본문 바로가기

개발/해킹

Cloudflare doesn’t help your DDOS

Ever since CloudFlare helped out Spamhaus with their big deal big DNS reflection DDOS attack, conventional wisdom has said that if you are faced with a DDOS attack, you should give CloudFlare a shot. By all means, give it a try: they have a compelling free offer that seems to be just the thing you need.


Here is what will happen:


You switch your DNS to cloudflare

You get your site up again

You receive a DDOS attack

You survive said DDOS attack

You think cloudflare is cool

You tell all your friends

You get a new and rewewed DDOS attack

You get a mail like below from cloudflare saying, basically, sorry dude, you’re toast.

You can now choose to pay $200 USD per month, or accept that your site is just sometimes going to be down.

The moral of the story is: you’re not spamhaus.  To be fair, cloudflare do say, somewhere in their blog or site that they’re not a DDOS solution.


From: CloudFlare <no-reply@cloudflare.com>

Subject: victim.co.za has been temporarily removed from CloudFlare

Date: Mon, 24 Mar 2014 02:11:21 +0000


CloudFlare has temporarily deactivated your website victim.co.za.


Your visitors will be directed to your origin server, where your website is hosted, instead of first passing through CloudFlare’s performance and security service. We’ll resume routing traffic through CloudFlare once the issue has been resolved. We review deactivated websites every 5 to 7 business days. To check your status, please log into: www.cloudflare.com/my-websites


COMMON QUESTIONS


WHY WAS MY SITE TEMPORARILY DEACTIVATED?

CloudFlare runs a globally distributed network serving millions of websites. Sometimes a large DDOS attack to one of our Free or Pro customers may degrade network performance. In these cases, we may temporarily remove the website under attack to avoid network degradation.


I AM ON THE FREE OR PRO PLAN. WILL UPGRADING TO BUSINESS HELP?

Yes. CloudFlare's advanced DDOS protection is included in the Business and Enterprise plans. If you upgrade to the Business plan, your website will be activated again.


HOW LONG WILL IT TAKE TO REACTIVATE MY SITE IF I DON’T UPGRADE?

We review deactivated websites every 5 to 7 business days.


IF I DELETE MY SITE AND RE-ADD IT, WILL THE TEMPORARY HOLD DISAPPEAR?

No. Any temporary holds are attached to the domain so deleting and re-adding the website will not change its status.


Replies to this email are not monitored or answered. For FAQs or to reach our help desk, please visit: www.cloudflare.com/support


Thank you for using CloudFlare.


The CloudFlare Team


***This is an automatic notification for victim.co.za


메일 내용에 따르면 Pro 플랜이나 Free 플랜의 경우에는 DDOS 공격을 받으면, 네트워크 성능 저하 방지를 위해, 방어를 안하고 자동으로 CloudFlare 서비스가 해지되고, 원래 서버의 아이피로 직접 연결된다고 적혀있다.  복구하려면 월 200$를 내는 Business 플랜으로 업데이트하라고 한다. 아니면 5~7일을 기다리거나


Business 플랜 이상이 아니면 사실상 DDOS 방어를 제공하지 않는다는 것이다.

실제로 CloudFlare의 약관에도 14장 해지에 관한 내용에서 예기치 않은 기술적 문제나 보안 문제로 해지될 수도 있다고 한다


CloudFlare Pro 플랜까지는 DDOS 방어가 안된다. 속도 향샹의 기능만이 있을 뿐