Video Tutorial Automate Cloudflare Under Attack Mode - cfautouam

Hexui Undetected CSGO Cheats PUBG Accounts

Rake

I'm not your friend
Administrator
Jan 21, 2014
13,034
79,068
2,469
This tutorial will teach you how to make a bash script which can automate Cloudflare's Under Attack Mode. Even if you do not know how to code in bash, I will show you how to do it. Once this script is set up, Cloudlare UAM will automatically enable whenever your webserver is under high load. It's also easy to customize for your needs. The project will continue to be updated on github so keep an eye on that as well.


Get updated source code from the github repo:
guided-hacking/cfautouam

What does it do
Enables Cloudflare's Under Attack Mode based on CPU load percentage using the Cloudflare API.

Why
Running your site on Under Attack Mode permanently is not great for visitors. This script will enable it under high CPU load which is indicative of a DDOS attack.

Warning
This is a beta script and I barely know what I'm doing so test this thoroughly before using.

How?
It creates a service that runs on a timer, which executes our main shell script which gets the current CloudFlare Security Level and checks the CPU usage. If CPU usage is above our defined limit, it uses the CloudFlare API to set the Security Level to Under Attack Mode. If CPU usage normalizes and the time limit has passed, it will change the Security Level back to your defined "normal" Security Level.

How to install
Navigate to the parent path where you want to install. If you want to install to /home/cfautouam then navigate to /home

wget https://raw.githubusercontent.com/guided-hacking/cfautouam/master/cfautouam.sh;
Define the parent path where you want to install the script, your Cloudflare email, API key, Zone ID, regular_status and regular_status_s as it related to your normal security level

This script will not help you if you expose your origin IP, read more about hiding your origin here: Finding The Origin IP Behind CDNs

Code:
mkdir cfautouam;
cp cfautouam.sh cfautouam/cfautouam.sh
cd cfautouam;
chmod +x cfautouam.sh;
./cfautouam.sh -install;
It's now installed and running from the defined parent path, check the logs and confirm it's working. You can delete the original file.

After confirming it works, set debug level to 0.

Command Line Arguments
-install : installs and enables service
-uninstall : uninstalls and then deletes the sub folder
-disable_script : temporarily disables the service from running
-enable_script : re-enables the service
-enable_uam : enables Under Attack Mode manually
-disable_uam : disables Under Attack Mode manually

Notes
This script was designed to run out of it's own separate folder, if you change that you may have problems.

source from video:
Bash:
#!/bin/bash
# Cloudflare Auto Under Attack Mode = CF Auto UAM
# version 0.9beta

# Security Level Enums
SL_OFF=0
SL_ESSENTIALLY_OFF=1
SL_LOW=2
SL_MEDIUM=3
SL_HIGH=4
SL_UNDER_ATTACK=5

SL_OFF_S="off"
SL_ESSENTIALLY_OFF_S="essentially_off"
SL_LOW_S="low"
SL_MEDIUM_S="medium"
SL_HIGH_S="high"
SL_UNDER_ATTACK_S="under_attack"

#config
debug_mode=1 # 1 = true, 0 = false
install_parent_path="/home"
cf_email=""
cf_apikey=""
cf_zoneid=""
upper_cpu_limit=20 # 10 = 10% load, 20 = 20% load.  Total load, taking into account # of cores
lower_cpu_limit=5
regular_status=$SL_HIGH
regular_status_s=$SL_HIGH_S
time_limit_before_revert=$((60 * 10)) # 10 minutes by default
#end config

# Functions

install() {
  mkdir $install_parent_path"/cfautouam"

  cat >$install_parent_path"/cfautouam/cfautouam.service" <<EOF
[Unit]
Description=Enable Cloudflare Under Attack Mode under high load
[Service]
ExecStart=$install_parent_path/cfautouam/cfautouam.sh
EOF

  cat >$install_parent_path"/cfautouam/cfautouam.timer" <<EOF
[Unit]
Description=Enable Cloudflare Under Attack Mode under high load
[Timer]
OnBootSec=60
OnUnitActiveSec=7
AccuracySec=1
[Install]
WantedBy=timers.target
EOF

  chmod +x $install_parent_path"/cfautouam/cfautouam.service"
  systemctl enable $install_parent_path"/cfautouam/cfautouam.timer"
  systemctl enable $install_parent_path"/cfautouam/cfautouam.service"
  systemctl start cfautouam.timer
  exit
}

uninstall() {
  systemctl stop cfautouam.timer
  systemctl stop cfautouam.service
  systemctl disable cfautouam.timer
  systemctl disable cfautouam.service
  #rm -R $install_parent_path"/cfautouam" #uncomment when going live
  exit
}

disable_uam() {
  curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$cf_zoneid/settings/security_level" \
    -H "X-Auth-Email: $cf_email" \
    -H "X-Auth-Key: $cf_apikey" \
    -H "Content-Type: application/json" \
    --data "{\"value\":\"$regular_status_s\"}" &>/dev/null

