my server is getting flooded with requests from Cloudflare IPs
i have a firewall rule to force a captcha on all requests to my server so my firewall logs look like this now
however, in my server i can see that there are still 1000s of requests from Cloudflare IPs, and the logs also say mydomain.com/cloudflarebypassbooter followed by a website name (clearly an advert for the ddos tool they are using)
are these attacks able to bypass captcha now? how can i stop Cloudflare IPs from flooding my server!
im rewriting them on my web forum which works fine for my needs
my apache status on whm is showing that the server is being flooded with requests and all the IPs are cloudflare IPs, ever single one and there are 1000s per minute
I am afraid, communication is only done via the forum.
If you dont want to post the domain publicly, the only thing I can offer is for you to run a check at sitemeer.com and then post the exact time here when you ran it, so I can dig it out.
Alright, yes, there is a CAPTCHA in place, so that should be propery configured.
The only explanation I would currently have is from a recent thread where the OP pointed out that the CAPTCHA is currently relatively easy to solve - Clicking any Challenge image works. I cant say whether that is still the case, but if it is, it might be an explanation why they manage of solve - IF they solve it, thats speculation.
Can you narrow it down to countries and maybe block certain countries via firewall rules altogether? If it then stops, you did confirm the requests go via Cloudflare and apparently manage to pass the CAPTCHA.
Also, open a support ticket and try to clarify it with support. They should have more insight as well.
Also notice that cloudflare has many known bots include those that acts as monitor for example those for check speed etc I have a similar issue time a go and it was the automatic bot check of wordpress that constantly checks my site and another from a security website scanner and so on
So what I did is that if there is a known bot but the ASN is not from Facebook, Google Yandex Baidu or Microsoft block the request and that solve the problem Google bot bing bots and yandex bots are able to bypass but the other ones are just blocked.
Of course I did that just for an specific page the other ones I just leave as it. Also I did huge blacklist of ASN for example OVH allow many bad traffic from their networks because they operates VPN tor and many malware websites so I just block the ASN of OVH and suddenly a huge amount of bots and bad traffic disappeared because most of then were coming from the OVH network so it takes time to take advantage of the cloudflare firewall but once you find a way to adapt it to you needs the your life will become easy
So I suggest to check the cloudflare firewall logs to see who is sending so many traffic to that specific page
Maybe there is a known bot bypassing the challenge.