For two weeks now I am under heavy attack from these specific countries:
The attacker keeps calling the same URL on my server from those countries through mobile networks.
Is it because these countries unstable and under war the mobile networks and internet is not controlled by government or not secure and may be parts controlled by terrorists.
The attacker loads the dynamic document only, does not load the page assets, creates semi regular pattern as follows:
Creates random users session, then inside each session loads the URL at random interval between 1-3 minutes, then every few sessions destroys this user connection completely and start again
So from each country he is generating 1000’s users and and therefor couldflare unable to detect this as an attack and even the firewall on my server unable to detect it as attack because he is randomizing everything even the user-agent text. The only thing he is not randomizing is the URL he is attacking. I think the reason because he choose the largest page size on the website.
Google analytics sees these users but google AdSense does not sees these hits as page views or impressions. So it seems he is creating Webviews browsers loading the URL but the Webviews not visible and therefore AdSense does not count it.
Does anyone face such issues, Any suggestions.