  # log time
  date +%s >$install_parent_path"/cfautouam/uamdisabledtime"

  echo "$(date) - cfautouam - CPU Load: $curr_load - Disabled UAM" >>$install_parent_path"/cfautouam/cfautouam.log"
}

enable_uam() {
  curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$cf_zoneid/settings/security_level" \
    -H "X-Auth-Email: $cf_email" \
    -H "X-Auth-Key: $cf_apikey" \
    -H "Content-Type: application/json" \
    --data '{"value":"under_attack"}' &>/dev/null

  # log time
  date +%s >$install_parent_path"/cfautouam/uamenabledtime"

  echo "$(date) - cfautouam - CPU Load: $curr_load - Enabled UAM" >>$install_parent_path"/cfautouam/cfautouam.log"
}

get_current_load() {
  numcores=$(grep -c 'model name' /proc/cpuinfo)
  currload=$(uptime | awk -F'average:' '{ print $2 }' | awk '{print $1}' | sed 's/,/ /')
  currload=$(bc <<<"scale=2; $currload / $numcores * 100")
  currload=${currload%.*}
  return $currload
}

get_security_level() {
  curl -X GET "https://api.cloudflare.com/client/v4/zones/$cf_zoneid/settings/security_level" \
    -H "X-Auth-Email: $cf_email" \
    -H "X-Auth-Key: $cf_apikey" \
    -H "Content-Type: application/json" 2>/dev/null |
    awk -F":" '{ print $4 }' | awk -F',' '{ print $1 }' | tr -d '"' >$install_parent_path"/cfautouam/cfstatus"

  security_level=$(cat $install_parent_path"/cfautouam/cfstatus")

  case $security_level in
  "off")
    return $SL_OFF
    ;;
  "essentially_off")
    return $SL_ESSENTIALLY_OFF
    ;;
  "low")
    return $SL_LOW
    ;;
  "medium")
    return $SL_MEDIUM
    ;;
  "high")
    return $SL_HIGH
    ;;
  "under_attack")
    return $SL_UNDER_ATTACK
    ;;
  *)
    return 100 # error
    ;;
  esac
}

main() {
  # Get current protection level & load
  get_security_level
  curr_security_level=$?
  get_current_load
  curr_load=$?

  if [ $debug_mode == 1 ]; then
    debug_mode=1 #needed to skip dumb shellcheck error
    #curr_load=5
    #time_limit_before_revert=30
  fi

  # If UAM was recently enabled

  if [[ $curr_security_level == "$SL_UNDER_ATTACK" ]]; then
    uam_enabled_time=$(<$install_parent_path"/cfautouam/uamenabledtime")
    currenttime=$(date +%s)
    timediff=$((currenttime - uam_enabled_time))

    # Problem Here

    # If time limit has not passed do nothing
    if [[ $timediff -lt $time_limit_before_revert ]]; then
        if [ $debug_mode == 1 ]; then
          echo "$(date) - cfautouam - CPU Load: $curr_load - time limit has not passed regardless of CPU - do nothing" >>$install_parent_path"/cfautouam/cfautouam.log"
        fi
        exit
    fi

    # If time limit has passed & cpu load has normalized, then disable UAM
    if [[ $timediff -gt $time_limit_before_revert && $curr_load -lt $upper_cpu_limit ]]; then
        if [ $debug_mode == 1 ]; then
          echo "$(date) - cfautouam - CPU Load: $curr_load - time limit has passed - CPU Below threshhold" >>$install_parent_path"/cfautouam/cfautouam.log"
        fi
        disable_uam
        exit
    fi

    # If time limit has passed & cpu load has not normalized
    if [[ $timediff -gt $time_limit_before_revert && $curr_load -gt $upper_cpu_limit ]]; then
      if [ $debug_mode == 1 ]; then
        echo "$(date) - cfautouam - CPU Load: $curr_load - time limit has passed but CPU above threshhold, waiting out time limit" >>$install_parent_path"/cfautouam/cfautouam.log"
      fi
    fi
    exit
  fi

