Hello, today I faced an attack on my site. My server went down, but the "I’m under attack " mode helped.
I opened the server log file and began to study requests, I found a huge number of requests that caused the server to crash.
I have a firewall set up and users pass the “JS challenge” check, but all “known boots” are allowed into the server without checking.
I began to look at the Cloudflare firewall log and saw that it was letting bots into the site as known,
~11 thousand bots per 3 minuts had a user agent “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5 (Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot)” and Cloudflare passed them as “known bots”
Also, about 3 thousand requests from a user agent “Mozilla/5.0 (compatible; Alexabot/1.0; +http://www.alexa.com/help/certifyscan;)”
There are also a few more examples with a small number of requests. What is the right way to deal with this?