Last night my Fail2Ban service reported some hosts blocked over the span of 3 hours. What’s got my attention is that:
- The requests came from Cloudflare
- The referer was baidu.com (Baiduspider)
- Aside from normal scraping, there were some serious injection attempts
Has anyone detected this? Should I worry and report this as abuse?
Here’s some info that was sent to me by Fail2Ban.
NetRange: 18.104.22.168 - 22.214.171.124 CIDR: 126.96.36.199/13 NetName: CLOUDFLARENET NetHandle: NET-172-64-0-0-1 Parent: NET172 (NET-172-0-0-0-0) NetType: Direct Assignment OriginAS: AS13335 Organization: Cloudflare, Inc. (CLOUD14) RegDate: 2015-02-25 Updated: 2017-02-17 Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse Ref: https://rdap.arin.net/registry/ip/188.8.131.52 OrgName: Cloudflare, Inc. OrgId: CLOUD14 Address: 101 Townsend Street City: San Francisco StateProv: CA PostalCode: 94107 Country: US RegDate: 2010-07-09 Updated: 2018-10-10 Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse Ref: https://rdap.arin.net/registry/entity/CLOUD14
Some info from my access.log => https://hastebin.com/sicikacece.pl (external URL due to huge wall of text)