DDos with search bots

Greetings!
A very strange situation is happening to me. My site has been down for more than a day. An attack seems to be coming from Google.af, facebook.com and so on. (I attach a screenshot of the server logs)

CloudFlare has already banned about 200 thousand IPs. The IPs are really from big companies.
(screen: https://i.imgur.com/d4dajXT.png)
Has anyone met this?

It was blocked, not banned.

How does your Firewall rule look like? cf.client.bot is “on” or “off”?

Screenshot_31
firewall looks like this

EDIT: Seeing how the triggered page rule is Known Bots, then it’s a good bet these requests are actually coming from those search engines (I could be wrong). They shouldn’t be attempting to crawl so quickly. And I can’t figure out why they’re trying to crawl such random URLs.

One option would be to create a Robots.txt file to disallow everything, and modify your Known Bots rule to AND: URI does not contain: robots

Hopefully they’ll scan the robots file and self-stop themselves.


Your server isn't restoring visitor IP addresses, so it's difficult to see where they're actually coming from.

But the common element I see is the Referrer contains “minecraftmonitoring”. With that, I’d create a Firewall Rule to JS-Challenge these requests.

This topic was automatically closed after 30 days. New replies are no longer allowed.