Someone on Cloudflare is messing with my site

Website, Application, Performance Security
1

I dont understand why someone from Cloudflare community would click to visit my site and then search for this.

16 x11Reading, Pennsylvania, United States, Verizon Internet Services 96.245.234.145

Visit #1

Win10, Chrome 76.0, 1536x864

https://community.cloudflare.com/
7 Aug 18:21: 44 {redacted}
{redacted}
7 Aug 18:21: 50 **{redacted} **
(No referring link)
7 Aug 18:21: 53 {redacted}

I am in a very competitive industry and Cloudflare is used to protect me, last thing I need is to be messed with by anyone from Cloudflare because I posted my site in community before to ask a question.

2

Hi @tickets.ticketron,

When you asked your previous question, you posted your domain name, as you mentioned.

Googlebot Runs Through Cloudflare IP Addresses?

As this is a public forum, anyone can see this post and your domain. It could have been viewed for many reasons, but we, on the community have no access to your account and could not change anything there.

4 Likes
5

I’ve been getting tons of this stuff - strange search requests. Mostly - not always - from China IPs and mostly - not always - searching for dot cn domain names. Really odd - no idea what the bad guys are up to - can any experts out there shed light? I set a firewall rule to challenge search requests so they aren’t getting through but are getting logged.

But … what makes you think the culprit is “someone from Cloudflare community”?

6

Somehow I doubt that was from anyone at Cloudflare… maybe you should do more investigating before throwing the blame at them. It could just as likely been anyone who looked at this public forum and got your domain name… even if it appeared to come from a Cloudflare IP (which can be spoofed), what purpose would it serve them to do that search?

More likely scenario is that someone was attempting to spam or attack your site with that search query.

8

Samia.pl runs through Cloudflare also.

10

the only way to enter my site from Cloudflare is to click a link in the community

11

The Link Is right there. https://community.cloudflare.com.

that is the link used to enter my website. Quite obvious no?

13

because the original entry to my site is from https://community.cloudflare.com

14

I posted the entry to my site came from that link. Listen I appreciate your knowledge but I dont appreciate the nastiness. My question was simple. the searches are ridiculous and it all originated from the entry to my site which was the link above. on top of that s2.samia.pl has me blocked for some reason so I cant even see what the site is.

15

The 1020 samia.pl shows is a firewall block, only the owner of the site knows why that is in place and who is affected by it.

Regarding if folks are visiting your site by clicking on a link shared in the community. Maybe, you can see how many times a links been clicked by looking at it and that may tell. Next, if you like, I’ll remove every instance of {redacted} from your Community posts. Let me know.

Finally, if you suspect your site is being tampered with, let Support know via a ticket. They have greater insight and may be able to give a perspective the Community cannot. Sorry for the troubles.

1 Like
16

For most of my clients I restrict traffic to only North America. It’s not a snobby thing… just no need to serve outside of their market.

Sounds like a malicious bot to me. I wouldn’t blame humans for this.

You should’ve started off with a question. Your first post was an accusation.

2 Likes
17

I do the same I dont know how they got through but that Samia site is behind Cloudflare in california so who knows who gets through and doesnt


Virus-free. www.avast.com

18

This topic was automatically closed after 30 days. New replies are no longer allowed.