Help needed

when i share my website link with anyone in the preview dosent show my website it shows another websiteUntitled

I take it that future-pros.com is your website… Do you actually own this domain? For one, it has no nameservers and therefore cannot be on InfinityFree.

YES I own it

Is this your website?

yes

You need to wait 72 hours for it to appear everywhere. That is probably why the people you shared it with can’t see it.

2 Likes

This security system may also be preventing the site from loading the preview correctly:

If so, there isn’t really anything you can do about this.

2 Likes

Cloudflare can bypass that (afaik), but it’ll protect the website less than the default security system?

Less secure? Probably much more than anyone could, It routes traffic through many routes, It includes its own challenges, and rate limits, I have used cloudflare, Without anything enabled, it blocks bad browsers:


Aswell as being strict with DDoS attacks, AFAIK If when my server was brute forced and it was on cloudflare, I would have suffered less damage with cloudflare, by stopping the heavy load.

*Rember, This is as far as I know, I might be wrong :slight_smile: *

2 Likes

Hmm, i seemed to mean the way they prevent DDoS attacks, Admin used to explain a reason for that but i cannot find his post about it atm. (that’s why I’ve put a ? above, i’m using CF myself.)

2 Likes

Cloudflare is brilliant for protecting sites, for example, my website has had approx. 1k attacks blocked by cloudflare. If it didn’t have Cloudflare, I think I would have had about triple the amount of suspensions that I have had…

2 Likes

CF is especially good if your whole website is static
but the problem is with WP pages and other dynamic ones

and if the user does not have enough knowledge to adequately configure CF and add a lot of custom rules
( it might be useful to someone or just to read - WP and CF FW or hardening WP )

Because dynamic pages mostly have tags :
no-cache, must-revalidate, PHP sessions, forms, etc.
and they are called “directly”… so each time the CF must talk to the origin, instead of serving contents only from their cache
and then when someone on your PHP page hits 10 thousand refresh - CPU and other resources jump hard, because these pages must be generated on the origin server.

So it is good to have as much static content as possible.
That’s why some of the plugins for WP (which make static pages) are useful

They work mainly on this principle:

  • create static content in a subdir or subdomain (HTML)
  • and serve dynamic content (PHP) like forms only when needed.
4 Likes

Thank you for clarification :slight_smile:

1 Like

I’ve had DDoS attacks and brute force attempts go straight through Cloudflare’s security systems. I’ve had sites with Cloudflare in high security mode go down because of bot attacks. The Under Attack mode was the only way to stop that. Annoyingly, the traffic patterns were quite easy to identify with a few quick expressions, which is

Of course, I don’t know how much worse it would have been without Cloudflare. But to say Cloudflare protects your website perfectly does not align with my experience.

Our security system is a kind of “I’m Under Attack - Lite”. Like Cloudflare’s I’m Under Attack, it blocks everything that’s not a browser, but it doesn’t show an interstitial page to show a Javascript challenge (the challenge is almost invisible to browsers).

Which is why I would say that our security system is better at protecting websites than Cloudflare is.

Even on a static site it’s quite cumbersome to massage Cloudflare to also cache HTML content. By default, it doesn’t cache HTML content, even if the caching headers say it could.

4 Likes

I guess it would be an interesting conversation, with many if’s and but’s, But I did just realise, Which as odd as it sounds, you can’t disable the ?i=1, it’s everywhere, it’s not like cloudflare, it’s everywhere, it’s on everything, then again, cloudflare has it’s uses, free ssl, page rules, and the analytics. It can help with caching, reducing bandwidth, but I have never needed to cache, as my server does such for me.

Yeah, It does, it will block crawlers, apart from Google and search engines, I have to assume through their known IP’s, but I wouldn’t know, however I believe it’s through cookies, like mine is.

I now see it as about 70/30 (InfinityFree’s vs Cloudflare), but I’m not the Admin here, I don’t know all the facts!

If you are talking about iFastNet’ vs Cloudflare’ default security system:

iFastNet:

  • Maybe over protective? & you can’t customize it.
  • No CDN feature. 1 server/location + shared server.
  • Only relies on javascript & cookie.

Cloudflare:

  • Yeah, less protective. But you can customize it.
    If you customized it correctly (bots/user-agents protection, page rules, specific visitors blocker, etc.), you will block the right bots/bad visitors. But maybe this is a little hard for non-tech savy users.
  • Included CDN feature for your static contents.
    Your visitors won’t burden your origin server & eventhough your visitors far away from your origin server location, they can still access your contents quickly.
  • Legit visitors with javascript/cookie disabled still can access your site.

Not all legit visitors turn their javascript/cookie feature on in their browser.
& not all bots can’t execute javascript/cookie.
With the emergence of headless browsers (like PhantomJS) which can emulate anything, you can’t suppose that :

  • bots don’t use javascript,
  • bots don’t use cookie,
  • you can track mouse events to detect bot,
  • bots won’t see that a field is visually hidden,
  • bots won’t wait a given time before submitting.

If that used to be true, it is no longer true.
Of course with system that rely only on javascript/cookie to detect bot like that iFastNet system, it will still protect your site from 75%+ bots.
But still, it’s bad for a company to force their visitors/their customer’s visitors to enable their javascript/cookie.
Maybe it will also violate the Cookie Law in some contries.

Almost all modern websites use Javascript. From the mostly static sites which use it to enhance a few features, to the full Javascript Single Page Applications. And if you have a website with any interactive content, you almost always need to use cookies to share data between requests (like authentication information).

Sure, you can try to browse the web without cookies and Javascript. But the vast majority of websites won’t work properly.

It’s compliant with EU cookie law, I don’t know about others.

Cookie laws primarily revolve around privacy and data protection. To this end, you have to get permission to use cookies for tracking, analytics, ad targeting and the like. Functional cookies, like those used for login sessions, shopping carts and the like, do not require consent.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.