Under Attack By Amazonbot 0.1

Website, Application, Performance DNS & Network
1

Hello there,

We’ve been under attack recently from Amazonbot 0.1, trying to constantly access non existent pages

/customer/account/login/referer/aHR0cHM6Ly9wdXBweXByaWRlLnN0b3JlL3N0ZXJsaW5nLXNpbHZlci1uZWNrbGFjZS01LTVtbQ,/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/checkout/cart/

Cloudflare’s under attack mode doesn’t do anything because it is letting the bot though, but the requests are so frequent that the server maxes it’s CPU trying to serve them and crashes out

How can I block these bots from a DNS level on Cloudflare to protect my store?

2

Can you confirm that your origin is restricted to cloudflare Ip’s only? If that is done you should not see any requests bypass “under attack mode”. You can also do some custom rules to block the particular event as well for the user agent string.

1 Like
3

I can confirm that, and it was bypassing the under attack mode.

Bots seam to have a way to get around it as they can’t complete a ReCapture.

This has been fixed by installing a module for Nginx which filters known bad bots though

4

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.