On 7th & 8th Jan, we were hit with a sophisticated Google Adwords scam that cost us $32,000+. We have reached out to google who have said the clicks are genuine and they will not remove the charges. Google will not investigate the issue any further without server logs.
My questions is:
Can I access backdated logs if not on enterprise at the time of the incident?
You should have logs at your web host.
As for “backdated logs”, even Enterprise plans can’t retroactively enable logging.
By default, your HTTP request logs are not retained.
https://developers.cloudflare.com/logs/logpull-api/enabling-log-retention
Hi @sdayman, the logs in aws it just shows Cloudflare IP data.
162.158.63.99 - - [07/Jan/2021:13:42:28 +0000]
We got hit with a Google click fraud scam costing us $20k in 2 hours. Google wont escalate the issue without the logs.
Unfortunately, due to the nature of proxies, it shows the IP of Cloudflare by default, unless you used some workaround like the one described here: Restoring original visitor IPs Logging visitor IP addresses
We also do usually do not store full logs for non-enterprise customers. I apologise for the inconvenience.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.