Apache error, spam/hacker attempt, associated with Cloudflare IP address
What steps have you taken to resolve the issue?
I am running my website on an Ubuntu server using Apache and Django. I am getting a new type of Apache error where the associated IP address is one that belongs to Cloudflare.
[Mon Mar 03 09:42:39.343405 2025] [wsgi:error] [pid 1423124:tid 140462811707136] [client 172.71.218.181:63442] Target WSGI script not found or unable to stat: /home/ubuntu/my_project/my_files/wsgi.py/partial_real_url/new-hack-generator-free-aggretsuko-diamo/partial_real_url/new-hack-generator-free-aggretsuko-diamo/partial_real_url/new-hack-generator-free-aggretsuko-diamo/partial_real_url/new-hack-generator-free-aggretsuko-diamo/…and repeating for much longer …/
I run my website through Cloudflare.
What feature, service or problem is this related to?
If a site is behind a proxy, all requests will appear to be coming from the proxy server.
Likewise, if you’re using Cloudflare proxy, all requests to your website will appear to originate from Cloudflare proxy IP addresses. But you should see the original IP as well as any associated events in your Cloudflare dashboard.
If you need to see your visitors’ IP addresses elsewhere, follow the resource below to restore original visitor IPs:
I’m not using Cloudflare proxy and normally see requests’ actual IP addresses.
You say that the spammer is probably hiding their actual IP address via a proxy. Since the IP address belongs to Cloudflare, does this mean that the hacker/spammer is using a Cloudflare service that allows them to spam my website without indicating who they are?
But that’s not Cloudflare’s fault. The attacker could have been using any other service, such as a proxy, VPN or even TOR. And none of these tools would be responsible for their misuse. WARP, TOR, VPNs, etc. weren’t created to be used for evil, but people still use them for such. And I emphasize, it’s not the fault of those who made the tools.
As I like to say, you can buy a knife… If you’re going to use it to cook or harm someone, it’s not the responsibility of whoever sold you the knife…
I use WARP+ and if Cloudflare monitored everything my family and I were doing, I simply wouldn’t use it. Firstly because it would open up security breaches. Secondly, because Cloudflare claims to be a friend of privacy and playing like Google would simply tarnish its reputation. How can I trust a liar?
