Attacks

October 26, 2016 12:59 PM

The last few weeks have seen several high-profile outages in legacy DNS and DDoS-mitigation services due to large scale attacks. Cloudflare's customers have, understandably, asked how we are positioned to handle similar attacks....

By 
• Matthew Prince

October 21, 2016 6:22 PM

Today there is an ongoing, large scale Denial-of-Service attack directed against Dyn DNS. While Cloudflare services are operating normally, if you are using both Cloudflare and Dyn services, your website may be affected....

By 
• Filippo Valsorda

October 11, 2016 12:59 PM

Over the last few weeks we've seen DDoS attacks hitting our systems that show that attackers have switched to new, large methods of bringing down web applications....

By 
• Marek Majkowski

August 25, 2016 2:18 PM

The mission of the United State's Government's Consumer Product Safety Commission (CPSC) is to protect consumers from injury by products. ...

By 
• Matthew Prince

July 18, 2016 3:26 PM

We have rolled out automatic protection for all customers for the the newly announced vulnerability called httpoxy....

By 
• Ben Cartwright-Cox

April 29, 2016 11:21 PM

CloudFlare recently wrote about the group of cyber criminals claiming to be be the "Armada Collective." In that article, we stressed that this group had not followed through on any of the ransom threats they had made. ...

By 
• Justin Paine

April 25, 2016 12:39 PM

Beginning in March 2016, we began hearing reports of a gang of cybercriminals once again calling themselves the Armada Collective. The calling card of the gang was an extortion email sent to a wide variety of online businesses threatening to launch DDoS attacks if they weren't pa...

By 
• Matthew Prince

April 13, 2016 4:59 PM

Today we're launching two new features and a brand new dashboard and API for Virtual DNS. Virtual DNS is CloudFlare’s DNS proxy that sits in front of some of the largest hosting providers in the world, shielding their DNS infrastructure from attacks....

By 
• Dani Grant

April 13, 2016 12:39 PM

Almost a year ago, we announced that we were going to stop answering DNS ANY queries. We were prompted by a number of factors: The lack of legitimate ANY use. The abundance of malicious ANY use. The constant use of ANY queries in large DNS amplification DDoS attacks....

By 
• Ólafur Guðmundsson

March 04, 2016 6:02 PM

One way that attackers DDoS websites is by repeatedly doing DNS lookups that have small queries, but large answers. The attackers spoof their IP address so that the DNS answers are sent to the server they are attacking, this is called a reflection attack....

By 
• Dani Grant

March 03, 2016 2:32 AM

Over the last month, we’ve been watching some of the largest distributed denial of service (DDoS) attacks ever seen unfold. As CloudFlare has grown we've brought on line systems capable of absorbing and accurately measuring attacks....

By 
• Marek Majkowski

March 01, 2016 1:45 PM

CloudFlare customers are automatically protected against the recently disclosed DROWN Attack. We do not have SSLv2 enabled on our servers....

By 
• John Graham-Cumming

January 21, 2016 2:05 PM

The web is an collaborative ecosystem. Web standards exist to ensure that participants of the network behave in a predictable way....

By 
• Nick Sullivan

October 16, 2015 5:14 PM

Recently, a new brute force attack method for WordPress instances was identified by Sucuri. This latest technique allows attackers to try a large number of WordPress username and password login combinations in a single HTTP request....

By 
• Pasha Kravtsov