Bot fight mode - why this site?

The site below, mastodon.cloud, is repeatedly challenged as a bot when it tries to POST data to my site, boulder.ly. However I can also see that some data has gotten through and this is an automated process so I’m sure no one’s passing the challenge. But of hundreds of sites posting to my instance inbox, mastodon.cloud is the only site ever challenged as a bot - but only some of the time. I wondered if it’s possible to figure out why? Have they been compromised?

{
“action”: “managed_challenge”,
“clientASNDescription”: “HETZNER-AS”,
“clientAsn”: “24940”,
“clientCountryName”: “DE”,
“clientIP”: “2a01:4f8:13a:762::2”,
“clientRequestHTTPHost”: “boulder.ly”,
“clientRequestHTTPMethodName”: “POST”,
“clientRequestHTTPProtocol”: “HTTP/1.1”,
“clientRequestPath”: “/inbox”,
“clientRequestQuery”: “”,
“datetime”: “2023-08-02T23:35:33Z”,
“rayName”: “7f0a2351ace93667”,
“ruleId”: “bot_fight_mode”,
“rulesetId”: “”,
“source”: “botFight”,
“userAgent”: “http.rb/5.1.1 (Mastodon/4.1.3; +https://mastodon.cloud/)”,
“matchIndex”: 0,
“metadata”: ,
“sampleInterval”: 1
}

I don’t think so. Cloudflare certainly isn’t revealing its bot-detection algorithm. One can always speculate, but is it worth your time?

Bot Fight Mode should only be used during an attack. If you’re not facing an attack by bots, you should disable it, as there’s not way to fine-tune it.

If you’re on a paid plan, you could instead enable Super Bot Fight Mode, which you can configure to be skipped with a WAF Custom Rule based on your criteria.

1 Like

Ah so on the free plan, a Page Rule disabling security on the /inbox path won’t stop the bots?

I do have a lot of bot events that seem very legit. And only this one consistent false positive (I’m assuming.) But that’s what I was hoping to figure out, if it might actually be legit as well.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.