Blocking attacks

I’ve noticed that on certain days of the week, usually at 2 to 3 am in the morning local time, a concerted attempt is made to disable my server with thousands of requests from a certain country in Europe.

Oddly, there are very few details collected by Cloudflare – information about operating system or browser is always “unknown.” Nor is there an IP address identified from where the traffic originates. The visits are always direct to my website, that is, they do not arrive via a google search, for example. The URLs visited are root, and a handful of specific paths pointing to certain pages.

Short of blocking the entire country, what are my options in addressing this? Thank you.

Why not add a firewall rule set to Challenge when requests come from that country?

Otherwise, you’ll have to come through your server logs to find the IP address(es) of the requests.

Which type of challenge would be best in your opinion?

JS Challenge. That should slow down or stop bots, and require no action from legitimate users.

OK, will give that a try. Many thanks.

Thanks, works perfectly. I guess there would be no harm in having the JS challenge set up for as many countries as possible. All the best.

At least the ones with the biggest threats, but smallest target audiences. That 5-second delay is a bit of an inconvenience for regular visitors.

Yes… I set it up for the US and experienced it myself. It was not fun. Wondering also why I had to go through a captcha identifying bicycles?

That’s unfortunate. Perhaps toggling JS Challenge heightens sensitivity to the visitor, and if there’s some sort of elevated threat score, it sends the hCAPTCHA as well.

Maybe I should create a custom page explaining the situation…

I wanted to thank you again, your suggestion has worked quite well. Here are the number of attacks that have been prevented over the last 24 hours, since I added the challenge. For future reference, I have also identified the name of the bot, in case others would like the information. Please let me know if it is appropriate to post that information here on the forums, and if so, where I should put it. Thanks once again.

image1167×1578 164 KB

Don’t be shy. Others may be curious, and others have certainly called out Google and Bing (real and fake) bots for hammering their sites.

Absolutely, I’m happy to share… is there a place on the CF forums where this info is collected for everyone to peruse?

image1242×1188 110 KB

That same bot is in a list posted last week:

Now that you have identified the pattern, I’d recommend blocking that instead of challenging everybody from x country. Challenging the visitor is an effective solution against attacks most of the time but it might also reduce the lead ratio.

Thank you, greatly appreciated. Is there a discrete place on the forums where these kinds of lists are available? If not, perhaps the forum administrators could create a place for users submitted information like that. It would be an awesome reference. Many thanks for your help.

There’s not really a place, and such lists are difficult to curate. Some topics are pinned, but otherwise, it’s up to visitors to use the Search function.

Ok… once again, thank you for your assistance, overall I can say with confidence that this $20 a month investment is one of the best I have ever made. Regards.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.