New worker immediately probed by miscreants

I just created a new email worker. It was named in the format -- by the Cloudflare dashboard. A few minutes later it was subject to many GET requests of the sort used to probe a website for vulnerabilities. These all produced errors in the logs as it did not have a fetch handler.

How does this happen? How would someone know what name to use?

When the worker is created, an SSL certificate is generated for it so the hostname appears in the Certificate Transparency logs and tools and bots that monitor those can go off and probe.

See https://crt.sh for your <subdomain>.workers.dev.

2 Likes

Thank you. That makes sense.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.