Buycraft protects its customers' gCommerce shops with Cloudflare’s Rate Limiting.

Buycraft is a webstore platform focused on helping over 500,000 Minecraft servers run ecommerce platforms. Buycraft offers users an extensive control panel, providing customers with the ability to easily set up online stores, process payments and subscriptions, and understand their customers through detailed analytics.

Buycraft’s Challenge: Mitigating Attacks at an Affordable Price

“DDoS attacks are incredibly common in this industry,” explained Lee McNeil, CTO of Buycraft, “Minecraft servers are very competitive, it could be the case that one server pays a team to knock another server offline in hopes of getting the players from that server to come to theirs.”

Understanding the current state of their industry, Buycraft invested in DDoS protection from the start of their service. However, when they faced a small DDoS attack, their purchased protection didn’t mitigate the attack they were facing. “We had agreed on a fixed price per month for unlimited DDoS protection,” continued McNeil, “but when we were hit with a relatively small 10gbps attack, our site went down, and our previous provider demanded more money. We were effectively held to ransom by our security provider, and while we were able to come up with a short term fix, we knew we needed to find a new long-term solution.”

Buycraft’s Solution: Rate Limiting From an Advanced Security Provider

After researching security providers Buycraft found Cloudflare as an effective and affordable security solution. McNeil delighted, “Cloudflare is a great product for upcoming startups who don’t have the resources to protect themselves in-house. We love the peace of mind that we get knowing that we can set up Cloudflare, forget about it, and trust that we won’t be affected by any kind of malicious DDoS attack.”

What’s more, Buycraft decided to enroll in Cloudflare’s Early Access program for Rate Limiting, which gives users fine grained control over the traffic that comes to their site. “We thought Rate Limiting would help protect against the increasingly common Layer 7 attacks we were seeing. So we specified a limit on the number of requests per second a given IP could make before it was blocked for a few hours.” When Buycraft turned Rate Limiting on, Cloudflare blocked 20 million malicious requests and their service experienced zero interruptions. “We didn’t even know we were under attack,” commented McNeil, “until I logged into the dashboard and saw the requests that were being Rate Limited. This is great for our service because without that protection our site would be down and we wouldn’t be able to process any transactions.”


Advanced Rate Limiting and DDoS protection keeps online stores open for business


Lee McNeil