I found the Attacker to most of us and need help how to block

aelshesh · May 7, 2019, 10:19pm

I think I found how most our websites getting attacked even from very normal users not from hackers.

I found this application which is very cheap and simulates users from all the world, it is called:

Simple Traffic Bot https://simpletrafficbot.com/

I just contacted the site owner
Hello,
Does this application really simulates different locations? That’s it will call
the website from different cities all over the world or from cities that I can decide.
I mean in google analytics I will see the users coming from different cities
from different countries?

and he replied immediately with:

Hi
my software use Tor proxies from all the world : https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1

Now we have detected the source of the problem and how it is done.
The question, can we block all these ip’s used by torproject at the link he provided. are these proxies used by some percentage of normal visitors.
What a firewall rule can be used to block these ip’s

Please note I am not advertising for this type of app, I have a business and my comptitors using these tools to attack my website and this is the only reason I joined and used Cloudflare but until now Cloudflare is unable to block these attacks.

cbrandt · May 7, 2019, 10:26pm

Cloudflare identifies Tor as if it were a country, with code T1.

So you can try blocking or challenging users that Cloudflare identify as coming from Tor with a Firewall Rule:

(ip.geoip.country eq “T1”)
then
Block/Challenge

aelshesh · May 7, 2019, 10:56pm

The T1 country rule is not working. I see that you need to get the list of proxies to specific website IP and port and this list is updated dynamically like this:

https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1&port=443

The page for that is here:

https://check.torproject.org/cgi-bin/TorBulkExitList.py

I do not know if Cloudflare know how to get all these proxies IP’s to my specific website IP and ssl Port or has a general rule.

sdayman · May 7, 2019, 11:02pm

I’m wondering if tightening up the firewall with a Threat Score would help.

I’d also think that the software would have something consistent in the request header that would be a sign.

system · June 6, 2019, 10:20pm

This topic was automatically closed after 30 days. New replies are no longer allowed.

Topic		Replies	Views
How to Effectively Block Countries Using Cloudflare Firewall? Security	3	38	May 5, 2025
Block Tor and VPNs from accessing my website Security	16	14732	January 6, 2020
How to block all traffic from Tor? Security	8	17963	November 18, 2019
Blocking attacks Security	18	4131	November 24, 2020
Cloudflare DDoS-Protection not working for me Security	7	4645	January 4, 2020

I found the Attacker to most of us and need help how to block

Related topics