My Website was in 'I am under Attack' Mode and when I removed it saw some suspicious data in Analytics

My Website was attacked by BOTs so I put it on 'I am attack mode" with challenge rules set up in Firewall for almost 36 hours. There were more than 0.7million requests to the server before I put it on attack mode.

When I removed this immediately I saw one active user in real-time Google analytics dashboard. The Page URL being accessed had some suspicious code shown with it. the original URL ended before first ‘?’ on the second line. Can you please let me know what that code was? The Screenshot is attached here.

Is it still under attack. Google has put me on limit due to the invalid traffic. I just upgraded my Cloudflare plan to pro and implemented almost all the features available in the plan. I am not sure what to do any more.

No worries! The TL;DR is this is not an attack on your site.

If you’re interested here’s an explanation. Cloudflare works by having thousands of servers in hundreds of datacenters around the world. This way if an attacker is able to take one down, it’s no problem. When you enabled “I am under Attack” mode, it run some challenges to make sure each request came from a real life human before sending them on their way. Since there is a pretty high chance the next requests don’t get routed to the exact same server, the proof of passing the challenges is stored in the URL. It used to be stored in cookies, but those have their own problems.

1 Like

Thank you. That was really helpful. :slight_smile:

This topic was automatically closed after 30 days. New replies are no longer allowed.