Seeking Guidance on Interpreting Website Traffic Patterns from Cloudflare Community

Hello,

According to Cloudflare analytics reports for March 2024, a significant portion of our website traffic originates from China and Singapore, despite our target client base being in Europe and India.

Could someone from the Cloudflare community provide guidance on how to verify if this traffic is legitimate or indicative of a botnet attack on our website? Additionally, what steps should be taken to address this issue effectively? Thank you for your assistance.

Firstly, you can go to Analytics/Traffic tab to see attacks and traffic pattern as well as details such as IP addresses, ASN, user-agent etc, the path they are going to. Web analytics · Cloudflare Analytics docs

Secondly, you can also go to Security Events to see if the traffic trigger any HTTP DDoS rules or any Security rules/rulesets. Security Events · Cloudflare Web Application Firewall (WAF) docs. You can also check if there is any action performed here (blocked, challeneged etc.).

The analytics will give you information about the traffic. However, you will need to judge it on your own (if this is a normal traffic, do you have a lot of business/users coming from these countries, are you running any international sales/marketing campaign? etc.). Because I believe no one understands your web server, business, internal activities better than you.