Does Cloudflare ever Spam/Bruteforce your domains?


#1

Just came across this in my raw logs (IP says it’s cloudflare’s)

Does CF ever try to find vulnerabilities without letting us know first?

108.162.241.147 - - [26/Apr/2018:04:26:44 +0200] "GET /silverstripe HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"
108.162.241.147 - - [26/Apr/2018:04:26:44 +0200] "GET /assets//%5c../%5c../%5c../%5c../%5c../%5c../%5c../etc/passwd HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"
108.162.241.147 - - [26/Apr/2018:04:26:44 +0200] "GET /tikiwiki HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"
108.162.241.147 - - [26/Apr/2018:04:26:45 +0200] "GET /assets/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"
108.162.241.147 - - [26/Apr/2018:04:26:45 +0200] "GET /mediawiki HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"
108.162.241.147 - - [26/Apr/2018:04:26:45 +0200] "GET /assets/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows/win.ini HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"
108.162.241.147 - - [26/Apr/2018:04:26:45 +0200] "GET /dokuwiki HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"

#2

No, they don’t. Are you a Cloudflare customer? This just looks like someone’s crawling your site and their IP address will show up in the headers…unless you have mod_cloudflare installed.


#3

This topic was automatically closed after 14 days. New replies are no longer allowed.