Googlebot Runs Through Cloudflare IP Addresses?


#1

Since when does Googlebot and Bing Bot run through Cloudflare IP addresses? They are all over my logs everynight originating from Cloudflare IP addresses. I also found a malicious program uploaded to my website that has Cloudflare listed in it. How can webe protected from the bad guys when they are also on Cloudflare with us? I am being attacked by competitors who are also on Cloudflare. I have been blocking individual IP addresses but there are lots almost like proxies. It is nonstop.


#2

Is your site on Cloudflare?


#3

Are you thinking the same I am thinking? :smile:


#4

Yes they are on Cloudflare


#5

What are you thinking then I will tell you


#6

That was in response to @sdayman :wink:

You are most likely not rewriting IP addresses and hence every request coming through Cloudflare does not show the client’s IP address but Cloudflare’s, hence also Google’s requests.


#7

For reference:

https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs


#8

Wrong. First off for the last 2 days I pulled the sites IP directly through my server. Secondly I have been reviewing IPs daily since I joined Cloudflare and have over 700 Proxies blocked. That Cloudflare identified as issues through WAF. Problem is Cloudflare IPs get through. So when I reviewed my actual logs there were 4 IPs that were nonstop all from Cloudflare. And all Posting Gets and Posts to my site. Looking at files as if they were Google. and user agents all showed Google Bot and Bing Bot.


#9

Also found and retrieved a malicious program uploaded to my server files called Nano-Ticketron14.1 which was built on Github. It is a unix based program running Ubunta or something. It is all being translated now. Also found and retrieved a malicious program uploaded to my server files called Nano-Ticketron14.1 which was built on Github. It is a unix based program running Ubunta or something. It is all being translated now.


#10

“Wrong” is always a very kind response :roll_eyes:

Furthermore I am not sure how proxies are supposed to be related to this. Where do you get these IP addresses from? From your webserver logfiles? Do any other address actually show up there? For example, your own requests with your IP address?


#11

Is your website itself on Cloudflare? As in, you can see it on the dashboard https://dash.cloudflare.com and this is where you manage your DNS settings?


#12

I am sorry I am just very frustrated. This hack has been going on since 2017 and everytime I get rid of them, they come back


#13

no the site files are on a different server. Yes I manage my DNS through Cloudflare


#14

Well, thats neither mine nor anybody else’s fault here.

It is highly unlikely the situation described by your is actually because of Cloudflare but it would require a lot more information to narrow that down. You could start with addressing the questions I posted earlier. Also, whats the domain?


#15

Ticketron.com

and Ticketron.us


#16

Only your www hosts go through Cloudflare, the naked domains point straight to your IP address.

Also

Where do you get these IP addresses from? From your webserver logfiles? Do any other address actually show up there? For example, your own requests with your IP address?


#17

I am not saying its because of Cloudflare at all. What I am saying the competitor is also on Cloudflare and using Cloudflare to hide, thus its even harder to pinpoint the competitor because I cant block Cloudflare. I confronted the developer of the program I discovered and now he deleted the whole repository of files off of Github after first denying. I have the full program as I downloaded it and sent it out to be decoded.


#18

Not sure how the “competitor” fits into the picture, in addition to aforementioned proxies.

You claim Google shows up with Cloudflare IP addresses, that could only be the case if you proxy through Cloudflare and dont rewrite IP addresses. You denied that earlier though.


#19

I have all the Googlebot IPS. I see them regularly they usually start in the 60s. These IPs showing Googlebot are 172. and 108. and 162. Now here is how I know its not Google. Bing is usually 54 and other 2 digit IPs to start when I see them. Now they are also showing Cloudflare IPs. These are fake bots.


#20

Can you post these addresses you believe to be Cloudflare’s? And when did Google’s IP last show up? Again, where do you find them? In your logs? Same question as before.