  # If UAM is not enabled, continue

  # Enable and Disable UAM based on load

  #if load is higher than limit
  if [[ $curr_load -gt $upper_cpu_limit && $curr_security_level == "$regular_status" ]]; then
    enable_uam
  #else if load is lower than limit
  elif [[ $curr_load -lt $lower_cpu_limit && $curr_security_level == "$SL_UNDER_ATTACK" ]]; then
    disable_uam
  #else
    #if [ $debug_mode == 1 ]; then
      #echo "$(date) - cfautouam - CPU Load: $curr_load - no change necessary" >>$install_parent_path"/cfautouam/cfautouam.log"
    #fi
  fi
}

# End Functions

# Main -> command line arguments

if [ "$1" = '-install' ]; then
  install
  exit
elif [ "$1" = '-uninstall' ]; then
  uninstall
  exit
elif [ "$1" = '-disable_script' ]; then
  systemctl disable cfautouam.timer
  systemctl disable cfautouam.service
  echo "$(date) - cfautouam - Script Manually Disabled" >>$install_parent_path"/cfautouam/cfautouam.log"
  disable_uam
  rm  $install_parent_path"/cfautouam/uamdisabledtime"
  rm  $install_parent_path"/cfautouam/uamenabledtime"
  exit
elif [ "$1" = '-enable_script' ]; then
  systemctl enable $install_parent_path"/cfautouam/cfautouam.timer"
  systemctl enable $install_parent_path"/cfautouam/cfautouam.service"
  systemctl start cfautouam.timer
  echo "$(date) - cfautouam - Script Manually Enabled" >>$install_parent_path"/cfautouam/cfautouam.log"
  exit
elif [ "$1" = '-enable_uam' ]; then
  echo "$(date) - cfautouam - UAM Manually Enabled" >>$install_parent_path"/cfautouam/cfautouam.log"
  enable_uam
  exit
elif [ "$1" = '-disable_uam' ]; then
  echo "$(date) - cfautouam - UAM Manually Disabled" >>$install_parent_path"/cfautouam/cfautouam.log"
  disable_uam
exit
elif [ -z "$1" ]; then
  main
  exit
else
  echo "cfautouam - Invalid argument"
  exit
fi
This tutorial will teach you how to automate Cloudflare under attack mode.

Cloudflare is a web infrastructure and web security company. Learning how to automate cloudflare will provide defense against DDos attacks. Acting as a reverse proxy for websites a script like cfautouam can can keep you safe in under attack mode.

Cloudflare Under Attack Mode creates extra security to help defend against Layer 7 DDoS attacks. Learning how to automate cloudflare makes sure hackers and nefarious computer users can’t interrupt your web experience.

When running in UAM, Cloudflare will compensate for high CPU load, which is a key indicator of a DDos attack. This under attack mode tutorial will show you how to configure cloudflares automatic UAM settings and write your own cfautouam script enabling a smooth and cohesive experience.

In this cloudflare under attack mode tutorial you will learn:

. How to run command line arguments for cfautouam
. How to enable and disable under attack mode
. How to code your own cfautouam script
. How to automate cloudflare

cfautouam creates a timed service, which will execute your cfautouam script checking for the Coudflare Security Level, and checking the CPU usage. If the cfautouam script detects high CPU usage above the defined limit it will used the Cloudflare API to set the Security Level to Under Attack Mode. Our cfautouam script then checks whether CPU usage has normalised and once the time limit has passed will change from UAM mode back to the normally defined “normal” Security Level.

Learning how to automate cloudflare is the next step in your web/server user experience. Guided Hacking will provide you with all the tools needed in learning how to automate cloudflare. We hope you enjoy this automatic under attack mode tutorial and gain new insights in how to automate cloudflare.
 
Last edited:

omrtozd

Full Member
Jul 9, 2020
3
104
0
Hi, I set up it to my website but looks like timer doesn't work. I can activate and deactivate UAM manually but that's all I can do. When I do a stress test, it doesn't do anything and doesn't write anything to log.
1594279235428.png
 

Rake

I'm not your friend
Administrator
Jan 21, 2014
13,034
79,068
2,469
@omrtozd

the cpu load is empty in the output

get_current_load:
C++:
get_current_load() {
  numcores=$(grep -c 'model name' /proc/cpuinfo)
  currload=$(uptime | awk -F'average:' '{ print $2 }' | awk '{print $1}' | sed 's/,/ /')
  currload=$(bc <<<"scale=2; $currload / $numcores * 100")
  currload=${currload%.*}
  return $currload
}
you probably need bc:

apt show bc;
sudo apt-get install bc;
 
Community Mods