Ability to dedect Suspicies IP addresses

We have website and giving service to users, now we are under bot attack and bots tries to login as users by trying emails and passwords, this causes high load. Now they use proxy and ip addresses are different every time.Can Cloudflare help to prevent this kind of attacks? maybe filtering IP addresses and identifying ones are used by proxies? or anything else?

You can try to set an Access policy under Dashboard > Teams. This way Cloudflare will protect your application login page by requesting authentication.

Well, what kind of authentication? as users are just people using our product, we do not want extra thing like auth or robot check or so

Well, if your login is open to the public, you’d need to find a way to identify the malicious requests and craft a Firewall Rule matching your criteria (e.g. country, user-agent, IP addresses, etc, and of course a mixture of all these).

Another option would be to set up Rate Limiting, which will restrict access from certain IP addresses after they try the login page too many times:

https://support.cloudflare.com/hc/en-us/articles/115001635128#3UWQC5PrVScHgEGRMobRMm

1 Like

I agree. Rate limit and Bot management would be the best options here. Bot management is likely out of the question for now, so I’d make sure that login/register pages have a CAPTCHA and rate-limit enabled.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.