If you are using wordpress I recommend WordFence and also to relocate the login page (all cms are having the same url structure). Then I would also change all passwords/usernames. Another thing to do is setting up cloud fare as you mentionned, the détails for each plan are on their website. But even normal (free) plan are more secure as all traffic il filtred a minimum.
Then why not looking into the connection logs (in your cpanel) and see what ip adress caused this? Then blocking the ip will be simple.. (or the domain/internet seller).
|