How the Dyn outage affected Cloudflare
October 27, 2016 12:10 PM
Last Friday the popular DNS service Dyn suffered three waves of DDoS attacks that affected users first on the East Coast of the US, and later users worldwide. ...
How Cloudflare's Architecture Allows Us to Scale to Stop the Largest Attacks
October 26, 2016 12:59 PM
The last few weeks have seen several high-profile outages in legacy DNS and DDoS-mitigation services due to large scale attacks. Cloudflare's customers have, understandably, asked how we are positioned to handle similar attacks....
Dyn issues affecting joint customers
October 21, 2016 6:22 PM
Today there is an ongoing, large scale Denial-of-Service attack directed against Dyn DNS. While Cloudflare services are operating normally, if you are using both Cloudflare and Dyn services, your website may be affected....
Say Cheese: a snapshot of the massive DDoS attacks coming from IoT cameras
October 11, 2016 12:59 PM
Over the last few weeks we've seen DDoS attacks hitting our systems that show that attackers have switched to new, large methods of bringing down web applications....
How the Consumer Product Safety Commission is (Inadvertently) Behind the Internet’s Largest DDoS Attacks
August 25, 2016 2:18 PM
The mission of the United State's Government's Consumer Product Safety Commission (CPSC) is to protect consumers from injury by products. ...
MORE POSTS
April 29, 2016 11:21 PM
Lizard Squad Ransom Threats: New Name, Same Faux Armada Collective M.O.
CloudFlare recently wrote about the group of cyber criminals claiming to be be the "Armada Collective." In that article, we stressed that this group had not followed through on any of the ransom threats they had made. ...
- By
April 25, 2016 12:39 PM
Empty DDoS Threats: Meet the Armada Collective
Beginning in March 2016, we began hearing reports of a gang of cybercriminals once again calling themselves the Armada Collective. The calling card of the gang was an extortion email sent to a wide variety of online businesses threatening to launch DDoS attacks if they weren't pa...
- By
April 13, 2016 4:59 PM
New for Virtual DNS Customers: Self-Service Dashboard and APIs, and Two New Features
Today we're launching two new features and a brand new dashboard and API for Virtual DNS. Virtual DNS is CloudFlare’s DNS proxy that sits in front of some of the largest hosting providers in the world, shielding their DNS infrastructure from attacks....
- By
April 13, 2016 12:39 PM
What happened next: the deprecation of ANY
Almost a year ago, we announced that we were going to stop answering DNS ANY queries. We were prompted by a number of factors: The lack of legitimate ANY use. The abundance of malicious ANY use. The constant use of ANY queries in large DNS amplification DDoS attacks....
- By
March 04, 2016 6:02 PM
A Deep Dive Into DNS Packet Sizes: Why Smaller Packet Sizes Keep The Internet Safe
One way that attackers DDoS websites is by repeatedly doing DNS lookups that have small queries, but large answers. The attackers spoof their IP address so that the DNS answers are sent to the server they are attacking, this is called a reflection attack....
- By
March 03, 2016 2:32 AM
400Gbps: Winter of Whopping Weekend DDoS Attacks
Over the last month, we’ve been watching some of the largest distributed denial of service (DDoS) attacks ever seen unfold. As CloudFlare has grown we've brought on line systems capable of absorbing and accurately measuring attacks....
- By
March 01, 2016 1:45 PM
Staying afloat: the DROWN Attack and CloudFlare
CloudFlare customers are automatically protected against the recently disclosed DROWN Attack. We do not have SSLv2 enabled on our servers....
- By
January 21, 2016 2:05 PM
Preventing Malicious Request Loops
The web is an collaborative ecosystem. Web standards exist to ensure that participants of the network behave in a predictable way....
- By
October 16, 2015 5:14 PM
A Look at the New WordPress Brute Force Amplification Attack
Recently, a new brute force attack method for WordPress instances was identified by Sucuri. This latest technique allows attackers to try a large number of WordPress username and password login combinations in a single HTTP request....
- By
September 25, 2015 4:01 PM
Mobile Ad Networks as DDoS Vectors: A Case Study
CloudFlare servers are constantly being targeted by DDoS'es. We see everything from attempted DNS reflection attacks to L7 HTTP floods involving large botnets....
- By
August 05, 2015 2:13 AM
Up and to the Right: Forrester Research Ranks CloudFlare as a “Leader” for DDoS Services Providers
Forrester Research, Inc. has released The Forrester Wave™: DDoS Services Providers, Q3 2015 report which ranks CloudFlare as a leader. How do you get placed “up and to the right”? ...
- By
April 30, 2015 12:02 PM
An introduction to JavaScript-based DDoS
CloudFlare protects millions of websites from online threats. One of the oldest and most pervasive attacks launched against websites is the Distributed Denial of Service (DDoS) attack....
- By
April 24, 2015 12:17 AM
Of Phishing Attacks and WordPress 0days
Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. However, it also makes us a target. ...
- By
March 10, 2015 12:59 PM
Announcing Virtual DNS: DDoS Mitigation and Global Distribution for DNS Traffic
It’s 9am and CloudFlare has already mitigated three billion malicious requests for our customers today. Six out of every one hundred requests we see are malicious, and increasingly, more of those bad requests are targeting DNS nameservers. ...
- By