"Known bots" are Ddos-ing my site (amazonbot)

Hello, today I faced an attack on my site. My server went down, but the "I’m under attack " mode helped.

I opened the server log file and began to study requests, I found a huge number of requests that caused the server to crash.

I have a firewall set up and users pass the “JS challenge” check, but all “known boots” are allowed into the server without checking.

I began to look at the Cloudflare firewall log and saw that it was letting bots into the site as known,
~11 thousand bots per 3 minuts had a user agent “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5 (Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot)” and Cloudflare passed them as “known bots”

Also, about 3 thousand requests from a user agent “Mozilla/5.0 (compatible; Alexabot/1.0; +http://www.alexa.com/help/certifyscan;)”

There are also a few more examples with a small number of requests. What is the right way to deal with this?

Screens:



1 Like

Does the ASN match all requests? Are they truly coming from Amazon? It does seem odd that they would make that many requests.

It seems like most of the requests were cached. Did Cloudflare detect any DDoS? Even if 11k events were allowed, you still have 4.61M requests reaching your back end; while the amazon bot can be an issue, I’m confident that something else was the root of the issue.

1 Like

Personally, I simply block the amazon/aws ASN’s completely. same for azure and google cloud

1 Like

Yes See screenshot 2, I filtered all entries by User agent “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5 (Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot)”.

And All 11515 requests reached the server because the Cloudflare identified them as known bots.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.