Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Q&A
[HELP] DDoS Attack
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="BIOS" data-source="post: 461776" data-attributes="member: 15674"><p>They can bypass Cloudflare js-challenge, not the real CAPTCHA (and that's because js-challenge is literally just asking the client to compute a basic math equation in JS, shouldn't ever really be depended upon). You can use 5 firewall rules on CF for free (and set them to CAPTCHA or block all together if you're confident of no false positives), and then configure rate limiting on your own server e.g. <a href="http://nginx.org/en/docs/http/ngx_http_limit_req_module.html" target="_blank">NGINX</a>, for anything that gets past those rules.</p><p></p><p>Adding a CAPTCHA to the site wouldn't really do a lot in this case. Sure it'd maybe stop bots being able to login and access other areas of your site, but ultimately you'd still end up processing all the malicious requests at your origin (seen 25M+/day in some cases), chances are you'd still get knocked offline pretty quickly from them hammering your CAPTCHA page, especially without tuning the server or adjusting connection hard limits.</p></blockquote><p></p>
[QUOTE="BIOS, post: 461776, member: 15674"] They can bypass Cloudflare js-challenge, not the real CAPTCHA (and that's because js-challenge is literally just asking the client to compute a basic math equation in JS, shouldn't ever really be depended upon). You can use 5 firewall rules on CF for free (and set them to CAPTCHA or block all together if you're confident of no false positives), and then configure rate limiting on your own server e.g. [URL='http://nginx.org/en/docs/http/ngx_http_limit_req_module.html']NGINX[/URL], for anything that gets past those rules. Adding a CAPTCHA to the site wouldn't really do a lot in this case. Sure it'd maybe stop bots being able to login and access other areas of your site, but ultimately you'd still end up processing all the malicious requests at your origin (seen 25M+/day in some cases), chances are you'd still get knocked offline pretty quickly from them hammering your CAPTCHA page, especially without tuning the server or adjusting connection hard limits. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Q&A
[HELP] DDoS Attack
Top