I noticed a spike on the server at a specific time of the day. I dug into Cloudflare analytics, Web Analytics, Server Analytics, and Logs and I found out that I’m receiving many concurrent requests on different URLs at the same time. All of those requests appear to come from a
TwitterBot Browser and an
Unkown Operating System.
Attached is a screenshot of the number of visits.
(screenshot was taken the next day)
Below is zoomed-in capture showing the requests in a 3-minute timeframe. As you can see, the requests were generated in one shot (robotic behavior).
The weird thing is that the below chart (number of requests) does not seem to justify the spike in the first graph (number of visits).
I also noticed that the majority of 5xx errors were 503 errors and not 524. This means that the server was rate-limiting the requests coming from Cloudflare when the spike happened (suspecting an attack).
Any idea what is this
TwitterBot browser thing? Isn’t Cloudflare supposed to mitigate and filter those kinds of requests at the edge?