HELP! I think cloudflare banned my VPS

Hello fellow Cloudflare users! I need YOUR help. So I’ll try to give you a quick backstory here:
I develop discord bots on a VPS in my freetime for what is supposed to be fun… and the bot uses a wide range of APIs. I took a break from developing the bot for around ~6months and came back to it this week

However
All/most APIs have stopped working since, which is a development nightmare for me and they are throwing mountains of Cloudflare forbidden errors in my face and I have come to the conclusion the VPS IP has been banned/restricted/suspended. The support tickets seem confusing and hard to navigate and the bot replies really don’t help - I need humans for once. I would love for the vps to be unbanned ASAP but documentation on stuff like this is terrible and none of cloudflares support websites provide clear ways to appeal or even just discuss issues like this with real staff so here I am. A friend has told me it may be worth mentioning the VPS is hosted on OVH and apparently Cloudflare doesn’t like OVH IPs…

If I can’t get the IP unrestricted I (and most other developers) will have to resort to:

  • Buying a whole new VPS (do I look like jeff bezos)
  • Trying to spoof IPs/messing with proxies/etc a whole world of tricky concepts which probably are the last thing Cloudflare wants lmao

My questions to You:

  • How do I get the VPS unbanned?
    (For context, I have also opened a support ticket but that has been lifeless)
  • How do I prevent this from happening in future?

Greetings,

Thank you for asking.

I am sorry to hear this.

I doubt Cloudflare would and/or does ban an IP address.

May I ask what error do you get or see on the request from or to “Discord bot”? :thinking:

Are those 403 or 5xx?

May I ask have you checked at Cloudflare dashboard what kind of services is blocking the HTTP requests when you navigate to the Security Tab → Overview? :thinking:

  • might be Bot Fight Mode or something other …

Are you using proxied :orange: hostname and cURL or?

I wonder if they do somehow violate Cloudflare ToS? :thinking:
Did you received some e-mail from Cloudflare about it?

Kindly, may I ask you to share your ticket number(s) here with us in a next reply so we could escalate this?

Ay! Thank you so much for your very speedy reply. I know I come across as frustrated, it has taken me days of troubleshooting to come to those conclusions and the frustration just mounts and mounts anyway… I have attached below one example of the error I am recieving from one API. My theory is that before the sites recieve my request, the requesting IP is being checked/verified by Cloudflare and Cloudflare is flagging the IP and throwing some sort of captcha or restriction which prevents me from ever making the request.


As to your questions

  • They are 403 yes
  • I have no way of checking what is blocking the requests since I do not own/develop/manage the APIs that I request
  • I have recieved no emails from Cloudflare, I do not use proxies nor do I intend to, it was just a suggested solution to the issue to which I will not be pursuing
  • My ticket number is 2493294 I opened it quite recently
    Lastly, thank you. I really do appreciate the support and if my theory turns out to be totally and utterly incorrect then I am very sorry for bothering you.

Hm, might be if using Python or Go language :thinking:

Navigate and click on the link below, look for Firewall Events. If true, you should see the VPS IP being blocked or challenged and more details on it what is blocking it, if so:

If the request is coming from your VPS, I’d suggest you to whitelist the origin host/server IP by navigating to the Cloudflare → Security → Tools → IP Access Rules with the action “allow” for your Website.

Should look like on the below screenshot as an example:

Can you also check what kind of Security Level have you selected (click below)?:

And check if Bot Fight Mode is enabled here:

It appears my explanation was poor,
I do not have access to the website I am accessing because I am making a request from my server to their website (API). I make a GET request from my server to their website where they recieve and process my request giving me a json response.
I cannot access their website which uses Cloudflare so I cannot whitelist the IP and I cannot check if it is being blocked or restricted. I do not manage the websites I am requesting so I cannot check for bot fight mode or the security level.
I use javascript.

Thank you for more information.

Meaning, you can’t lookup into the code and figure out what kind of type of requests are you sending out?

As far as it’s the abillity and free will for the domain/website owners who use Cloudflare to block those kind of requests, I am afraid you should either:

  1. Contact webmaster of those websites to allow your VPS IP to pass the requests
  2. You might be out of the luck

Okay, we can test it I think but, did you tried to:

  1. Create a Cloudflare account
  2. Add some test domain to it
  3. Send a request to your test domain and check this for yourself to figure it out?

Otherwise, I am afraid Cloudflare cannot help… except, there might be some kind of a solution for your if you believe your “bot” could end-up being a Verified Cloudflare Bot?

More information about them here if you run a “Good bot” and want Cloudflare to verify/whitelist it:

See here the list of them:

If so, then below Form could help you:

Nevertheless, I might be out of some ideas and I’d suggest you to wait for another reply frome someone else, if so.

Oh that is actually a very good point. I already have a domain that is registered with Cloudflare I will send a request and see if I can replicate the error.

+I do not believe these websites/APIs are blocking me intentionally, I think Cloudflare is flagging the IP for the vps and asking for a re-captcha which obviously it cannot complete. The ideal fix is to work out what list - as such - the IP is on and then getting it removed from that or unrestricted etc, I never used to have this issue so Cloudflare has flagged the ovh vps IP and that is what I want to get to the bottom of.

The thing is, for example most abuse comes from known hosting providers, even from Amazon servers, Digital Ocean, or Hetzner, or some others, while OVH might be the one for some not sure which, reason, if so, but… but we all have services on them, right? And they do work normally so far so good.

Unfortunately, I cannot confirm and say Cloudflare is blocking the whole or a part of OVH’s IP ranges as far as this can’t be true what I know and believe that would really not be a good way to go for Cloudflare.

See my above post supplemented about Cloudflare Verified Bot - might help you (2nd idea after 1st about testing with your own domain):

Just tested by sending a request to one of my Cloudflare domains, and it is also being flagged on my website too. The response from curl conveniently shows the HTML of the webpage and is exactly as I suspected - Cloudflare seems to have put the vps on a list of “suspicious” IPs or otherwise and proceeds to try and check or verify the request probably with a captcha prior to letting me into the webpage, thus making it impossible for the vps to ever make an API request

And yes your idea about a verified bot actually sounds quite promising and I will be sure to look into it


and see if I fall into the criteria.

Also just adding to your verified bot idea, i took a closer look and I noticed in the documentation it states to allow a verified bot to make requests you have to enable a toggle on the webpage. Is that enabled by default? If it isn’t, then surely this defeats the point and does not solve the issue.

Well, it looks like there are only 98 verified bots, so it may be a bit hard to join that list.

Indeed Albertus it seems the verified bot idea will be extremely difficult, and at the end of it all it probably won’t fix the issue.

The real issue that needs addressing here is the clear evidence that Cloudflare has a list of sorts containing IPs they believe to be suspicious and my VPS is clearly on said list. The only feasible way the issue can be resolved at this stage is by getting it removed from that list. As I said before, I never used to have this issue and it was only recently that Cloudflare began checking the requests made by my VPS before they were recieved by the APIs and so whatever list or whatever changed that made the IP be flagged whenever it makes requests (bearing in mind, if Cloudflare intercepts an API request it makes the request void and the user gets a 403 error) needs to be reverted because it is unjust and unfair. I have not done anything to deserve these ramifications and have made every effort to resolve them.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.