Who I can block hacking attempt? (bots)


#1

Hi, I have a lot of hits from bots, that’s trying to read some files in my server. I install ClodFlare to solve this problem, but I still getting the same. For example: I get this list from my error_log file:

  • script ‘/var/www/html/x.php’ not found or unable to stat
  • script ‘/var/www/html/muhstiks.php’ not found or unable to stat
  • script ‘/var/www/html/wuwu11.php’ not found or unable to stat
  • script ‘/var/www/html/db_session.init.php’ not found or unable to stat
  • script ‘/var/www/html/conflg.php’ not found or unable to stat
  • script ‘/var/www/html/defect.php’ not found or unable to stat
  • script ‘/var/www/html/bak.php’ not found or unable to stat
  • script ‘/var/www/html/qaq.php’ not found or unable to stat
  • script ‘/var/www/html/ak.php’ not found or unable to stat
  • script ‘/var/www/html/xiaoma.php’ not found or unable to stat

I get a big list of attempts thats is causing my server lost resources to handle this. Usually this hits are from the same IP. But After some time, the IP change to another. Checking the differents IP’s show the bots are came from different countries, like Russia, China, etc.

Can I use CloudFlare to fix this problem? There is some settings to turn ON and block this requests attempts?
Thanks
Nicolas


#2

They’re just probing your site for vulnerabilities. This is normal, but if you’re finding they’re coming from specific countries where you don’t have users, you can use the Cloudflare Firewall settings to “Challenge” visitors from those countries (RU and CN).