Why can't I block this guy?

So this one creep seems to be ■■■■ bent on trying to kill my serps on one of my product pages I guess. He parks, clicks the same page over and over etc etc every day for the past few days. All damn day long I certainly hope he’s getting paid good money to do this. No matter what I do, I can’t seem to block his IP ip block, ip range, hostname block etc etc etc
It is not a bot. I watch him on my live chat and I send him a chat and he reads it bots do not react that way.
Can someone please explain all this to me. Other than the fact that he will most likely succeed at knocking my ranking down a few pegs, he’s just pissing me off.

What about Rate Limiting?

As for the blocks, is he changing his IP address all the time?

1 Like

Do you have some Ajax request at the background?

How about blocking his IP address if you have got it?
Firewall Rules → Tools → IP Access Rules - write it there and choose the “block” action.

Do you have some server logs to find out his User-agent?

I blocked his ip, I blocked his user agent No matter what he’s getting in.
He is NOT changing his IP address it’s exactly the same each time which is baffling. I did a search on ultra tools for his IP and it says it’s likely a static ip so if this is all correct then he’s certainly not doing a good job of hiding himself probably some kid getting paid to bang my webpage. (I’m not really knowledgeable so these are just my assumptions - I might be totally wrong cause I have no idea what I’m saying lol)

My live chat actually shows me all that info (not server logs as everything coming in on the server logs shows as cloudflare :0( But I get his IP and user agent from live chat report. I do not know what an ajax request at the background is sorry.

Then, may I ask what options have you tried using Cloudflare to protect your domain?

Do you actually get his IP address or one of the Cloudflare ones while he is requesting some resource at your webpage? (hopefully you have allowed Cloudflare IP addresses to connect and the real_ip?)

He is not changing his IP address I thought that rate limiting was for bots that rush through your site?

This makes it seem like you are not rewriting IPs, the user’s IP is in one of the headers.

1 Like

I’m not really sure what you mean by that questions but I have used both firewall rules and tools ip access rules. I’ve blocked IP and user agent alone and also together nothing seems to be blocking him

He might be using one IP to use the live chat and a different one to do the attack

You’re talking about on my webhost right?

Yup. That :slight_smile:

He’s NOT using the live chat perse’ My live chat shows me whose on the site where they go etc.

I thought the only way to get the actual ip address was to use cloudflare “enterprise” which is way over budget for us.
Although the live chat will show the ip the actual server logs do not but I’ll re-chat with my host to see if there’s another way.

Search for the CF-Connecting-IP header.

True-Client-IP is ENT only.

1 Like

THANK YOU So Much !!!

But from that same page, “There’s absolutely no difference between True-Client-IP and Cf-Connecting-IP besides the name of the header. Some Enterprise customers with legacy devices need True-Client-IP to avoid updating firewalls or load-balancers to read a custom header name.”

I use the CF Apache plug-in to convert the incoming CF IP addresses to CF-Connecting-IP so my logs and downstream apps capture the real IP address. But it should be trivial to just block his fixed IP in the CF Firewall Rules. If you can’t block his IP address there, you’re doing something wrong.

Never said anything different :slight_smile: it’s not even enabled by default on ENT.

1 Like

This topic was automatically closed after 29 days. New replies are no longer allowed.