Block Random Hacking Attempts Automatically

Hello Everyone.

Every day, I get random traffic attempting to access URLs that don’t exist but those that they could exploit if they did exist. The problem it’s causing is that they are using all available Apache slots and causing the server load to spike, creating a minute or two of downtime.

Here is an example of what the traffic looks like each time.

Current Time: Friday, 19-Aug-2022 11:13:41 EDT
   Restart Time: Thursday, 18-Aug-2022 11:05:45 EDT
   Parent Server Config. Generation: 15
   Parent Server MPM Generation: 14
   Server uptime: 1 day 7 minutes 56 seconds
   Server load: 107.99 35.36 12.80
   Total accesses: 68828 - Total Traffic: 5.6 GB - Total Duration: 58683043
   CPU Usage: u6.86 s4.86 cu21275.5 cs2704.82 - 27.6% CPU load
   .792 requests/sec - 67.7 kB/second - 85.4 kB/request - 852.604 ms/request
   150 requests currently being processed, 0 idle workers

WWWWWWWWRWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWW

   Scoreboard Key:
   "_" Waiting for Connection, "S" Starting up, "R" Reading Request,
   "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
   "C" Closing connection, "L" Logging, "G" Gracefully finishing,
   "I" Idle cleanup of worker, "." Open slot with no current process

