Cloudflare is redirecting this traffic to my ip, but I have not purchased this service to cloudflare
What are the steps to reproduce the issue?
If you visit sundryfiles.com, cloudflare redirect this traffict to my ip 145.239.71.73 , but I didn’t purchase the service. It may be something old
How can I avoid this redirection?
Thanks
Hi, I think i got the same problem as you since yesterday. I didn’t change anything so I don’t know what’s happening. Here is what I see when I try to enter your website, and I got the exact same issue on mine:
May I ask where do you see that particular domain?
In your access log files or?
Are you using Linux on your server or?
Furthermore, are you using Cloudflare to protect your origin host/server as well, by using Cloudflare Spectrum, or Magic products?
Or looking for a solution.
Unfortunately, I am afraid we cannot help here except you could file an Abuse request to Cloudflare about this. However, the domain owner should somehow be notified, if true, and act upon those events with required actions to prevent this in future.
I see my firewall dropping connections to my ip port 443, then I start and nginx in that port to see which requests I was receiving: 172.70.142.95 - - [21/Aug/2024:08:54:54 +0200] “GET /register.html HTTP/1.1” 404 125 “https://sundryfiles.com/1SFr” “Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+https://webmaster.petalsearch.com/site/petalbot)”
If I exec whois 172.70.142.95, it says it is a cloudflare ip
Now I have stop this nginx, and this is why you are getting a 502 error.
Maybe someone purchased cloudflare services on that domaind pointing to ip 145.239.71.73, but now this is ip is ours and we didn’t purchase the cloudflare service.
We have already open an abuse request to cloudflare, but what they have done is send the abuse report to my hosting, and my hosting sent it to us, like a boomerang
This might be out of scope of this forums how to do it on your origin host/server, however from the shared feedback information, I’d suggest looking for a solution which suits your environment.
Seems like a Petalbot trying to crawl or index
You could block this particular one in Nginx by the user-agent or referrer:
If you implement the way to return real vistitor IP to your Nginx, you might get the real IP behind proxied IP which you’re reciving such (except it’s some script or tool sitting on the domain name itself generating such of those).
If the domain was hosted on your IP which you own now, and was since before on the same, we might be out of luck here.
Hi,
Thanks for your responses
The key here is: why someone who type https://sundryfiles.com in his browser, reaches my ip if I am not a Cloudflare customer
There is no service in 145.239.71.73:443 , I just started an nginx temporary to see what requests where coming to that ip.