hey, my site was under a bot spam attack and I managed to stop it using block by country (WAF), it works fine but the problem is that they still spamming my site, and Cloudflare blocking them, until now they reached 300k requests and all got blocked, is it okay to leave it like this? Is it okay to make Cloudflare block them forever? if not, how can I stop them from even coming?
Since you indicate that Cloudflare is blocking them just fine, and that your origin server does not appear to suffer from the attacks (any more?), I would just leave the block on (for as long as it appears to be necessary), and otherwise ignore it.
They will obviously continue to show up on your WAF/Firewall/Security Events list, as long as they continue trying though.
That part would be something you would need to figure out on your own for a personal site, or within your company (for corporates sites).
Instead of block, you could also try challenging the bots, e.g. by switching the action to either Managed Challenge, JS Challenge, or Interactive Challenge.
Should there be a real user that is being hit by your filter (since you mention “block by country”), the real user might be able to continue to your site after a challenge, rather than being blocked.
But how to deal with it, is completely up to you (and/or the organisation you represent).
If you see one or more IP address(es) that are repeating to come, you could try to look up the IP address in one of the IP registries, and look for an “abuse contact” email address.
You could then try sending them a message, to the abuse contact address, telling them that the specific IP address is attacking your site, and include all relevant material (e.g. you can send information (perhaps a screenshot) from the WAF/Firewall/Security Events page).
A such kind of game may however be quite a time consuming “whack-a-mole” game.
There are both some good networks out there that may terminate bad customers (and/or compromised hosts), or otherwise tell their customers to deal with the issue. But you will likely also quite a few networks that doesn’t seem to care at all.
2 Likes
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.