What is the name of the domain?
gigclickers.com
What is the issue you’re encountering
I’m currently facing an issue with persistent DDoS attacks targeting one of my client’s domains. While I’m using Cloudflare and have implemented WAF rules to block multiple ASNs, such as 60729 (TORSERVERS-NET), the attacks from these ASNs continue to come through. I’m seeking advice on how to completely eliminate attacks from blocked ASNs or any other strategies that might strengthen my mitigation efforts. Has anyone faced a similar situation or have suggestions on how to handle this effectively?
What steps have you taken to resolve the issue?
Setup WAF Rules.
fritex
November 13, 2024, 9:05pm
2
May I ask if you’re using a free or paid plan?
ashraful.insan:
from blocked ASNs
Once you’ve spot them, continue and keep blocking them further just in case
One good post about this:
This guide is for those users of Cloudflare who experience medium-high level complexity DDoS attacks.
Continue reading if you want to accomplish the following:
Becoming more familiar with the Cloudflare Dashboard and crafting custom firewall rules.
Understanding the standard behavior of DDoS attacks and deploying effective firewall rules.
Realizing how powerful and valuable Cloudflare Firewall Rules are.
I initially thought of making a more complex guide (I will). However, I realized that no…
ashraful.insan:
Setup WAF Rules.
Nevertheless, consider blocking some of the known “bad user-agents”, “crawlers” or “bad ASNs” using below posts:
Here’s a list from the perishablepress.com 7G .htaccess firewall:
(360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|…
Good list, thanks. I have deployed that but removed python and demon (those seem to block some RSS feedreaders, YMMV).
What I also have in place is this:
(http.user_agent contains “SemrushBot”) or (http.user_agent contains “AhrefsBot”) or (http.user_agent contains “DotBot”) or (http.user_agent contains “WhatCMS”) or (http.user_agent contains “Rogerbot”) or (http.user_agent contains “trendictionbot”) or (http.user_agent contains “BLEXBot”) or (http.user_agent contains “linkfluence”) or (http.us…
There’s a list of ASN belongs to hosting providers: