It’s been almost 48h my app is under DDOS attack, consumed more than 1M WU!! and support doesn’t give a SH***
I honestly don’t know what else to do.
I’d try emailing support — support@bubble.io
Honestly for the time being you may just have to pull the app down for a day or 2 or add a captcha to the field that is causing the issue.
Thanks for your reply.
I simply cannot have my app offline, I had to get the plan with most WU available in order to at least keep it running for parts of the day yesterday.
I did the captcha from the beginning without results, 1 million WU in 2 hours after captcha (which btw bubble has only V2), even changed the links that were being affected.
Finally bubble support team replied (unbelievable slow support) saying they activated Cloudflare WAF. That’s it, no explanation or any clarification of what else could be done.
Nothing happened for a few hours.
Now, after 5 hours of CF WAF activated it looks like things a better. They also removed all the extra WU that I had on the account (over 2M). I have to thank them for that.
Let’s see how things will go from now and tomorrow. Hopefully it will stay like that.
Having experienced that I believe we should have on the back end(editor) an Option like Cloudflare “UNDER ATTACK” and a simple switch you can put site down with a custom message or activate some sort of WAF. OR at least automatically send bubble team a message/flag that the website is under attack.
My app was down, bills going through the roof with WU and had to keep getting canned responses from the support system saying they work only from 6-9pm for over 24hours. Not sure if the support was slow to address the issue or it’s just poor communication.
Well, let see
Thanks again!
I am happy at least someone was able to help you out.
integrate cloudfare btw your domain provider and bubble, that will help you a lot,
add you domain to cloudflare, it will give you nameserver, add them to the domain provider, then add all nameserver of bubble (for domain verification) in cloudflare.
Yeah, that’s quite unfortunate, I had an issue like that years ago with an app on the capacity based system and at the time Bubble support said the same thing (although they responded very quickly) regarding Cloudflare Under Attack Mode.
They said there isn’t really a way for them to make an option where you can enable DDoS mode on the editor, but that they were investigating how that might be possible.
Have you tried my Recaptcha Alternative? hCaptcha? It’s far better.
I don’t think that any type of Captcha would help that much because it was a DDoS attack not someone spamming a form?
My little hack that I would use is on your own Cloudflare account, you can add CNAME records of app.bubble.io at both root (@) and www on DNS mode, make sure that Bubble has verified the DNS records, then after it’s verified, turn on Proxy Mode (the orange cloud).
That way, you can use Cloudflare services like DDoS mode on your own account. The downside is that Bubble might send you emails or when you preview say your DNS records are verified, but your app will still function under your domain as usual.
I’d love to try this, but not with Cloudflare. I am potentially opting out of CloudFlare for all its services soon due to terrible customer service & sales practices. They will try to extort money from you if you start to scale with them.
A service like Fastly would be a better alternative (least they’re transparent about pricing). Let’s add a few more:
- Linode (akami)
- Fly.io
To be quite honest however - it’ll be very hard to match what CF can do. Lots of people have tried to move but couldn’t find a good enough alternative. Since CF does a lot of things at once, you have to do a little digging.
I’d suggest everyone else to do the same if you got a chance. Last thing you want is someone threatening your livelihood overnight.
This likely won’t be your issue however. I’d recommend just letting things cool over on your end after they activated WAF.
This topic was automatically closed after 69 days. New replies are no longer allowed.