I am not a Cloudflare user, but I had an interesting experience today.
I have a small personal website, which does not generate much traffic (less than 100 views per month), which I am fine with.
However, I do have Google Anyltics with the website, and last month, there was a spike in visitors from 2 to 82 from about 12:00 - 16:00. Then dropped off again. The 82 “users” locations were from three states in the US with the average duration being 0 seconds. (for all 82 of them).
When I went to the Referrals sections of Google Analytics, all the visits were from “explore-prior-web-service.review/” which I then googled in my search bar. However, I found that it was not a searchable item, but a website that directed me to a Cloudflare page with a 502 Host Error.
Does anyone know what these 82 visits could have been? Should they be a security concern for my small website?
Again, I am not a web developer or Cloudflare user. I just figured it anyone knew the answer to why there was such a spike in what looks like bots, you guys would be able to give the answer.
It seems to me that this is simply referrer spam which happens to many websites.
The error 502 indicates that the webserver behind the Cloudflare IP isn’t reachable. CF is just a proxy in front of this server and not serving the page at all.
There are many reasons why the origin does not respond. From misconfiguration up to a take down by the hoster / provider due to abuse reports. Referrer Spam is annoying but harmless for you in most cases. It’s used to spam search engines. If you have public access logs on your page, Google and Co will crawl it which results in a higher ranking of the “advertised” page.
Just don’t visit the pages If you do, use a virtual machine and throw it away after your visit. Or restore a snapshot. Nobody knows what’s running there.