[request] Known malicious bots user-agents list

Hi, I’m new here, and couldn’t find a thread with this info.

Does anyone has access to a list of known malicious bots user-agent strings? I think it would be very beneficial for everyone.

Does Cloudflare has this information to share?

Cheers :slight_smile:

In what way? I am generally not a fan of security through obscurity, but in this particularly case I am not sure whether it is a good idea to post that list publicly.

I think most bots try their best to hide the facts that they are bots. Anyway please see:

Also Cloudflare’s security settings should automatically block bad bots.

1 Like

Oh, I get it. Better not to teach the invader how to conceal this info?
So next best would be my custom data from my own server logs, right?

Thats the idea. Again, thats somewhat of aforementioned security through obscurity, which should be generally avoided but in this case I simply think Cloudflare should not reveal too much about how it determines whom it blocks.

Server logs are always a great start though :slight_smile:

1 Like

Thank you.

I think I’ll check the list against my logs instead of pre-blocking anything.

Great, thanks.

Sandro, I’m going to reverse the problem then. I was being attacked, and it was not automatically blocked by Cloudflare. We solved it with a user-agent based block.

Imho, it maybe should be added to the Cloudflare watchlist for “bad bots”. Well, how does that happen? Should I talk to someone? Suggest it? Or maybe Cloudflare might be analyzing new rules and seeing what makes sense for other accounts based on what they blocked for my account?

No problem if this can’t be disclosed, mostly out of curiosity :wink:

You could open a support ticket or maybe @cs-cf / @cloonan would have some insight to share.

Which useragent was it in your case?

It was axios/0.17.1. Thousand of requests per minute from at least 3800 different ips, all around the globe.

True, the thread at User-agent block rule not blocking all requests.

Increasing your security level might help too, but for proper clarification I’d contact support.

Ok, thanks.

This topic was automatically closed after 14 days. New replies are no longer allowed.