Why Cloudflare is not protecting you from DDoS anymore?

Cloudflare has a big reputation as the number one DDoS protection and is trying to build a career as the number one security solution, but hey, while their stock price is going up, the level of protection they give to customers is going down. They have even stripped a lot from the free package, so my old hack is not working anymore on the free plan; it will work if you configured it before recent changes, but as of the latest changes this will not be available for free in their accounts. I think this will make their shareholders happy, as everyone will need to upgrade to the Pro plan to have something that was free before. But cutting costs and pumping profits does not stop here. When you switch to the Cloudflare Pro plan, it will not easily protect you from DDoS as well, as many options will be crippled down to the bare basics. The option “block likely automated bots” will be available only in the Business plan, which starts at 100 USD a month. Of course, this price is fair for many attacked clients and they will pay for a more expensive solution, but what is next? This also will not block targeted attacks and will leave you wondering what you are paying for now. The next level is the Enterprise plan, which will cost more or less 4k USD per month, depending on traffic, and will get you a dedicated person to work on your DDoS protection. Someone can argue that is a fair price, while some small business owners will already be shaking at 100 USD per month.

Today I witnessed enormous will and power aimed at a small site; the targeted attack was just a result of business tensions between competitors. Someone is paying hackers or underground sites to DDoS the site constantly. Business tensions are growing and it is easy to make someone suffer. Honestly, I have seen this happening in all different business industries.

40M requests are going on for hours, but the server is still reachable for legitimate clients — it is not thanks to Cloudflares own protection, unfortunately

So, to get back to the question at the start — why Cloudflare is not protecting you anymore — I would say the level of protection has a direct inverse correlation with the stock price. While I give Cloudflare a top-tier endorsement, it is no longer what it used to be, and especially in times of growing cyber security alert you need to find a better and better person to fight with attackers.

Full disclosure: I do not own Cloudflare stock and I still use it on a daily basis, as it is still the number one service; you just need to know how to get around everything.

If you are facing similar challenges in your business and need to work on protecting your website from DDoS attacks, feel free to get in touch and let’s find an optimal short-, medium-, and long-term solution for you.