   Srv  PID    Acc    M CPU   SS  Req    Dur   Conn Child  Slot      Client      Protocol             VHost                                         Request
   0-14 5128 0/22/531 W 52.91 72 0     441221  0.0  0.45  47.73  172.70.110.54   http/1.1 mydomain.com:443            GET /.vscode/ftp-sync.json HTTP/1.1
   0-14 5128 0/2/567  W 50.59 83 0     327097  0.0  0.02  25.63  172.70.110.51   http/1.1 mydomain.com:443            GET /.ftpconfig HTTP/1.1
   0-14 5128 0/15/472 W 52.94 67 0     397655  0.0  0.04  30.80  108.162.241.19  http/1.1 mydomain.com:443            GET /forum/phpmyadmin/ HTTP/1.1
   0-14 5128 0/13/476 W 52.97 66 0     358713  0.0  0.06  38.97  108.162.241.19  http/1.1 mydomain.com:443            GET /glpi/ HTTP/1.1
   0-14 5128 0/27/480 W 52.91 71 0     408937  0.0  0.05  30.97  172.70.114.100  http/1.1 mydomain.com:443            GET /sftp-config.json HTTP/1.1
   0-14 5128 0/1/475  W 10.89 83 0     343903  0.0  0.04  39.98  172.70.230.171  http/1.1 mydomain.com:443            GET /.git/config HTTP/1.1
   0-14 5128 0/21/492 W 52.91 72 0     402101  0.0  0.05  41.62  172.70.230.104  http/1.1 mydomain.com:443            GET /auth/admin/master/console/ HTTP/1.1
   0-14 5128 0/23/488 R 54.33 3  45147 489624  0.0  0.06  33.29  108.162.241.19  http/1.1 mydomain.com:443
   0-14 5128 0/6/447  W 52.88 74 0     332359  0.0  0.02  36.29  172.70.230.65   http/1.1 mydomain.com:443            GET /carbon/admin/login.jsp HTTP/1.1
   0-14 5128 0/1/468  W 19.26 83 0     368663  0.0  0.01  32.20  162.158.166.131 http/1.1 mydomain.com:443            GET /.remote-sync.json HTTP/1.1
   0-14 5128 0/2/477  W 21.32 83 0     316737  0.0  0.02  53.29  172.69.134.133  http/1.1 mydomain.com:443            GET /.vscode/ftp-sync.json HTTP/1.1
   0-14 5128 0/1/457  W 21.30 83 0     295879  0.0  0.01  27.56  172.70.110.155  http/1.1 mydomain.com:443            GET /account HTTP/1.1
   0-14 5128 0/1/484  W 21.30 83 0     594074  0.0  0.01  30.66  172.70.110.51   http/1.1 mydomain.com:443            GET /admin/ HTTP/1.1
   0-14 5128 0/1/499  W 21.31 83 0     393301  0.0  0.01  66.60  172.69.22.142   http/1.1 mydomain.com:443            GET /deployment-config.json HTTP/1.1
   0-14 5128 0/1/461  W 21.31 83 0     401742  0.0  0.01  30.72  172.70.230.165  http/1.1 mydomain.com:443            GET /_adminer.php HTTP/1.1
   0-14 5128 0/2/455  W 52.71 78 0     349912  0.0  0.01  29.31  172.70.230.44   http/1.1 mydomain.com:443            GET /RASHTML5Gateway/ HTTP/1.1
   0-14 5128 1/5/474  W 52.74 81 0     431958  7.7  0.05  31.41  162.158.166.134 http/1.1 mydomain.com:443            GET /crx/de/index.jsp HTTP/1.1
   0-14 5128 0/14/435 W 52.91 72 0     408213  0.0  0.07  40.91  108.162.241.94  http/1.1 mydomain.com:443            GET /+CSCOE+/logon.html HTTP/1.1
   0-14 5128 0/4/446  W 48.12 83 0     322457  0.0  0.04  38.15  172.70.110.144  http/1.1 mydomain.com:443            GET /admin/login HTTP/1.1
   0-14 5128 0/33/455 W 52.91 72 0     322371  0.0  0.21  30.36  172.70.114.48   http/1.1 mydomain.com:443            GET /carbon/admin/login.jsp HTTP/1.1
   0-14 5128 0/1/471  W 43.99 83 0     353211  0.0  0.01  36.92  108.162.241.19  http/1.1 mydomain.com:443            GET /admin/ HTTP/1.1
   0-14 5128 0/1/445  W 45.97 83 0     366790  0.0  0.01  26.39  172.70.110.144  http/1.1 mydomain.com:443            GET /WebInterface/login.html HTTP/1.1
   0-14 5128 0/19/458 W 53.00 64 0     532031  0.0  0.04  128.91 108.162.241.94  http/1.1 mydomain.com:443            GET /ecp/ HTTP/1.1
   0-14 5128 0/1/434  W 50.59 83 0     308784  0.0  0.01  31.60  172.70.230.104  http/1.1 mydomain.com:443            GET /_adminer.php HTTP/1.1
