I’m pretty fresh at this so sorry if this is a common question. Not exactly sure what search terms to whittle down such a broad question.
I have page rules set up so that it geoblocks every country other than Canada/US with a JS Challenge and I also have straight up blocked Russia, China, and Ukraine (cause I was getting a lot of traffic from them I didn’t want).
I’m still seeing from my apache logs that every other day I get a block of about 100 requests to access my phpadmin which is disabled from external access. These IPs are coming from the Asia Pacific network (APNIC) and RIPE (Europe based?), but don’t have any identifiable information about them.
Q1: How are they bypassing the page rules on Cloudflare?
Q2: If they’re able to make requests directly with the server, should I be concerned about other vulnerabilities?
Q3: Should I even worry about this considering the server is already denying the requests?