Bad bot from the cloudflare network - What to do?

nickeau · March 27, 2022, 7:58pm

Hallo,

I use Cloudflare because of the bot protection feature. Meaning that my server can receive only traffic from the cloudflare network.

Today, I got the surprise to see that the bad bot comes from the Cloudflare network itself.

As you can see from this screenshot, the ip 172.70.230.82 is making a scan (against wordpress & al , … I don’t host it at all).

This IP is part of the Cloudflare network as this whois shows.

NetRange:       172.64.0.0 - 172.71.255.255
CIDR:           172.64.0.0/13
NetName:        CLOUDFLARENET
NetHandle:      NET-172-64-0-0-1
Parent:         NET172 (NET-172-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS13335
Organization:   Cloudflare, Inc. (CLOUD14)
RegDate:        2015-02-25
Updated:        2021-05-26
Comment:        All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse

It seems that they are some sort of workers … What should I do ? Do I need to fill an abuse form ? Is it possible to automate the abuse ?

Thanks

Cyb3r-Jak3 · March 27, 2022, 8:57pm

Are you restoring the original visitor IPs?

You can file an abuse claim.

nickeau · March 30, 2022, 1:26pm

Thanks. We moved from monitoring platform and the parsing did take $remote_addr in place of $http_x_forwarded_for.
I didn’t knew that we could just overwrite it in the web conf.
Thanks !

system · April 2, 2022, 1:27pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.