Site receiving constant Get and Post

I got an email from my hosting that I am receiving constant post request from cloudfare, I do not understand what they mean but please help. See the email below

[Hello,

We are writing to inform you that the web access to rccgstrongtowerng.org has been temporary suspended due to overload of the server on which your VPS is created. Unfortunately the site is receiving constant GET and POST requests from CloudFlare IPs to wp-login.php and /xmlrpc.php. Below you can find the logs for the same:

rccgstrongtowerng.org|172.68.18.199 - - [21/Feb/2024:21:50:51 +0000] "GET /wp-login.php HTTP/1.1" 404 214367 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
rccgstrongtowerng.org|172.71.10.20 - - [21/Feb/2024:21:50:57 +0000] "POST /xmlrpc.php HTTP/1.1" 403 403 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
rccgstrongtowerng.org|172.69.194.33 - - [21/Feb/2024:21:51:02 +0000] "GET /wp-login.php HTTP/1.1" 404 214367 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
rccgstrongtowerng.org|172.68.213.90 - - [21/Feb/2024:21:51:08 +0000] "GET /wp-login.php HTTP/1.1" 404 214367 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
rccgstrongtowerng.org|162.158.106.217 - - [21/Feb/2024:21:51:13 +0000] "GET /wp-login.php HTTP/1.1" 404 214367 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
rccgstrongtowerng.org|172.69.194.64 - - [21/Feb/2024:21:51:09 +0000] "POST /xmlrpc.php HTTP/1.1" 403 403 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
rccgstrongtowerng.org|172.68.213.19 - - [21/Feb/2024:21:51:11 +0000] "POST /xmlrpc.php HTTP/1.1" 403 403 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
rccgstrongtowerng.org|172.71.114.64 - - [21/Feb/2024:21:51:18 +0000] "POST /xmlrpc.php HTTP/1.1" 403 403 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
rccgstrongtowerng.org|162.158.162.141 - - [21/Feb/2024:21:51:18 +0000] "POST /xmlrpc.php HTTP/1.1" 403 403 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
rccgstrongtowerng.org|172.70.189.32 - - [21/Feb/2024:21:51:23 +0000] "GET /wp-login.php HTTP/1.1" 404 214367 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
rccgstrongtowerng.org|172.64.236.96 - - [21/Feb/2024:21:51:28 +0000] "GET /wp-login.php HTTP/1.1" 404 214367 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
rccgstrongtowerng.org|172.71.224.144 - - [21/Feb/2024:21:51:31 +0000] "GET /wp-login.php HTTP/1.1" 404 214367 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"

You will have to filter those via your CloudFlare account or contact their customer support for further assistance since your VPS server cannot operate with this setup and huge amount of requests.

Thank you for time and understanding.

If there is anything else we can help with, feel free to write.

Best Regards,]

Considering these requests all come with an Internet Explorer 11 user agent (and assuming this is not exactly your audience), you can simply configure a user agent block for the following string at https://dash.cloudflare.com/?to=/:account/rccgstrongtowerng.org/security/waf/tools

Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

You may also want to rewrite IP addresses - Restoring original visitor IPs · Cloudflare Support docs

1 Like

Hi @rccgstrongtower7

You should also consider applying some security to your account.

  1. Activate Bot mode.

  2. Create a custom firewall rule where you block all continents/countries where you do not have customers from. Use the expression is in and add all the countries/continents on the same line.

  3. Then create another custom firewall rule where you give a managed challenge to the most threatening countries. this can be seen in the analytics traffic dashboard.

  4. Create a Rate Limiting Rule


Should I select "block" or manage challenge https://snipboard.io/925WzX.jpg. Does this mean any one visiting my site from mozilla wont be able to access it?
Just asking to know what I am blocking.

If you challenge or block is up to you.

This is not about Mozilla, but about that particular user agent.

Please it says block all countries are for enterprise plan but I set all affected block countries as managed challenge . See attachment

Is this ok?

Are you sure you want to block countries? Did the user agent rule not work?

1 Like

It worked, thanks.
Please one more question, how do I hide the cloudfare verification notice that redirects before my website loads. I want the protect but I don’t want it visible in the frontend of my website so the load speed increases. See it
rcvgstrongtowerng.org

A challenge always comes with such a page.

Does it mean there is nothing I can do to hide it, even from my host sever side

Especially not from your host’s side. But challenging these browser versions really shouldn’t be an issue.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.