   1-14 5157 0/5/450  W 4.26  83 0     271729  0.0  0.42  27.50  108.162.241.109 http/1.1 mydomain.com:443            GET /.svn/entries HTTP/1.1
   1-14 5157 0/8/471  W 19.62 73 0     373863  0.0  0.04  32.72  172.70.110.89   http/1.1 mydomain.com:443            GET /apache-default/phpmyadmin/ HTTP/1.1
   1-14 5157 0/25/495 W 19.63 72 0     327547  0.0  0.27  34.82  172.70.110.54   http/1.1 mydomain.com:443            GET /calendar/admin/cal_login.php HTTP/1.1
   1-14 5157 0/5/477  W 19.63 72 0     409159  0.0  0.07  60.59  172.70.114.228  http/1.1 mydomain.com:443            GET /authorization.do HTTP/1.1
   1-14 5157 0/10/478 W 19.61 74 0     386387  0.0  0.03  30.82  172.70.230.171  http/1.1 mydomain.com:443            GET /calendar/admin/cal_login.php HTTP/1.1
   1-14 5157 0/18/486 W 19.63 72 0     379099  0.0  0.05  35.81  172.70.114.48   http/1.1 mydomain.com:443            GET /calendarix/admin/cal_login.php HTTP/1.1
   1-14 5157 0/1/474  W 10.72 83 0     350363  0.0  0.01  38.57  162.158.166.231 http/1.1 mydomain.com:443            GET /deployment-config.json HTTP/1.1
   1-14 5157 0/1/475  W 12.58 83 0     324903  0.0  0.13  30.85  172.70.114.48   http/1.1 mydomain.com:443            GET /cvsroot/config HTTP/1.1
   1-14 5157 0/11/462 W 19.63 71 0     341584  0.0  0.11  30.72  172.70.114.100  http/1.1 mydomain.com:443            GET /cluster/cluster HTTP/1.1
   1-14 5157 0/17/453 W 19.62 71 0     335964  0.0  0.04  27.47  172.69.12.150   http/1.1 mydomain.com:443            GET /account HTTP/1.1
   1-14 5157 0/1/463  W 12.59 83 0     362030  0.0  0.01  38.90  172.69.22.103   http/1.1 mydomain.com:443            GET /sftp-config.json HTTP/1.1
   1-14 5157 0/1/457  W 12.59 83 0     357171  0.0  0.01  41.76  172.70.110.241  http/1.1 mydomain.com:443            GET /admin/index.html HTTP/1.1
   1-14 5157 0/34/485 W 19.63 71 0     335663  0.0  0.05  30.60  172.70.111.37   http/1.1 mydomain.com:443            GET /apache-default/phpmyadmin/ HTTP/1.1
   1-14 5157 0/1/484  W 12.60 83 0     386513  0.0  0.01  27.50  172.70.115.8    http/1.1 mydomain.com:443            GET /admin HTTP/1.1
   1-14 5157 0/21/470 W 19.66 65 0     235062  0.0  0.04  31.92  172.70.230.165  http/1.1 mydomain.com:443            GET /glpi/ HTTP/1.1
   1-14 5157 1/2/450  W 19.45 82 0     314954  7.7  0.01  56.52  162.158.166.140 http/1.1 mydomain.com:443            GET /console-selfservice/SelfService.do HTTP/1.1
   1-14 5157 0/1/472  W 12.63 83 0     400353  0.0  0.03  43.57  162.158.166.134 http/1.1 mydomain.com:443            GET /.vscode/ftp-sync.json HTTP/1.1
   1-14 5157 0/2/423  W 15.13 83 0     401549  0.0  0.02  32.17  172.70.114.47   http/1.1 mydomain.com:443            GET /+CSCOE+/logon.html HTTP/1.1
   1-14 5157 0/1/462  W 15.12 83 0     352573  0.0  0.25  29.44  108.162.241.109 http/1.1 mydomain.com:443            GET /admin HTTP/1.1
   1-14 5157 0/1/462  W 17.26 83 0     333203  0.0  0.01  27.71  172.70.110.89   http/1.1 mydomain.com:443            GET /AirWatch/Login HTTP/1.1
   1-14 5157 0/1/445  W 19.28 83 0     359007  0.0  0.09  23.03  172.70.111.77   http/1.1 mydomain.com:443            GET /_all_dbs HTTP/1.1
   1-14 5157 0/1/421  W 19.28 83 0     314513  0.0  0.01  30.26  172.70.230.104  http/1.1 mydomain.com:443            GET /admin.php HTTP/1.1
   1-14 5157 0/1/445  W 19.28 83 0     420313  0.0  0.01  27.69  162.158.62.242  http/1.1 mydomain.com:443            GET /admin HTTP/1.1
   1-14 5157 0/4/454  W 19.58 75 0     3885300 0.0  0.05  36.93  172.70.114.99   http/1.1 mydomain.com:443            GET /cluster/cluster HTTP/1.1
   1-14 5157 0/1/440  W 19.29 83 0     326020  0.0  0.01  35.18  172.70.230.65   http/1.1 mydomain.com:443            GET /deployment-config.json HTTP/1.1
