I have bin dealing with high load issues for a client who proxy’s his website through cloudflare and is since short hosted on one of my servers. After yesterday the load was huge - lots of LS threads being spawned and basicly hogging the full resources that i have assigned for him using Cloudlinux.
After log inspection, ive figured out that “bad bots” where basicly hammering search options through his website - causing a huge spike on database usage. Once i made a list of all these bad bots, and even tho I’m under attack option was turned on, these bots seem to fare through the whole security idea with no ease.
Above is one of the ip’s thats listed all over the net for abuse. Is there something we can do that abusive bots would be stopped simply at entering the whole website?
Hello, if the attacks are seemingly coming from a few specific ASNs you could block these with a custom WAF rule. Blocking legit customers / visitors with IPs from hosting companies like Hetzner, DigitalOcean and similar is very unlikely (And even if this would cause issues for someone, you can just allowlist their IP).
If you go on this route make sure that if you are using any services that is making connections to your site from a soon to be blocklisted hosting, you allowlisted their specific IPs before you deploy the blocking rule.