Skip to main content

One post tagged with "DDoS"

View All Tags

Mitigating 31.4 Tbps: Lessons from the Cloudflare 2025 Q4 DDoS Report for Drupal

· 2 min read

The Cloudflare 2025 Q4 DDoS threat report has just been released, and the numbers are staggering. A record-breaking 31.4 Tbps attack was mitigated in November 2025, and hyper-volumetric attacks have grown by 700%.

For Drupal site owners, these aren't just statistics—they represent a fundamental shift in the scale of threats our infrastructure must withstand.

The Aisuru-Kimwolf Botnet Threat

The report highlights the rise of the Aisuru-Kimwolf botnet, which leverages Android TVs to launch HTTP DDoS attacks exceeding 200 million requests per second (RPS). When an attack of this magnitude hits a CMS like Drupal, even the most optimized database queries can become a bottleneck if the attack bypasses the edge cache.

Key Findings for Infrastructure

  • Short, Intense Bursts: Many record attacks lasted less than a minute but were intense enough to knock unprotected systems offline instantly.
  • Cache-Busting Tactics: Attackers are increasingly using sophisticated patterns to bypass CDN caching, forcing the application server to process every request.
  • Industry Targeting: Telecommunications and service providers are top targets, but any high-profile site is at risk.

Introducing: Drupal DDoS Resilience Toolkit

To help Drupal communities implement defense-in-depth, I've built the DDoS Resilience Toolkit. This module provides application-level safeguards that complement edge protection like Cloudflare.

View Code

Features:

  1. Cloudflare Integrity Enforcement: Ensuring your origin ONLY talks to Cloudflare, preventing attackers from bypassing your WAF by hitting your IP directly.
  2. Adaptive Rate Limiting: A lightweight, cache-backed mechanism to throttle suspicious IP addresses before they exhaust PHP workers.
  3. Pattern-Based Blocking: Detecting "cache-buster" query strings that deviate from normal site usage.

Conclusion

As we move into 2026, the scale of DDoS attacks will only increase. Relying solely on default configurations is no longer enough. By combining edge mitigation with application-level resilience, we can ensure our Drupal sites remain performant even under extreme pressure.

Ref: Cloudflare 2025 Q4 DDoS Threat Report.