Hello everyone, I purchased a new domain 7 days ago and set it up on Cloudflare. After only configuring the email forwarding DNS settings, I haven’t done any further actions. Today, I logged in and noticed that, in the past 7 days, there were users from Russia and the United States sending HTTP requests to this domain, with around 250 requests daily. I would like to ask how they managed to successfully make requests without me setting up an IP address? Additionally, can I block these kinds of requests?
Without knowing the domain it’s hard to be sure how the requests are resolving to something. You can expect a lot of good and bad bots to start requesting the site even for a new domain name as Cloudflare will generate an SSL certificate for your domain, the logs of which are public (see https://crt.sh).
You can use Cloudflare’s anti-bot tools or custom WAF rules to block unwanted requests.