For DeepSound websites deployed on Cloudflare, adding Rate Limiting rules is the most effective way to block automated registration scripts, brute-force attacks, and malicious crawlers.
To address the issue of "database being filled with a large number of fake registered users," it is recommended to follow these steps to set up the rules:
1. Core Defense: Restricting Registration and Login Interfaces
Attackers usually directly request deepsound-login.php or requests.php?f=register.
- Log in to the Cloudflare Dashboard and select your domain.
- Navigate to Security rules -> Rate limiting rules -> New rate limiting rule
- Click Create rule.
Recommended Configuration:
- Rule name:
Protect Registration & Login
- If incoming requests match:
- Field:
URI Path
- Operator:
contains
- Value:
deepsound-login.php
- (Click the And button to add more)
- Field:
URI Path
- Operator:
contains
- Value:
requests.php
- With the same:
IP
- Rate:
5 (Number of requests)
- Period:
10 seconds
Explanation: A legitimate user will not click the login or registration callback 5 times within 10 seconds.
- Action:
Managed Challenge
Key Point: Do not choose "Block" directly; select Managed Challenge. If a real person triggers it by mistake, they can continue after passing a captcha; if it is a script, it will be blocked automatically.
Also, find Security level tab, and enable "I'm under attack mode".
