We received 673 hits over a 39 minute period. That’s 17 per minute… IP’s are supposed to be blocked after 2 hits per minute. Why isn’t the offending IP being blocked?
I’d add a wildcard * to the end of that URL just in case they’re adding a query string after it.
Also, are you sure their requests are coming through Cloudflare? Some attackers hit the server IP address directly. Which is why I have a server firewall that blocks everything that doesn’t come from a Cloudflare IP address.
We added the wildcard. Hopefully that helps.
When attempting to access the page via IP address, all are redirected to the domain itself.
1 Like
If an attacker were to find out the IP address, then basically add it to /etc/hosts, they can access your site directly by hostname and won’t get redirected to the domain itself.
2 Likes
This topic was automatically closed after 30 days. New replies are no longer allowed.