   2-14 5281 0/36/499 W 12.49 72 0     356511  0.0  0.05  41.34  108.162.242.33  http/1.1 mydomain.com:443            GET /rpc/ HTTP/1.1
   2-14 5281 0/2/452  W 11.61 82 0     428917  0.0  0.07  159.42 172.70.115.8    http/1.1 mydomain.com:443            GET /sftp-config.json HTTP/1.1
   2-14 5281 0/2/473  W 11.62 78 0     348702  0.0  0.23  37.33  172.70.114.18   http/1.1 mydomain.com:443            GET /AirWatch/Login HTTP/1.1
   2-14 5281 0/1/454  W 2.72  83 0     354903  0.0  0.04  26.15  108.162.241.19  http/1.1 mydomain.com:443            GET /.hg/hgrc HTTP/1.1
   2-14 5281 0/1/498  W 2.73  83 0     346024  0.0  0.04  32.92  108.162.241.109 http/1.1 mydomain.com:443            GET /.bzr/branch/branch.conf HTTP/1.1
   2-14 5281 0/2/492  W 11.65 78 0     405130  0.0  0.05  46.66  108.162.241.19  http/1.1 mydomain.com:443            GET /ecp/ HTTP/1.1
   2-14 5281 0/1/531  W 2.74  83 0     335471  0.0  0.02  33.69  172.69.134.133  http/1.1 mydomain.com:443            GET /.vscode/sftp.json HTTP/1.1
   2-14 5281 0/1/458  W 2.74  83 0     331654  0.0  0.03  32.95  162.158.166.131 http/1.1 mydomain.com:443            GET /.ftpconfig HTTP/1.1
   2-14 5281 0/4/465  W 12.59 60 0     364814  0.0  0.04  42.53  172.70.110.51   http/1.1 mydomain.com:443            GET /horizon/auth/login/?next=/horizon/ HTTP/1.1
   2-14 5281 0/1/495  W 2.76  83 0     365064  0.0  0.01  28.99  172.69.22.121   http/1.1 mydomain.com:443            GET /.idea/WebServers.xml HTTP/1.1
   2-14 5281 1/2/473  W 11.77 82 0     356442  7.7  0.01  55.13  108.162.241.94  http/1.1 mydomain.com:443            GET /admin.php HTTP/1.1
   2-14 5281 0/1/436  W 2.76  83 0     341393  0.0  0.01  52.62  172.70.110.89   http/1.1 mydomain.com:443            GET /_all_dbs HTTP/1.1
   2-14 5281 0/18/522 W 11.96 72 0     438075  0.0  0.03  31.00  108.162.241.19  http/1.1 mydomain.com:443            GET /owa/auth/logon.aspx HTTP/1.1
   2-14 5281 0/1/491  W 2.77  83 0     309444  0.0  0.01  37.50  172.70.114.47   http/1.1 mydomain.com:443            GET /admin.php HTTP/1.1
   2-14 5281 1/2/491  W 11.79 81 0     533159  7.7  0.01  39.28  172.69.22.40    http/1.1 mydomain.com:443            GET /tiki-login.php HTTP/1.1
   2-14 5281 0/17/463 W 12.50 65 0     347433  0.0  0.04  44.80  162.158.62.225  http/1.1 mydomain.com:443            GET /hm/login.action HTTP/1.1
   2-14 5281 0/16/493 W 12.49 71 0     403123  0.0  0.05  30.98  162.158.62.34   http/1.1 mydomain.com:443            GET /deployment-config.json HTTP/1.1
   2-14 5281 0/1/452  W 7.37  83 0     327526  0.0  0.02  45.55  172.70.114.51   http/1.1 mydomain.com:443            GET /CFIDE/componentutils/login.cfm HTTP/1.1
   2-14 5281 0/1/512  W 7.35  83 0     392046  0.0  0.10  28.83  172.70.110.89   http/1.1 mydomain.com:443            GET / HTTP/1.1
   2-14 5281 0/1/436  W 9.44  83 0     348503  0.0  0.02  25.77  108.162.241.109 http/1.1 mydomain.com:443            GET /account HTTP/1.1
   2-14 5281 0/1/448  W 11.59 83 0     368096  0.0  0.01  34.50  108.162.241.19  http/1.1 mydomain.com:443            GET /_all_dbs HTTP/1.1
   2-14 5281 0/1/450  W 11.59 83 0     377666  0.0  0.01  34.90  172.70.230.44   http/1.1 mydomain.com:443            GET /admin/index.html HTTP/1.1
   2-14 5281 0/24/492 W 12.52 66 0     398688  0.0  0.03  32.12  172.70.110.155  http/1.1 mydomain.com:443            GET /hmc/hybris HTTP/1.1
   2-14 5281 0/5/472  W 11.95 72 0     379704  0.0  0.05  26.18  172.70.114.99   http/1.1 mydomain.com:443            GET /calendarix/admin/cal_login.php HTTP/1.1
   2-14 5281 0/1/453  W 11.60 83 0     304295  0.0  0.04  25.69  172.70.114.47   http/1.1 mydomain.com:443            GET /_phpmyadmin/ HTTP/1.1
