The last couple of weeks I’ve noticed lots of bots with China IPs hammering away at my search page, almost always searching for some or another China web url - “URI /?s=www.hellgo.cn” is one example but there are many others. They are served a javascript challenge, so I don’t think they are getting through, but what the heck are they playing at?
If you don’t mind not having any traffic from China, you can add a Firewall Rule to block all access from China. Or more specifically, just block all access to that search URL from China.
Hi sdayman,
Thank you as always for your prompt and thoughtful reply. I still have dreams - perhaps irrational - of building traffic, so I hesitate to block 20% of the world’s population - even just from the search page. I am mostly just curious - why in the world would bots hammer my search page? What could they have to gain? It is not nearly enough to be a DOS attack, but more than enough to be annoying.
A more modest approach would to build a firewall rule to challenge China hits to the search URL. A wildcard match to /?s=* from China. Either JS challenge, or CAPTCHA.
As for why bots are doing that…good question. Sometimes it’s just to publicize links, though a search query shouldn’t show up publicly enough add visibility to those domains. That should slow down very little legitimate traffic.
1 Like
Set the response to JS challenge instead of an outright block (which should stop automated hits whilst only inconveniencing real users) and add additional clauses to the rule instead of blindly applying it to the whole country: e.g. try something like
ip.geoip.country eq "CN" and (cf.threat_score gt 10 or cf.client.bot)
Tweak the threat score as you see fit.
1 Like
This topic was automatically closed after 30 days. New replies are no longer allowed.