DB crash and IP range block

This morning I experienced a database freeze which crashed my site (I am on the CF pro plan). MY database was full and would accept no log entries. I resolved the issue with a backup. However, CF had no information available on the IP addresses of this attack, what operating system was being used, what browser was being used. All CF could tell me was that the attack came from a desktop.

I was able to determine from my log files that at least one of the attacks came from 209.85.238.147. A Google search developed the information below.

I am now blocking the entire range… not what I want to do, but I cannot afford to have my site go down at the whim of some imbecile.

Does anyone have experience with this sort of thing? Am I to conclude that Google is hosting websites that are attacking me and others? I do NOT want to block Google itself.

Thanks.

### 209.85.238.0/24 - GOOGLE

### Hosted Domain Names

There are 463 domain names hosted across 155 IP addresses hosted on the parent range, [209.85.128.0/17](https://ipinfo.io/AS15169/209.85.128.0/17#domains).

|IP Address|Domain|Domains on this IP|
| --- | --- | --- |
|[209.85.148.121](https://ipinfo.io/209.85.148.121)|razvitierebenka.com|100|
|[209.85.171.121](https://ipinfo.io/209.85.171.121)|brokengames.com|39|
|[209.85.175.121](https://ipinfo.io/209.85.175.121)|prajprocessplants.com|27|
|[209.85.147.121](https://ipinfo.io/209.85.147.121)|nexteam.co.il|18|
|[209.85.145.121](https://ipinfo.io/209.85.145.121)|rightrisk.co.za|13|
|[209.85.225.121](https://ipinfo.io/209.85.225.121)|mysteries-of-life.com|13|
|[209.85.229.94](https://ipinfo.io/209.85.229.94)|laughingwater.co.za|13|
|[209.85.229.121](https://ipinfo.io/209.85.229.121)|iamechanics.com|12|
|[209.85.227.121](https://ipinfo.io/209.85.227.121)|yannopoulos.com|10|
|[209.85.233.121](https://ipinfo.io/209.85.233.121)|artforests.com|9|
|[209.85.171.100](https://ipinfo.io/209.85.171.100)|lahaut.ch|6|
|[209.85.146.121](https://ipinfo.io/209.85.146.121)|binder.co.il|6|
|[209.85.173.121](https://ipinfo.io/209.85.173.121)|receptmuves.hu|6|
|[209.85.143.121](https://ipinfo.io/209.85.143.121)|www.pressurepointsonirishfamilies.com|5|
|[209.85.169.121](https://ipinfo.io/209.85.169.121)|fisch-er.at|5|
|[209.85.143.27](https://ipinfo.io/209.85.143.27)|ll.idv.tw|4|
|[209.85.148.106](https://ipinfo.io/209.85.148.106)|stephenharries.com|4|
|[209.85.135.27](https://ipinfo.io/209.85.135.27)|leaderbychoice.com|4|
|[209.85.133.191](https://ipinfo.io/209.85.133.191)|harpal.net|4|
|[209.85.149.121](https://ipinfo.io/209.85.149.121)|vojda.cz|4|

Those are Google Cloud hosted domains. There’s no good reason for anything hosted there to access your site. I suggest you add a Firewall Rule that blocks that ASN, but not block Known Bots, such as Google.

Thanks very much… I will give it a try. Just for my edification, what does the ASN represent?

You could block the IP address block, but I usually just do an ASN lookup with that IP address to block the host:

Thanks so much.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.