Protecting the IP from DDOS


New Member
These are the steps I've taken to protect the IP.

  • Domain is on a dedicated IP.*
  • All traffic is routed through Cloudflare which only has two records, an A record for the domain and a cname record for WWW.
  • Outgoing email for scripts including for registration have been disabled.
  • As precautionary measure the outgoing email limit for the domain has been set to 0.
  • This is a forum and remote file uploads from a URL (e.g. for an avatar) have always been disabled.
*I've used Plesk for ten years, where in WHM/Cpanel is the setting so a default domain is not served when the request is for IP? e.g. instead of serving serve an error page or whatever.

Is there anything I'm missing? For example what about DNS records on the server, do I even need them with Cloudlfare DNS? Error documents that might spit out an email address?