#I'm getting DDOSed.

?ddos

If you are under a DDoS attack then you can take a look at these threads for first steps and help with mitigation:

• https://community.cloudflare.com/t/under-ddos-attack-first-steps/89476
• https://community.cloudflare.com/t/mitigating-an-http-ddos-attack-manually-with-cloudflare/302366

but they're already being mitigated?

not sure what kind of "ideas" you want

These posts are a little outdated and I can't seem to find the things they're refrencing.

and what kind of ideas do you want

I really don't know. I'm new to this.

it's all being blocked

you don't need to do anything

Could you explain what that means? I mean, I see something that says "25.77M Total," what does "served by origin mean?"

Are they really all being blocked?

your origin is whatever server you're running

this means out of the > 25 million requests, only 63 actually made it to your server

Wow!

Makes me a lot less worried... But still, I'm scared. My server still isn't functioning well even after only being hit by 105. What steps should I take moving forward?

check your server if it's actually only receiving 105 requests. If the attacker got hold of your origins IP then they can completely circumvent cloudflare (...)

if however your origin indeed only received 105 requests and is still struggling then i have to say this seems more like a server issue than a ddos issue

I see. How does the attacker affect my server? Are they requesting information? Do you know how I can check, and limit that amount of data thats being requested?

you are the only person who can answer those questions

i know nothing about your infrastructure and the traffic you usually work with

Well one thing I'm wondering now, is what I can do to get my server running again. I can't access it anymore, it keeps saying that I've been "redirected too many times." Any tips?

What do I do about the ones that did get served by the origin?

Check the logs, this could be legitimate traffic reaching your domain during the attack.

I did. Quite a few were bots. I can’t access my site even though no new ones are making it through; what now?

"I can’t access my site" - Is your site down due to the attack?
Can you please take a screenshot of the security events for me?

If it is a DDOS attack then CF automatically activates the DDOS protection ruleset

This is what I see when going to the site.

I would recommend you to create a rate limit rule.
I don't know what amount of requests is considered normal for your domain but for example:
Create a rule that blocks any IP address that tries to send you more than 700 requests in 10 seconds.

Additionally, I would consider blocking "definitely automated" bots through the super bot fight mode.