   3-14 5315 0/2/534  W 21.12 82 0     772531  0.0  0.06  42.95  108.162.241.109 http/1.1 mydomain.com:443            GET /owa/auth/logon.aspx HTTP/1.1
   3-14 5315 2/3/424  W 23.06 83 0     279848  47.8 0.23  34.33  172.70.230.10   http/1.1 mydomain.com:443            GET /_phpmyadmin/ HTTP/1.1
   3-14 5315 0/16/436 W 23.32 72 0     371191  0.0  0.11  36.66  108.162.242.33  http/1.1 mydomain.com:443            GET /RASHTML5Gateway/ HTTP/1.1
   3-14 5315 1/3/465  W 23.10 82 0     415840  7.7  0.02  56.56  172.70.230.10   http/1.1 mydomain.com:443            GET /bitrix/admin/ HTTP/1.1
   3-14 5315 0/1/469  W 12.80 83 0     294351  0.0  0.01  28.77  172.70.110.51   http/1.1 mydomain.com:443            GET /.svn/entries HTTP/1.1
   3-14 5315 0/1/512  W 14.80 83 0     316804  0.0  0.04  30.05  108.162.241.19  http/1.1 mydomain.com:443            GET /cvsroot/config HTTP/1.1
   3-14 5315 0/1/413  W 16.58 83 0     504706  0.0  0.13  24.71  172.69.22.105   http/1.1 mydomain.com:443            GET /.env HTTP/1.1
   3-14 5315 0/3/431  W 23.29 75 0     352581  0.0  0.20  40.21  172.70.230.47   http/1.1 mydomain.com:443            GET /ls4-led/ HTTP/1.1
   3-14 5315 0/5/419  W 23.17 78 0     255322  0.0  0.07  31.49  108.162.241.19  http/1.1 mydomain.com:443            GET /ews/ HTTP/1.1
   3-14 5315 0/6/444  W 23.89 71 0     296781  0.0  0.02  42.47  108.162.241.94  http/1.1 mydomain.com:443            GET /public/ HTTP/1.1
   3-14 5315 0/5/450  W 23.32 74 0     265376  0.0  0.02  27.21  172.70.110.155  http/1.1 mydomain.com:443            GET /auth/admin/master/console/ HTTP/1.1
   3-14 5315 0/27/448 W 23.94 67 0     324923  0.0  0.04  33.23  108.162.241.19  http/1.1 mydomain.com:443            GET /hmc/hybris HTTP/1.1
   3-14 5315 0/3/439  W 23.96 66 0     696142  0.0  0.02  48.96  172.70.114.47   http/1.1 mydomain.com:443            GET /forum/phpmyadmin/ HTTP/1.1
   3-14 5315 0/1/429  W 16.60 83 0     355646  0.0  0.01  32.40  172.70.230.165  http/1.1 mydomain.com:443            GET /admin/login HTTP/1.1
   3-14 5315 0/36/483 W 23.96 66 0     307387  0.0  0.83  26.84  172.70.114.47   http/1.1 mydomain.com:443            GET /home.html HTTP/1.1
   3-14 5315 1/2/413  W 23.20 82 0     346517  7.7  0.01  25.16  162.158.166.238 http/1.1 mydomain.com:443            GET /cxcum/ HTTP/1.1
   3-14 5315 0/1/408  W 16.67 83 0     321739  0.0  0.04  27.59  172.69.134.62   http/1.1 mydomain.com:443            GET /sftp-config.json HTTP/1.1
   3-14 5315 0/13/432 W 23.32 73 0     401394  0.0  0.03  35.06  172.70.110.155  http/1.1 mydomain.com:443            GET /authorization.do HTTP/1.1
   3-14 5315 0/1/418  W 16.68 83 0     286454  0.0  0.01  32.70  172.70.230.165  http/1.1 mydomain.com:443            GET /VirtualEms/Login.aspx HTTP/1.1
   3-14 5315 0/1/423  W 16.69 83 0     350438  0.0  0.01  29.56  172.70.230.165  http/1.1 mydomain.com:443            GET /Sitefinity/Authenticate/SWT HTTP/1.1
   3-14 5315 0/2/454  W 21.10 83 0     323389  0.0  0.03  36.66  172.70.114.51   http/1.1 mydomain.com:443            GET /.idea/WebServers.xml HTTP/1.1
   3-14 5315 0/1/406  W 18.98 83 0     347103  0.0  0.01  41.52  172.70.110.54   http/1.1 mydomain.com:443            GET /admin/ HTTP/1.1
   3-14 5315 1/1/407  W 21.12 83 0     321020  14.8 0.01  40.53  172.70.110.89   http/1.1 mydomain.com:443            GET /cvsroot/config HTTP/1.1
   3-14 5315 0/1/408  W 21.11 83 0     293734  0.0  0.01  32.91  172.70.110.51   http/1.1 mydomain.com:443            GET /.vscode/ftp-sync.json HTTP/1.1
   3-14 5315 0/5/411  W 23.94 66 0     294165  0.0  0.02  37.29  172.70.110.89   http/1.1 mydomain.com:443            GET /html/setup.html HTTP/1.1
