Can I assume that the DDoS attack is finally over now? Site response time is fast again.
They were trying various different things for several hours, but they stopped for now. I wouldn't be surprised if they try it again tomorrow, but I re-activated one of the systems which was part of my custom anti-DDoS setup before moving to Cloudflare, and that's been able to identify and block them so far.
DDoS attacks are back-and-forth affairs:
1. The attacker tries something.
2. Your automated systems handle it, or the site goes down until you manually figure out how to mitigate it.
3. The attacker tries something else.
4. Repeat until one side gets sick of it.
Why don't you work on that after you're done with he new forum? I've always though cloudflare was crap. If something better can be made then I'm sure you could make a business out of it, or at the very least the forum would benefit.
It's not my main area of interest, so I might never get around to it.
If I was interested in that, what I'd do is create an open source project which would basically replicate Cloudflare (plus improvements) by using your own AWS, Azure, Google Cloud, etc. account. So you'd download the open source script, give it your cloud-provider credentials, and it'd set it all up for you, maybe even including a nice Web interface. It would create a small CDN of a few very-lightweight instances spread across the world, and automatically spin up more instances in the correct regions when the existing ones are overloaded. The instances would reverse-proxy your site, cache appropriately, keep track of IP reputation, sometimes insert challenges, etc. Costs would probably be higher than the cheaper Cloudflare plans, but much cheaper than Cloudflare Enterprise.
Also, that this sort of need exists shows that the Internet is fundamentally broken. PoW should be part of TCP, not a janky hack which requires hiding behind huge networks and probably accepting a MITM.