Spam attack blocking with WAF rules
Hi guys, I have a quick question. Recently I've created a website on pure html/js (basic static page with a contact form, the only external library I use is one for displaying icons from a database). I've immediately noticed huge amounts of 404s in my server error logs, something I never got on websites I made with software like Prestashop etc. Stuff like this:
Both in public and private html, a lot of wordpress related hits as well, lots of php scripts. Presumably just trying to find anything that's vulnerable/infected. Of course none of these are in my files.
I assume it's perfectly normal - every webpage ever is being attacked, but I got curious when I started getting spam contact form submission (usually a yahoo email and a phone number from a foreign country).
I have changed the CDN to Cloudflare but the only solution that kinda works that I've found was adding a rule that gives a js challenge to anyone thats not a known bot from a different country
This is far from a future-proof solution, and I still get a handful of 404s in my logs. Robots.txt has bot access blocked to all folders except the main one obviously.
Would there be any other way of preventing this? Should I even bother? Sadly right now I'm on shared hosting so fail2ban etc. are out of conversation.
Both in public and private html, a lot of wordpress related hits as well, lots of php scripts. Presumably just trying to find anything that's vulnerable/infected. Of course none of these are in my files.
I assume it's perfectly normal - every webpage ever is being attacked, but I got curious when I started getting spam contact form submission (usually a yahoo email and a phone number from a foreign country).
I have changed the CDN to Cloudflare but the only solution that kinda works that I've found was adding a rule that gives a js challenge to anyone thats not a known bot from a different country
This is far from a future-proof solution, and I still get a handful of 404s in my logs. Robots.txt has bot access blocked to all folders except the main one obviously.
Would there be any other way of preventing this? Should I even bother? Sadly right now I'm on shared hosting so fail2ban etc. are out of conversation.
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
85,042Members
Resources
Was this page helpful?
