CloudFlare XMLRPC Attacks

Hello everyone, I hope everyone is staying safe!

Sorry for the re-post! I had made several grammatical errors that defeated the purpose of the post. I am NEW to CloudFlare, and I have turned on the FREE service for a small DEV project I am working on that was getting a lot of xmlrpc attacks from Pakistan and India. I have created a USA only firewall rule and everything seems ok…

However, the xmlrpc attacks continue and are now coming from CloudFlare accounts. In particular IPs 162.158.111.127 & 172.69.55.64

I “can’t” get support to answer my emails. I have emailed both abuse & admin @cloudflare…not sure if it is because they just don’t support FREE accts or COVID-19… Although this should be a virtual environment. (I hope)

My question for the community is … can I block these IPs at htaccess level since they are not the IPs for my site or those CloudFlare uses some sort of random IP access route base on the user’s location as AWS and AZURE do?

From a security point of view… I am surprised that there is no detection script to detect outbound to inbound ratio and weed out bad characters! I don’t think it is a good policy to provide PROXY service to BOTS… Please advise and stay safe!

Those aren’t coming from Cloudflare. They’re coming through Cloudflare like normal traffic does. You’re just seeing those IP addresses because Cloudflare is a reverse proxy for your site.

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.