Is this a DDOS acttack?

Recently I have been receiving a lot of crawling requests from Google for spam wordpress internal search pages.

?s=spam goes here

I have configure these pages to be no index, but they are consuming a lot of resorces and sometimes the server goes down.

Is this a DDOS attack, how should prodece? Should i use robot.txt to block internal search pages or should I use some kind of firewall rule?


What’s “a lot”? But if it is not thousands of requests at the same time a denial of service attack is unlikely and it will be rather an attempt to spam your log files.

Is it always the same [URL]?s=[SPAM] schema? If so - and if you are not using s as parameter - you could use the following rule to block those.

April 22 started this and the number of requests only has increased since then. You can see it on the screenshot.

Why is google crawling these pages if they are no index and how are these urls generated, a human, a bot?

Thanks for the rule, does this avoid server load? I have a shared host one and I really need to stop this.

Sorry, skipped the Google part. Are you sure this is from Google? In that case I’d rather go with a robots.txt directive.

The screenshot is from my Google Search Console crawling report.

If this is coming from Google I’d use robots.txt. You can certainly use the firewall rule mentioned earlier too, but the more elegant approach would be to tell Google directly. Though this is now probably better a topic for a Google related forum as there’s no connection to Cloudflare.

If I only use robot.txt wouldn’t I be leaving behind the root cause? of how this spam is generated

You’d tell Google not to send these requests, it certainly could stop Google from wanting to request these URLs, depending on where it got that from. But that really is a question for an SEO related forum.

I got it. Thanks a lot for your time and your patience Sandro.

Have a good day!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.