Baiduspider from Cloudflare IP?

Last night my Fail2Ban service reported some hosts blocked over the span of 3 hours. What’s got my attention is that:

  1. The requests came from Cloudflare
  2. The referer was baidu.com (Baiduspider)
  3. Aside from normal scraping, there were some serious injection attempts

Has anyone detected this? Should I worry and report this as abuse?

Here’s some info that was sent to me by Fail2Ban.

NetRange:       172.64.0.0 - 172.71.255.255
CIDR:           172.64.0.0/13
NetName:        CLOUDFLARENET
NetHandle:      NET-172-64-0-0-1
Parent:         NET172 (NET-172-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       AS13335
Organization:   Cloudflare, Inc. (CLOUD14)
RegDate:        2015-02-25
Updated:        2017-02-17
Comment:        All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Ref:            https://rdap.arin.net/registry/ip/172.64.0.0



OrgName:        Cloudflare, Inc.
OrgId:          CLOUD14
Address:        101 Townsend Street
City:           San Francisco
StateProv:      CA
PostalCode:     94107
Country:        US
RegDate:        2010-07-09
Updated:        2018-10-10
Comment:        All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Ref:            https://rdap.arin.net/registry/entity/CLOUD14

Some info from my access.log => https://hastebin.com/sicikacece.pl (external URL due to huge wall of text)

You need to rewrite IP addresses

https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

5 Likes

Thank you! Will look into that

This topic was automatically closed after 30 days. New replies are no longer allowed.