The website is currently facing a DDoS attack, little media. We've set up Cloudflare, and it's working at the moment.

It's frustrating that I can't grasp 'and why us?
Perhaps someone else has faced similar issues, so share your experiences. What kinds of protection services are available? How can I track down the person behind this attack?

Let's talk about why you might be facing this. Sometimes, it's just bad luck, but other times, it's because of something specific about your site or your industry. Attackers often target high-profile sites or those that have some sort of value or influence. It's not always about you personally; it could just be that your site is a convenient target.

Cloudflare is a good start for defense. They offer robust DDoS protection and can mitigate a lot of attacks by filtering malicious traffic before it even hits your server. But DDoS attacks can be quite sophisticated, so even Cloudflare might not be a complete shield. You might also want to consider additional services like Akamai, Imperva, or Sucuri, which can offer extra layers of security and specialized attack mitigation.

Tracking down the person behind the attack can be extremely difficult. Attackers often use botnets and hide their true identity behind layers of proxies and compromised servers. Law enforcement or cybersecurity firms might be able to help, but this usually requires evidence and cooperation from multiple parties. Most of the time, the goal is to protect your site rather than hunt down the attackers, as identifying them can be more complicated than it's worth.
If you're seeing repeated attacks, it might be worth reviewing your security posture. Ensure that all your software is up to date, check for vulnerabilities, and consider using a comprehensive security suite that includes DDoS protection. It's also crucial to keep your team informed and prepared to handle these issues, as reactive measures alone often aren't enough.

If the free-cloudflier is working fine, then everythings should be good.

Perhaps the bots from Google or Bing are acting up.

Is there any sort of defense agains harmful bots at the server or site level?

If the IP is shared, its possible that the problem might be coming from other users in the network.

I faced a DDoS attack. Soon after, I got a message asking for 50 dollars in Bitcoin

I didn't just sit around. I almost sent these hackers a basket of moldy mushrooms to teach them a lesson, but then they used a mail anonymizer to cover their tracks.

What did you do, piss off some 4chan troll or leak something spicy?

Cloudflare's holding the line for now, but relying on just that is like bringing a toothpick to a cyber war. You should've stacked defenses with a proper CDN, WAF, or a beast like Radware to soak up the packet storm. Tracking the attacker? Lol, unless you've got mad skills or a fat budget for a threat intel firm, you're chasing shadows - most use botnets or spoofed IPs.