■ Cloudflare beats the petty hackers

Once upon a time wars were fought by real men mano-a-mano and hacker attacks had a point (usually monetary).Nowadays it's all downhill. A few years ago I noticed that some internet pests were mass-downloading xplorer² for no apparent reason (they still try). This pointless attrition has recently moved to the forum.

The number of "guests" accessing the forum was steadily rising (no it isn't AI trying to learn, it's purely malicious). To begin with it was a few chinese IP addresses that I blocked with .htaccess, but that only infuriated the perpetrators, who switched to a smarter attack mode involving thousands of worldwide IPs wisely balanced over time to avoid detection. There would be a few thousand of them browsing the forum at any given time. Then I made the forum "dark web" requiring login to even read topics, all to no avail. In a typical "whack the bot" response, they intensified the attack, even though they couldn't read anything. The excess PHP usage in the forum started failing the main website (xplorer² downloads, contact forms etc). I had to pull the forum down for a few days. They were still trying to access the phpbb forum pages!

These guys wouldn't go away, so I moved my website under cloudflare. Their free plan is limited but has worked out for my problem. I had to relocate the entire zabkat.com domain but only the subdomain forum.zabkat.com is under cloudflare control ("orange cloud"). I guess I was lucky that the attack had a simple pattern — as revealed by my analytics and access log investigation — and could be dealt with a few cloudflare security rules:

Block all China, where 60% of "guests" were coming from
Block many forum "information" pages (terms, privacy and such) for everybody.
99% of the time these fellows would just browse privacy information instead of actual forum topics (which rules out any AI training)

The forum is thus somewhat crippled, but the nuisance traffic is down by 90% in less than a week. My biggest question is, why? How have I angered the Chinese? Am I the victim of an anarchic-communist manifesto aiming to take down capitalism, starting with the petty bourgeoisie? But I digress.

Cloudflare transition how-to

Switching to cloudflare is easy. The website is still hosted where it originally was (ionos) only the DNS is switched to cloudflare nameservers — a reverse proxy whatever this is! The basic steps are as such:

Create a cloudflare account and switch to the free plan
Add the domain to transfer; cloudflare will automatically import (most)* DNS settings
Specify which subdomains to proctect (orange cloud/proxied) and which to leave as they were (gray cloud/DNS only)
Use your webhost (ionos) control panel to change the old name servers to those supplied by cloudflare
Add secirity rules to block the attackers.

* I had a problem with zabkat.com emails failing DKIM, which was fixed by manually copying a couple CNAME to cloudflare DNS records

Effectively you get only 5 rules to work with in the free plan (the rate limiting rule is unusable) but that's adequate for many people. For more information you can ask the cloudflare support AI chatbox, which is quite helpful — albeit it takes too much time thinking to give a straight answer!

To de-cloudflare a website and revert to the original unprotected setup, just switch back to the original nameservers. Ionos console has a button Reset name servers in case one has changed their mind.

ps. it has just occurred to me that if you are a conspiracy theorist, all this "pointless" IP abuse by the orientals is really helping cloudflare's bottom line, no? <g>