Direct Attack & Can't Block By Country Due To Google Ads TOS

michael.foote · October 12, 2020, 6:09pm

Hi,

I started using CloudFlare after our site became the subject of an extended attack of some form. In July we started receiving approximately 25,000 direct visits (no referrer) each day to one page on our site. These visitors stay on this page and then leave after a few minutes. The visitors come from a different IP every time and have no common browser/OS or any common distinguishing features.

CF does not seem to block these users without me creating a strict firewall rule to block visitors from every country apart from the country that we serve.

However, the problem with doing this is that it is against Google Ad’s terms of service to block entire countries using a firewall.

Does anyone know how we can stop this traffic without doing a block on over 100 countries using the firewall?

I am on the $20 per month plan on CF currently.

whistles · October 7, 2020, 9:13am

Have you tried Rate Limiting?

Or making a Firewall rule to challenge all visitors to that page?

michael.foote · October 7, 2020, 9:15am

Thanks for the suggestion Whistles. I was under the impression that rate limiting would only work if the IP stayed the same from the traffic? Is that not correct? These visitors are coming from a different IP for almost every single visit.

whistles · October 7, 2020, 9:55am

In that case I’d go with a Firewall Rule that challenges all visitors to the page having problems and see if it helps.

michael.foote · October 7, 2020, 9:41am

Thanks again Whistles, I have done nearly exactly that. The rule is now set to captcha challenge all visitors who are not known bots and are not from my desired country.

It seems to be working so far and hopefully this does not go against Google’s terms of service. That part remains to be seen though.