Hi, I get spammed by trafficbot4free(dot)pw, I don’t care about analytics but the bandwidth of the site increased significantly. I tried creating firewall rules, blocking through hostname and user agent…nothing works. Every twenty minutes, I get visits from various countries with trafficbot4free as a referral.
Did anyone manage to solve this?
Thank you!
1 Like
sandro
May 21, 2020, 12:18pm
2
You need to create a firewall rule based on the referrer, not other parameters.
thank you for a quick reply, but it does not work. Tried “equals”, “contains” for domain or just trafficbot4free etc. Cloudflare does not catch it…
domain costofincome.com
(thank you for your time and help)
only one rule there, the 1 block that you see is a mistake (i did an error in one of the setups and blocked a feed crawler)
sandro
May 21, 2020, 12:56pm
8
Blocks just fine
$ curl -i -H 'Referer: https://trafficbot4free.pw' https://costofincome.com/
HTTP/2 403
date: Thu, 21 May 2020 12:55:04 GMT
content-type: text/plain; charset=UTF-8
content-length: 16
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
Of course your check only checks for that particular string. Should that referrer be any different it will pass.
1 Like
I though that if CF blocked It i would not see it in Google Analytics…but I still do. Thought that it means that the block is not working…
P.S.: I see your test as blocked, but I did not see Cf blocking other attempts from that site (but I see them in Analytics…)
sandro
May 21, 2020, 1:04pm
11
In that case they might access your server directly without going through Cloudflare.
maybe a silly question - what is the point of CF if somebody can go “directly” to my server? I thought that it is impossible when the CF is on.
sandro
May 21, 2020, 1:17pm
13
If your server accepts connections from others than Cloudflare, there is nothing Cloudflare can do.
Can you post log excerpts from the requests in question?
phil14
May 28, 2020, 5:09pm
15
Yep. I knew it would be a Namecheap domain even before I did a whois on it.
What a surprise.
Thank you so much for your support. I just blocked it in GA. Spent too much time worrying about it. If it gets worse, will have to get back to it…
1 Like
system
Closed
June 20, 2020, 12:17pm
17
This topic was automatically closed after 30 days. New replies are no longer allowed.