Getting fake, spam traffic on my website

Hi i am getting spam traffic from or automatedtraffic4free and similar domains. i tried adding their ips in Cloudflare and blocked but still getting traffic from similar resources

For reference here is my website URL:

There are several posts on the topic:

1 Like

You’ll forever be spidered online, don’t think twice about this one.

Russia/china/you name it servers will send out exploitive calls to your forwarding IP to find leaks in your network. Remember we’re just on a simple IP system; it’s very fast to rip through the list and hit public facing servers at their port/etc.

So accept this traffic just ensure you’re secure/safe and maybe not allowing ICMP or other ports to be exploited in these regards. Bouncing pings off server is common DDOS tactics, regardless of a blocked port though if online all and any client/server can test you so just allow it and be BETTER…

I get word-press exploits daily on my IP every 10 -90 minutes, soft-core wanna be hacky stuff but doesn’t work if you good with what you do.

1 Like

Overall think little of the in-bound traffic just secure your SSH port, and your ICMP from ping exploitations, and you should be good unless your server is hosting something with leaks, so better worded be confident and be up to date with security issues in your app if you are not developing it yourself and are already aware of leak-points/etc.

Nothing can be done, and don’t try to. :smiley: Cheers and have fun.

1 Like

I addition to what @sdayman already wrote, you should also fix your server certificate and your encryption mode. The former expired 1.5 years ago.


Hope it’s ok to jump in here, I’ve got SSH secured no problem, but I hadn’t really considered ICMP security. I’ve done a search to check on this, and while I’ve found plenty to tell me about the potential hazards, I’ve not found much regarding mitigation past ‘Buy Our Amazing Product To Protect Yourself’. Do you have any tips or suggestions?

1 Like

Turn ICMP off 100%;

The biggest issue that can occur is someone spoofs and pings your IP and your server is tricked into a DDOS attack against x.x.x.x;

I’ve seen some of the largest attacks go down in history with this exploit. Your server basically gets told to ping a specified IP forcefully. This multiplied by millions of servers goes bad real quick. It’s relatively a 1/5 concern in my opinion but a smart block if you just turn the ports off on firewall. :slight_smile:

1 Like

Got it, thank you. Found out it was fully off anyway by default, the server is behind a comprehensive firewall system including cloudflare’s access and everything is blocked on the server and router firewall other than a few critical things, I guess I’d not really paid it too much attention as it’s just something that normally doesn’t factor unless you specifically open yourself up to it (either by accident or on purpose).


1 Like

ok thank you!

IUAM is not active, it would have JS (javascript) challenged me and/or browser integrity check! You should activate IUAM ASAP this challenges ALL incoming connections and makes sure they are not bot’s For responding to these kinds of attacks visit

1 Like

Thankyou everyone, i am able to block some of them and almost 70% bot/spam traffic is now blocked.

Your certificate is still not fixed, hence your site is still insecure.

P.S: Rate limiting can help with bot traffic, it gives an error if too many requests are coming from one’s IP or browser

The link is secure according to my browser

I’ve valid Cloudflare SSL on site and showing secure on all browsers…

Is there anything i need to fix server certificate?

And i can’t apply hard restriction’s as i am afraid of blocking my real organic traffic.

Have you enabled rate limiting?

Renew it and fix your encryption mode.

This topic was automatically closed after 30 days. New replies are no longer allowed.