OT: Cloudflare

2 views
Skip to first unread message

Darrell Lee

unread,
Jul 28, 2022, 12:19:46 PMJul 28
to UCLUG
Cloudflare claims to protect a website, anyone using it or any thoughts on whether it works?
 
I am thinking about using it to protect an internet facing webapp.

Darrell Lee
Advanced Data LLC

Colin Griffin

unread,
Jul 28, 2022, 12:50:28 PMJul 28
to uc...@googlegroups.com
Cloudflare is awesome, and does some really nifty things under the hood (like cloudflare workers). Also don't need to go all-in, you can roll with just the CDN at first if you want.

------------------------------
Colin Griffin / CEO + Chief EngineerKrumware - krum.io
e: co...@krum.io 
c: +1 803-291-0331



--
You received this message because you are subscribed to the Google Groups "Upstate Carolina Linux Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uclug+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/uclug/182459b4948.27e9.6ecb3768cd55b08006402ae3e564851b%40adsi-sc.com.

Luna Jernberg

unread,
Jul 28, 2022, 12:55:19 PMJul 28
to uc...@googlegroups.com
Been using Cloudflare to handle my DNS for years now, and are happy with that

Dan Calloway

unread,
Jul 28, 2022, 1:18:41 PMJul 28
to uc...@googlegroups.com
I don't use Cloudflare, but instead use CrowdSec for crowdsourced security to protect my remote server assets and local Desktop PC. Works wonderfully.

-- 
Dan Calloway
LCDR, SC, USNR (Ret.) / 20-year Veteran
Asheville, NC 28805
Title 38 of the Code of Federal Regulations defines a veteran as
“a person who served in the active military, naval, or air service and who 
was discharged or released under conditions other than dishonorable.”

George Law

unread,
Jul 28, 2022, 1:37:47 PMJul 28
to uc...@googlegroups.com
I signed up for a cloudflare account last year as part of some work I was doing on the side that Ben hooked me up with.  I had signed up but never modified my DNS servers to use it.

Thanks for the reminder Darrel :) 

I'm just on the basic free level - which a quick google seems to indicate will allow up to 50 domains - which would be very adequate for my few wordpress sites.  

I just moved geolaw.com over - mostly for the hopes that I can get rid of these dang word press scanners that I see continuously in my apache logs :

178.62.232.252 - - [28/Jul/2022:15:18:42 +0000] "POST /wp-login.php HTTP/1.1" 200 7163 "https://geolaw.com" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36"
178.62.232.252 - - [28/Jul/2022:15:18:43 +0000] "POST /wp-login.php HTTP/1.1" 200 7163 "https://geolaw.com" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36"
178.62.232.252 - - [28/Jul/2022:15:18:44 +0000] "POST /wp-login.php HTTP/1.1" 200 7164 "https://geolaw.com" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36"
178.62.232.252 - - [28/Jul/2022:15:18:44 +0000] "POST /wp-login.php HTTP/1.1" 200 7169 "https://geolaw.com" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36"
178.62.232.252 - - [28/Jul/2022:15:18:45 +0000] "POST /wp-login.php HTTP/1.1" 200 7168 "https://geolaw.com" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36"
178.62.232.252 - - [28/Jul/2022:15:18:45 +0000] "POST /wp-login.php HTTP/1.1" 200 7168 "https://geolaw.com" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36"
178.62.232.252 - - [28/Jul/2022:15:18:46 +0000] "POST /wp-login.php HTTP/1.1" 200 7172 "https://geolaw.com" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36"

Change was just made, so DNS is propogating but it will be interesting to go back in a day or so and see how many less of these scans make it past cloudflare and to my linode VPS

~George



--
You received this message because you are subscribed to the Google Groups "Upstate Carolina Linux Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uclug+un...@googlegroups.com.
--

Darrell Lee

unread,
Jul 28, 2022, 4:34:20 PMJul 28
to uc...@googlegroups.com
Be sure to let us know the results.

Darrell Lee
Advanced Data LLC

Darrell Lee

unread,
Jul 28, 2022, 4:34:46 PMJul 28
to uc...@googlegroups.com
Thanks Dan, I'll check it out

Darrell Lee
Advanced Data LLC

--
You received this message because you are subscribed to the Google Groups "Upstate Carolina Linux Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uclug+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/uclug/861b75eb7fa45eb33902e66a94ac9cf46ee769de.camel%40gmail.com.


[UCLUG] OT: Cloudflare
From'Darrell Lee' via Upstate Carolina Linux Users Group uc...@googlegroups.com
DateJul 28, 12:19 PM
ToUCLUG uc...@googlegroups.com
--

Darrell Lee

unread,
Jul 28, 2022, 4:35:08 PMJul 28
to uc...@googlegroups.com
Thanks, glad to hear

Darrell Lee
Advanced Data LLC

Darrell Lee

unread,
Jul 28, 2022, 4:35:37 PMJul 28
to uc...@googlegroups.com
That is good news

Darrell Lee
Advanced Data LLC

George Law

unread,
Jul 29, 2022, 9:00:42 AMJul 29
to uc...@googlegroups.com
well, first hiccup with cloudflare

I went this morning to connect via ssh as I usually do to web3.geolaw.com - but this is no longer pointed directly at the linode server, its pointed at cloudflare :)
I knew the server IP so I was able to connect directly to it, but cloudflare does offer  the option to set up a zero trust policy and create tunnels to access the end points.

Maybe when I have more time to look into that part but for now, ssh to the IP works for me.

After I got an email yesterday that the site was "live" with cloudflare, I logged in and flipped the 'bot protection' and that seems to have mitigated at least some of the random wordpress scans.

Now in my apache logs. the source IP address shows the cloudflare IPs starting with '108.162.237.X'.
This was me from my home ATT internet connection 108.251.156.X:

~~~
108.162.237.191 - - [29/Jul/2022:12:49:40 +0000] "GET / HTTP/1.1" 200 23248 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
108.162.237.87 - - [29/Jul/2022:12:49:41 +0000] "GET /wp-content/uploads/2020/12/wildcat8-300x225.jpeg HTTP/1.1" 304 - "https://geolaw.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
108.162.237.191 - - [29/Jul/2022:12:49:43 +0000] "GET /resume/ HTTP/1.1" 200 26788 "https://geolaw.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
~~~

The cloudflare dashboard does show its stopped 1.71k threats, but 99% are 'unclassified' - so no real details there.

image.png
It will be interesting to see this over time.

~George





Dan Calloway

unread,
Jul 29, 2022, 12:14:46 PMJul 29
to uc...@googlegroups.com
Everyone,

Wanted to share some stats with you regarding Cloudflare. In July, 2022, Cloudflare continues its trend of strong growth across the sites and domains metrics this month, increasing by 5.8 million (8.6%) and 259,000 (1.24%), around double that of last month. This gives Cloudflare a total market share of 6.4% share of sites and 8.6% domains, increases of 0.5pp and 0.1pp compared to June.
Reply all
Reply to author
Forward
0 new messages