Cloudflare relay exploit scanning to my site? How to prevent?

Hello,

in the apache error log i have seen visits to a non existing files that was likely PHP script exploit scanning. Interesting is that when i did WHOIS lookup of that IPs, it is Cloudflare (which is used to protect mine hosted site):

I was checking the access log too and i have seen that my visit has correct (non-cloudflare IP), so these exploters are likely using PHP site protected by Cloudflare to do the scanning of my site? And there is nothing that can be done on the server site except blocking visits from cloudflare? But how to block it safely without interupting something on a cloudflare protected site?

This could happen if your server is not properly configured to only respond to requests for that specific hostname. If someone else plugs that IP address into some other Cloudflare account, Cloudflare will proxy those requests, but will include the proper hostname.

You could use Authenticated Origin Pulls to limit this:

I have linked my shared hosting provider to your proposed solution, though they say they can’t load that SSL or do lock downs for it, this is shared hosting after all.

This topic was automatically closed after 14 days. New replies are no longer allowed.