   4-14 7469 0/1/453  W 0.00  83 0     341983  0.0  0.01  27.35  172.69.134.156  http/1.1 mydomain.com:443            GET /.idea/WebServers.xml HTTP/1.1
   4-14 7469 5/5/445  W 9.73  84 0     351415  58.0 0.06  32.99  65.51.182.82    http/1.1 mydomain.com:443            GET /wp-admin/edit.php?s=linear&post_status=all&post_type=cnj_c
   4-14 7469 0/1/473  W 2.17  83 0     419691  0.0  0.53  71.02  172.70.114.51   http/1.1 mydomain.com:443            GET / HTTP/1.1
   4-14 7469 0/1/438  W 2.17  83 0     298165  0.0  0.04  49.36  172.70.114.47   http/1.1 mydomain.com:443            GET /RASHTML5Gateway/ HTTP/1.1
   4-14 7469 0/2/458  W 9.70  83 0     334262  0.0  0.02  22.78  108.162.241.109 http/1.1 mydomain.com:443            GET /admin/login HTTP/1.1
   4-14 7469 0/1/454  W 9.70  83 0     330871  0.0  0.01  39.32  172.70.230.171  http/1.1 mydomain.com:443            GET /?locale=en HTTP/1.1
   4-14 7469 0/1/457  W 9.70  83 0     339821  0.0  0.01  33.92  172.70.230.44   http/1.1 mydomain.com:443            GET /account HTTP/1.1
   4-14 7469 0/15/455 W 12.18 72 0     308396  0.0  0.03  37.03  108.162.241.94  http/1.1 mydomain.com:443            GET /VirtualEms/Login.aspx HTTP/1.1
   4-14 7469 0/1/478  W 9.73  83 0     427152  0.0  0.01  62.59  172.70.114.51   http/1.1 mydomain.com:443            GET /.remote-sync.json HTTP/1.1
   4-14 7469 0/1/461  W 9.73  83 0     365703  0.0  0.01  106.16 172.70.110.155  http/1.1 mydomain.com:443            GET /.vscode/sftp.json HTTP/1.1
   4-14 7469 0/1/432  W 9.73  82 0     387038  0.0  0.01  26.75  172.70.114.100  http/1.1 mydomain.com:443            GET /+CSCOE+/logon.html HTTP/1.1
   4-14 7469 0/9/435  W 12.16 73 0     349466  0.0  0.01  48.91  172.69.12.148   http/1.1 mydomain.com:443            GET /_phpmyadmin/ HTTP/1.1
   4-14 7469 0/0/436  W 0.00  83 0     309879  0.0  0.00  43.31  162.158.62.225  http/1.1 mydomain.com:443            GET /.hg/hgrc HTTP/1.1
   4-14 7469 0/0/463  W 0.00  83 0     425537  0.0  0.00  38.14  172.70.230.47   http/1.1 mydomain.com:443            GET /.bzr/branch/branch.conf HTTP/1.1
   4-14 7469 0/16/455 W 12.18 72 0     395641  0.0  0.02  157.89 108.162.242.33  http/1.1 mydomain.com:443            GET /PMUser/ HTTP/1.1
   4-14 7469 0/1/421  W 11.97 78 0     322578  0.0  0.01  36.01  172.70.114.18   http/1.1 mydomain.com:443            GET /VirtualEms/Login.aspx HTTP/1.1
   4-14 7469 0/22/463 W 12.18 72 0     362291  0.0  0.03  32.88  108.162.241.109 http/1.1 mydomain.com:443            GET /public/ HTTP/1.1
   4-14 7469 0/2/476  W 12.16 73 0     367610  0.0  0.01  24.12  172.69.12.152   http/1.1 mydomain.com:443            GET /_adminer.php HTTP/1.1
   4-14 7469 0/1/424  W 12.00 78 0     333178  0.0  0.01  30.21  108.162.241.109 http/1.1 mydomain.com:443            GET /dana-na/nc/nc_gina_ver.txt HTTP/1.1
   4-14 7469 0/1/476  W 12.04 78 0     442130  0.0  0.02  29.47  172.70.230.80   http/1.1 mydomain.com:443            GET /Sitefinity/Authenticate/SWT HTTP/1.1
   4-14 7469 1/1/472  W 12.01 82 0     578291  7.7  0.01  23.45  108.162.241.94  http/1.1 mydomain.com:443            GET /admin/ HTTP/1.1
   4-14 7469 0/0/460  W 0.00  83 0     351512  0.0  0.00  28.47  172.70.110.155  http/1.1 mydomain.com:443            GET /WebInterface/login.html HTTP/1.1
   4-14 7469 0/4/413  W 12.25 63 0     292723  0.0  0.03  34.91  162.158.62.23   http/1.1 mydomain.com:443            GET /dfshealth.html HTTP/1.1
   4-14 7469 0/5/539  W 12.25 66 0     469597  0.0  0.03  33.00  162.158.63.22   http/1.1 mydomain.com:443            GET /editor.php HTTP/1.1
   4-14 7469 0/12/448 W 12.22 67 0     361603  0.0  0.02  38.98  108.162.241.19  http/1.1 mydomain.com:443            GET /dfshealth.html HTTP/1.1
