Every IP in Raw Logs

Hi, my website has been hit with Hit bots, in 4 hours, had more than 4 millions hits, the top 10 IPs then I tried to investigate from logs are from Cloudflare, what doesn’t this mean ? Are the real IPs of visitors hidden from our logs ? should I block those IP addresses accessing my website ?

Your server isn’t restoring Visitor IP address from the headers:

4 Likes

Thanks sdayman…

So, will the IP Block in cPanel also not work even if I get the real IP ? I tried blocking the real IPs from cpanel but that doesnt seem to work… I can collect the real IPs and save in mysql but soon the records will reach millions, which is not the right solution,.

Cpanel cannot block the original ip since that isn’t what’s making the actual connection to your server.

You will need to block the offending ips in cloudflare.

You could write a script to block ips in cloudflare using their api, track dates and unblock them afte ra few weeks since most likely these ips are dynamic ot temporarily in use by whomever is attacking your website.

Once you apply the patch to get the real ip you can also block those requests in .htaccess but then you still get the connections so better to block at cloudflare.