Stop spam traffic and allow search engine bots

Hi,

Discovered today a lot of spam traffic coming from US, France and Singapore. Created a firewall rule to block it, but it also blocks bots from google, bing etc.

(ip.geoip.country in {“US” “SG” “FR”}) = blocks all spam traffic but also bots that should be allowed.

Changed it like this instead, after reading about similar problem in another thread:
(ip.geoip.country in {“US” “SG” “FR”} and not cf.client.bot)

It works for the search engine bots to get through, but it only blocks a small portion of all the spam.

Anyone who can help me out to make it work?

The only way to fix this is to look for common traits and block them. You can also try enabling bot-fight mode. Worst case, enable under attack mode, but that’s an unpleasant user experience.

1 Like

Are you being attacked by any specific user agent or ip range? Any specific patter? Any query string?

1 Like

Thanks for your answers!

I think I managed to solve it, at least for now. I’m new to using CloudFlare so I guess it will take a while.

Changed security level to high, turned on bot-fight mode and also added a second rule based on user agents I found in logs.

(http.user_agent contains “DotBot”) or (http.user_agent contains “dotbot”) or (http.user_agent contains “SemrushBot”) or (http.user_agent contains “semrushbot”) or (http.user_agent contains “semrush”) or (http.user_agent contains “AhrefsBot”) or (http.user_agent contains “ahrefsbot”) or (http.user_agent contains “MJ12bot”) or (http.user_agent contains “mj12bot”) or (http.user_agent contains “rogerbot”) or (http.user_agent contains “SMTBot”) or (http.user_agent contains “smtBot”) or (http.user_agent contains “SeznamBot”) or (http.user_agent contains “seznambot”)

(Don’t know if it’s case sensitive so that’s why some are duplicates)

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.