   5-14 8816 0/0/440  W 0.00  82 0     351798  0.0  0.00  33.25  172.70.110.155  http/1.1 mydomain.com:443            GET /.env HTTP/1.1
   5-14 8816 0/3/419  W 0.23  71 0     274162  0.0  0.01  38.08  108.162.241.62  http/1.1 mydomain.com:443            GET /dana-na/nc/nc_gina_ver.txt HTTP/1.1
   5-14 8816 0/4/434  W 0.21  74 0     341977  0.0  0.01  23.53  172.70.110.155  http/1.1 mydomain.com:443            GET /bitrix/admin/ HTTP/1.1
   5-14 8816 1/1/438  W 0.14  81 0     447588  17.8 0.02  40.86  172.70.110.54   http/1.1 mydomain.com:443            GET /calendar/admin/cal_login.php HTTP/1.1
   5-14 8816 0/10/442 W 0.21  72 0     330101  0.0  0.02  54.26  108.162.241.94  http/1.1 mydomain.com:443            GET /?locale=en HTTP/1.1
   5-14 8816 0/0/408  W 0.00  82 0     321598  0.0  0.00  63.71  108.162.241.109 http/1.1 mydomain.com:443            GET /VirtualEms/Login.aspx HTTP/1.1
   5-14 8816 0/0/421  W 0.00  82 0     252645  0.0  0.00  30.44  108.162.241.62  http/1.1 mydomain.com:443            GET /admin/login HTTP/1.1
   5-14 8816 0/0/439  W 0.00  82 0     306686  0.0  0.00  26.29  172.70.111.77   http/1.1 mydomain.com:443            GET /PMUser/ HTTP/1.1
   5-14 8816 0/0/422  W 0.00  82 0     390011  0.0  0.00  24.90  108.162.242.33  http/1.1 mydomain.com:443            GET /WebInterface/login.html HTTP/1.1
   5-14 8816 0/0/485  W 0.00  82 0     465582  0.0  0.00  31.71  108.162.241.19  http/1.1 mydomain.com:443            GET / HTTP/1.1
   5-14 8816 0/0/451  W 0.00  82 0     352020  0.0  0.00  30.31  172.70.114.18   http/1.1 mydomain.com:443            GET /CFIDE/componentutils/login.cfm HTTP/1.1
   5-14 8816 0/0/458  W 0.00  82 0     327840  0.0  0.00  29.29  108.162.241.109 http/1.1 mydomain.com:443            GET /public/ HTTP/1.1
   5-14 8816 0/12/437 W 0.22  72 0     273972  0.0  0.02  32.92  172.70.114.48   http/1.1 mydomain.com:443            GET /blog/phpmyadmin/ HTTP/1.1
   5-14 8816 0/0/474  W 0.00  82 0     408305  0.0  0.00  38.37  108.162.241.19  http/1.1 mydomain.com:443            GET /Sitefinity/Authenticate/SWT HTTP/1.1
   5-14 8816 0/0/569  W 0.00  82 0     371428  0.0  0.00  25.38  172.70.111.37   http/1.1 mydomain.com:443            GET /?locale=en HTTP/1.1
   5-14 8816 0/0/421  W 0.00  82 0     306655  0.0  0.00  23.61  108.162.241.94  http/1.1 mydomain.com:443            GET /admin HTTP/1.1
   5-14 8816 0/0/415  W 0.00  82 0     288457  0.0  0.00  42.04  108.162.241.19  http/1.1 mydomain.com:443            GET /CFIDE/componentutils/login.cfm HTTP/1.1
   5-14 8816 0/0/486  W 0.00  82 0     354228  0.0  0.00  23.30  172.69.12.150   http/1.1 mydomain.com:443            GET /cvsroot/config HTTP/1.1
   5-14 8816 0/6/459  W 0.21  72 0     366849  0.0  0.01  32.13  172.70.230.165  http/1.1 mydomain.com:443            GET /blog/phpmyadmin/ HTTP/1.1
   5-14 8816 1/1/441  W 0.14  82 0     419878  17.8 0.02  27.86  172.70.111.37   http/1.1 mydomain.com:443            GET /editor.php HTTP/1.1
   5-14 8816 0/0/420  W 0.00  82 0     348023  0.0  0.00  26.83  108.162.241.19  http/1.1 mydomain.com:443            GET /rpc/ HTTP/1.1
   5-14 8816 0/4/455  W 0.31  63 0     393798  0.0  0.03  42.30  108.162.241.109 http/1.1 mydomain.com:443            GET /administrator/ HTTP/1.1
   5-14 8816 0/26/471 W 0.23  71 0     369058  0.0  0.03  45.56  108.162.241.94  http/1.1 mydomain.com:443            GET /owa/auth/logon.aspx HTTP/1.1
   5-14 8816 0/0/434  W 0.00  82 0     302959  0.0  0.00  27.49  108.162.241.94  http/1.1 mydomain.com:443            GET /admin/index.html HTTP/1.1
   5-14 8816 0/2/414  W 0.22  71 0     543685  0.0  0.01  51.75  172.70.230.80   http/1.1 mydomain.com:443            GET /.idea/WebServers.xml HTTP/1.1

