console, try removing the "www." or directly providing the IP of your server.

I hope this helps someone. :D
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)