Protecting your board from Denial of Service (DoS) attacks

There have been many prominent articles about web sites being taken down by Denial of Service (DoS) attacks. A Denial of Service attack is when a machine on the internet sends so many requests to your web server in a short period of time that the web server can’t keep up with the demand. This makes it unavailable to legitimate users and often returns cryptic error messages to users. It’s like your web server blows a fuse. Even after the attack abates, your server may not be able to recover without a reboot or some internal repairs.

In a Distributed Denial of Service (DDoS) attack, a number of machines across the Internet attack your web server at the same time. DDoS attacks tend to be more severe because more requests can be sent at the same time. These attacks become harder to block too, because the Internet Protocol (IP) addresses of attacking machines change.

In this post I’ll look at how to protect your board from both DoS and DDoS attacks using Cloudflare.

What is Cloudflare?

Cloudflare is a prominent company that specializes in implementing content delivery networks (CDNs). CDNs place copies of files on your web sites geographically close to your users, speeding up the rendering of your web pages.

Cloudflare can also protect web sites so that if a DoS or a DDoS attack occurs, the offending machines can quickly be blocked, minimally impacting your site’s availability to legitimate users.

A phpBB board is often part of a web site. Generally, Cloudflare protects domains. I’ll describe how it protects domains. If you want to use Cloudflare to protect a subdomain but not the domain itself, this is a more complex process described here.

Using Cloudflare is not necessarily free, but it often is. You can start with a free plan. If your domain is not used for commercial purposes, you can use Cloudflare for free. If your site is for professional use, the cost is $20/month. Cloudflare can be very pricey for businesses and enterprises: $200/month or more. But if you have this kind of website, you are probably using Cloudflare or a similar service already.

Cloudflare has competitors, so you can shop around if you need to pay for DoS or DDoS protection. Arguably though Cloudflare was the first to master this market and is its industry leader.

Protecting your domain with Cloudflare is generally pretty easy. Let’s look at the steps.

Step 1. Get a Cloudflare account

If you don’t already have a Cloudflare account, you can create one. It’s a simple process that should not take more than a few minutes.

Step 2. Add your domain to your Cloudflare account

Look for the Websites link on the left sidebar. After clicking on it, click on the Add a Site button and add the domain containing your phpBB board. Cloudflare will find your public domain records and show them to you.

Step 3. Change the nameservers for your domain to use Cloudflare’s nameservers

Next, login to your domain registrar and find your records for your domain. Verify your domain records match those that Cloudflare found. Then change your domain’s nameservers to the nameservers Cloudflare provided. Nameservers tell computers the Internet Protocol (IP) address where your site’s content resides. Cloudflare should provide you with two nameservers.

To make things easier, you may want to access your registrar in a separate browser tab so you can more easily copy and paste Cloudflare’s nameservers into the form provided by your registrar.

Step 4. Wait for the DNS to change

It can take up to 48 hours for your DNS changes to propagate across the Internet, but is generally quick with most ISPs getting updates in one to 2 hours. While it happens, your domain should still be accessible, but may be briefly inaccessible.

Your domain may still be affected if a DoS or DDoS attack during the nameserver propagation process. You can get a sense of whether the DNS changes are complete by using a tool like Who.Is to check your domain and the nameservers it finds for your domain. When complete, the nameservers should match those provided to you by Cloudflare.

How it works

Most attacks attack a domain. DNS resolution is the process of translating a domain name (myspecialboard.com) to an IP address, ex: 123.45.67.89. Attackers will query Cloudflare’s nameservers to get your IP address. Because Cloudflare constantly monitors the web, it generally knows the IP addresses of attacking machines. It won’t provide your server’s correct IP address to these machines, insulating your web server from most of these attacks.

Attacks may still occur, but are unlikely

Targeted DoS and DDoS attacks can still succeed if the attacker knows or randomly picks the Internet Protocol (IP) address of your web server and attacks it, rather than your domain. As your web server’s IP address won’t be generally known, these incidents should be few and far between. If they occur, it is likely due to an attack on a random IP address.

If you detect a DoS or DDoS attack after being protected by Cloudflare, Cloudflare can still help. Click on your website on the Cloudflare web page and set the Under Attack Mode slider control to On. More details are here. Cloudflare will examine the machines hitting your domain and do its best to block them.

If you use shared hosting, you may still be subject to DoS or DDoS attacks you can’t control. This is because the attack may not be happening to your domain directly, but to another domain on the same server using the same IP address as your web server. Such a scenario though is pretty unlikely.