Seriously why is all this traffic fake? Are these bots?

My website receives no traffic, but there are thousands of requests per month from what I assume are bots? How can I block all these fake requests from coming through?

These are bots.

Create a firewall rule like so:

This will block all traffic; you probably will see analytics but the traffic won’t reach your server(s).

3 Likes

Thank you Judge! Will this also block Google Bot and Bing from crawling?

Yes.

I suspect that @judge was being a bit tongue-in-cheek. The rule provided will block all traffic.

5 Likes

Michael, thanks for letting me know.

Haha I figured that might be the case after reading my obvious question.

I’m not sure blocking ALL traffic is a workable solution for me though. I honestly just want to stop spam bots from reaching my host server. Is there a simple way to block bots that aren’t Google or Bing? Or is there another reason why I might be seeing so many unique visitors, despite having no real traffic so far?

actually cf.client.bot is there to allow Crawler traffic from google and known/approved crawlers
https://developers.cloudflare.com/firewall/known-issues-and-faq#how-does-firewall-rules-handle-traffic-from-known-bots

Depending on where the bad traffic originates from you could do something like this (in this example traffic from Google Clud’s and Amazon’s ASN is blocked

Basic rule, with no exclusion
Action block (or challenge)
Expression (ip.geoip.asnum in {7224 15169})
Rule that excludes known bots that Cloudflare validates
Action block (or challenge)
Expression (ip.geoip.asnum in {7224 15169}) and not cf.client.bot)
Two rules to allow exceptions and block the rest
Rule 1 Action: allow
Expression: cf.client.bot
Rule 2 Action: block (or challenge)
Expression: (ip.geoip.asnum in {7224 15169})

(if you are on a paying plan you can also look into super bot fight mode)

Kevin, thank you for picking this up. I took a look at the link, and wanna make sure I’m understanding this. The snapshot is the list of bots that Cloudflare recognizes from the cf.client.bot expression? That means using the expression and blocking those bots would block Google. In order to resolve the issue I need to locate the source of the requests and block the IP instead than exclude known good bots using the cf.client.bot expression?

This topic was automatically closed after 31 days. New replies are no longer allowed.