Best strategy to block 'script kiddie' attacks

Our service is getting hit a lot by out of the box ‘script kiddie’ style attacks looking for mainly php vulnerabilities by sniffing for php admin pages etc.

Since we don’t run php all we’re looking for the most robust way using the Cloudflare toolset to simply block any request for *.php files or any of this well known nuisance traffic?


If they’re specifically targeting *.php, you can try a page rule that Matches*.php and then set Security Level to “Under Attack” That should block them right at Cloudflare and not pass the request to your server.

EDITED: the wildcards triggered italicized font. Turned wildcard text into /code/

1 Like

brilliant, thanks for the reply - will give that a shot

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.