Excessive jump in traffic to my error page

puckparches · October 8, 2018, 4:22am

Pages to my website have the following address:

https://www.example.com/category/page1.html

If part of the link is missing visitors get redirected to the error page.

Checking my Google Analytic, I notice an excessive jump in traffic to my error page, and it shows that the previous pages are for example:

https://www.example.com/category/dish.com

Why am I getting those links? nowhere on my site have those links.

Should I make any changes to the .htaccess to redirect somewhere else?

Any ideas what is the problem and how to resolve it will be much appreciated.

Thank you

** Someone recommended checking my raw log files, but because Cloudflare I think the IP I get are from Cloudflare

****I would like to include more examples but this “Community Program” didn’t let me do it.

MarkMeyer · October 8, 2018, 6:11am

Probably bots or crawlers doing some foo.
Have a look at your raw logs, seroiusly. Maybe you can find some suspicious user agents.

You can also restore the origin IP.

https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

puckparches · October 8, 2018, 6:54pm

Nothing I can see on the raw logs.

Do you know any step-by-step on how restore visitors IP address? I’m not using any bulletin boards or Wordpress.

I wish Cloudflare had an input on this problem or help me block the bot

MarkMeyer · October 8, 2018, 7:34pm

Just watch the blog article. There are how-to’s for all common web servers, forums and CMS

puckparches · October 11, 2018, 5:24pm

Back again with the same problem. After many attempts, I still can’t figure out how to stop this. I check raw logs and besides a 2-3 IP excessively hitting the site, I still can’t fix the problem.

Is there any way for Cloudflare to stop them? how come Cloudflare have no support for issues like this one?

Xaq · October 11, 2018, 6:17pm

HTTP referer header seems to be spoofed by attacker. Ban those 2-3 IPs.

puckparches · October 11, 2018, 6:31pm

I have already block those IPs but the problem continues. I also created a firewall rule, but nothing the problem continues. Does Cloudflare have any support at all?

Xaq · October 11, 2018, 6:32pm

Where did you block those IPs? (In CF firewall or your server’s firewall)

puckparches · October 11, 2018, 6:35pm

Both actually, CF and htaccess file

Order Allow,Deny
Deny from 66.160.140.0/24
Allow from all

Xaq · October 11, 2018, 6:51pm

htaccess is not a good place for blocking just based on IPs. Use your server’s firewall for that.

Since HTTP is based on TCP, and TCP starts with a handshake, it is impossible to spoof IP address over HTTP, so if you see the requests in your server log then either CF firewall is not working correctly or your own mechanism. I suspect the latter.

It seems you are using CF to protect your website from malicious requests and after migrating to CF the problem not resolved, so you added the htaccess rules to allow requests just from your own domain.

Then attacker found your mechanism of defense and spoofed the referrer header and bypassed your security.

CF firewall doesn’t help you in this case coz bad guys are connecting to your server directly and even with a correctly configured firewall, they can DDoS you with enough resources.

system · October 22, 2018, 6:04am

This topic was automatically closed after 14 days. New replies are no longer allowed.