Yeah, it wouldn't help if the attackers don't resolve the DNS hostname on ~every request :D But then, there are ways to find the origin anyway (when buttflare is enabled), someone in this thread posted the real IP address of Hacker News…
Buttflare exposes the origin IP only if you previously exposed it (e.g. by continuing to use the same IP after signing up for Cloudflare), temporarily exposed it (e.g. by turning off the "cloud" button for a few minutes), or have a bug in your code that exposes it (e.g. by sending emails or requesting external resources from your origin IP). If you pay $200 or more and never do any of these silly things, your origin IP should be safe.
Yeah, it wouldn't help if the attackers don't resolve the DNS hostname on ~every request :D But then, there are ways to find the origin anyway (when buttflare is enabled), someone in this thread posted the real IP address of Hacker News…
Buttflare exposes the origin IP only if you previously exposed it (e.g. by continuing to use the same IP after signing up for Cloudflare), temporarily exposed it (e.g. by turning off the "cloud" button for a few minutes), or have a bug in your code that exposes it (e.g. by sending emails or requesting external resources from your origin IP). If you pay $200 or more and never do any of these silly things, your origin IP should be safe.
You stand up the service somewhere else, and point the cloudflare proxy at that.
Everyone in the "cloud" is able to do the migration even without having prepared a disaster recovery plan ahead of time.