Is there a way that I can filter this automatically with Cloudflare?

Thank you!!

Hello there,

Welcome to Cloudflare community!

I assume certain level of security measures can be taken with Cloudflare.
You can use firewall Cloudflare Firewall Rules · Cloudflare Firewall Rules docs

Use under attack mode. #tutorial https://support.cloudflare.com/hc/en-us/articles/200170076-Understanding-Cloudflare-Under-Attack-mode-advanced-DDOS-protection-

You can also customize settings with js challenge and more. For more: https://support.cloudflare.com/hc/en-us

1 Like

In addition tot he information provided by @neiljay you should restore the visitor IP on your origin as well.

2 Likes

Thanks for the suggestions.

I don’t think it warrants under attack mode since it’s only once or twice a day at most and not every day. I have enabled all that I think I can see in terms of security for this end-user.

  • Security Level - Medium
  • Browser Integrity Check - Enabled
  • SSL - Full
  • Bot Fight Mode - Enabled
  • Page Rule to Force HTTPS

I’m sure I could create a bunch of firewall rules for each one of these. I’m really surprised that Cloudflare doesn’t see this as an attack and doesn’t block it automatically. It’s 150 requests at one time from various IP addresses.

What’s interesting is the User Agent is Chrome so can’t block that.

172.70.110.122 - - [19/Aug/2022:11:12:18 -0400] "GET /RASHTML5Gateway/ HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"
172.70.110.48 - - [19/Aug/2022:11:12:21 -0400] "GET /RASHTML5Gateway/ HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"
108.162.241.122 - - [19/Aug/2022:11:12:23 -0400] "GET /RASHTML5Gateway/ HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"

I will restore the visitor IP as per your suggestion. I moved this domain to Cloudflare to help resolve this issue, and I remember each request being from random IPs and not one IP address.

Any further suggestions are appreciated.

It’s an old version of Chrome FYI: they are now at 104 and 83 was released in November 2020.

1 Like

A number of these paths may be blocked by WAF rules. Do you have the Cloudflare WAF enabled?

Thanks, Guys. I appreciate the assistance.

This is a free account for the end-user I am trying to help.
If the Business WAF covers this, I can have them upgrade.

I just created a managed challenge for those with blank referrers. That should help!

WAF is available on the Pro plan IIRC. It protects against a number of potentially malicious requests.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.