CloudFlare: Protect Your Site From Hackers and Bots
In the SSL era, bots and hackers are on the rise. Never have we seen so much potential for damage so quickly. Many think cost effective solutions elude most of us because of our limited budget or our technical knowledge. CloudFlare is the solution to the aforementioned problem. This post is based on a presentation I recently attended, where 15-year cyber-security expert, Jim Walker (hackrepair.com), openly vouched for CloudFlare as a free security measure. This article summarizes Jim’s presentation.
Problems CloudFlare Solves
Denial of Service
CloudFlare allows you to mitigate denial-of-service issues. A denial-of-service attack occurs when too many visitors go to your site and create traffic. The term ‘Visitors’ does not necessarily refer to human traffic, as problems often arise due to bots. There is no preventative measure to this issue at the server level. A $10k firewall unit is not an effective solution. Usually, your host will turn off your site. The only effective way to protect from a denial-of-service problem is with a cloud service.
Shared Server
Most sites are hosted on shared hosts. Having a site that is insecure is a discourtesy to all of your file hosting neighbors. If your site becomes hacked or overloaded, it will adversely affect all sites hosted on your shared server. As stated, it will also cause your site to be shut down.
Saturation Attacks
Most servers have a maximum per second transfer rate. This differs from a bandwidth attack because it is over such a short period of time. It is impractical to stop hackers and bots at your site’s server level. CloudFlare works a level above your site, like a watchtower located miles away from your main base. With CloudFlare, you also get a shielded IP. While the service does not make your IP impossible to obtain, it certainly makes it more difficult.
Introduction to the CloudFlare Interface
Page Rules Section
The Page Rules Section is the default page when you log into CloudFlare. Here, HTTP can easily be redirected to HTTPS. If you don’t have HTTPS, you should have got it yesterday. For those of you who are familiar with development, I know what you are saying. “Can’t I just use the ‘.htaccess’ file to redirect to HTTPS?” Of course, but you risk many possible problems. CloudFlare is a stronger solution.
Analytics Section
CloudFlare has analytic features; this helps website administrators see trends in security before they become a significant problem.
Firewall Section
Again, this post is based on a presentation. Jim, gave the presentation because many of his clients are the victims of hack attacks. Said clients have usually seen site downtime. Within CloudFlare, you have a firewall. If you are under attack, you will see a warning in the firewall section of the CloudFlare site. Then you can fix the error with one click. In the firewall section, you can also set up access rules. Many of the denial-of-service attacks come from different countries. CloudFlare can actually isolate connections based on geography and force said connections to be delayed, javascript challenged or captcha protected. This will free up space during a server attack tremendously.
My Experience
I used CloudFlare on a few of my sites immediately after attending the presentation. My sites loaded faster. I didn’t realize this would be a side effect, which you as a visitor to this site have benefitted from. As far as whether I would recommend the service, I think it goes without saying: YES. Have you tried CloudFlare? What do you think of CloudFlare? Do you have any questions about the service? Let us know in the comments and we will get back to you.
This post was written based on a presentation by Jim Walker, HackRepair.com. The presentation took place at Advanced WordPress (AWP) event in San Diego. Connect with AWP on Facebook and MeetUp.com. The video was recorded by Yaron Guez.
Tess Robinson
September 18, 2016 @ 2:46 pm
Great post. Yes, I love Cloudflare for all the reasons listed above. Interesting about the IP address. I have been told by a number of software developers that Cloudflare completely hides the originating IP address, however, I’ve also been told (and this makes more sense) that there are ways to find it and there can be DNS leaks. Interested in your opinion on this issue.
Thanks for a great post. It’s awesome to be able to take advantage of a presentation when not actually able to attend.
Joseph Abraham
September 18, 2016 @ 11:09 pm
Thank you for your comment! We actually have a really great community here in San Diego where I have learned so much. Our MeetUp group has an abundance of blog-worthy content. To answer your question, yes CloudFlare does hide your IP and they do an excellent job. I don’t want to explain the process on my blog, but there are ways to attain an IP number beyond what CloudFlare protects you from.
Jim Walker
September 19, 2016 @ 8:58 am
Cloudflare does hide the site IP; after the fact.
Though there are many free online tools that maintain the history of websites and their past IP addresses.
With just a few seconds of effort, a would-be attacker can obtain the prior IP address of any website after a switch to Cloudflare.
So to combat this, one would need to set up Cloudflare, then change hosts or the sites IP address to foil this sort of in information gathering.
Tess Robinson
September 20, 2016 @ 12:24 am
Thanks, that’s interesting. That makes total sense, Jim and is what I’d been thinking might be the case.
I’ll check out some of your other posts Joseph. Thanks for the heads up about the other blogs and for the tweet!
Joseph Abraham
September 20, 2016 @ 1:58 pm
Love the comments. Thank you.
Moses
March 25, 2017 @ 1:29 am
I love this article.