If not... you may want to start. It's a quick way to find out if/when your site is under a DDOS attempt.
I noticed that on my site I had 70 guest visitors (and climbing)... up from the normal 2-5 that I have normally (this does not include known bots).
After watching and checking I discovered that the majority of them were coming out of South America and similar. Odds are it's a BOT attack that someone has hired out.
I went from 600 entries in this CF WAF rule to over a thousand in about 15 minutes.
Some of these passed the CF challenge, so they could be valid, but I generated no new content recently that would be of interest to anyone in South America or that area.
And the solve rate continues to drop but the connections climb. So pretty good idea it is a bot network of some type, as most of the connections appear to be from ISPs in the region which is typical for a bot attack using home users computers. I used CF to check ALL of South America (and a few other individual countries that are doing the same) and use a
Almost every one of them has been a hit on the style path ...
Yes, these could be valid users (but I doubt that many in this short of time) as I do have a new user from Brazil that commented he was going to let some of his friends know about the site.
BUT... I'm getting similar connections out of Russia, Kazahkstan, Pakistan, Moldovia and South Africa.
Just one more reason to use CloudFlare if you don't already. I use the free tier and have had no issues with it, and it's great for blocking/managing stuff like this.
BTW, it climbed to this in the short time I have been writing this messgage.
I noticed that on my site I had 70 guest visitors (and climbing)... up from the normal 2-5 that I have normally (this does not include known bots).
After watching and checking I discovered that the majority of them were coming out of South America and similar. Odds are it's a BOT attack that someone has hired out.
I went from 600 entries in this CF WAF rule to over a thousand in about 15 minutes.
Some of these passed the CF challenge, so they could be valid, but I generated no new content recently that would be of interest to anyone in South America or that area.
And the solve rate continues to drop but the connections climb. So pretty good idea it is a bot network of some type, as most of the connections appear to be from ISPs in the region which is typical for a bot attack using home users computers. I used CF to check ALL of South America (and a few other individual countries that are doing the same) and use a
managed challenge
.Almost every one of them has been a hit on the style path ...
misc/style
where the style ID and latter sequence of numbers change.Yes, these could be valid users (but I doubt that many in this short of time) as I do have a new user from Brazil that commented he was going to let some of his friends know about the site.
BUT... I'm getting similar connections out of Russia, Kazahkstan, Pakistan, Moldovia and South Africa.
Just one more reason to use CloudFlare if you don't already. I use the free tier and have had no issues with it, and it's great for blocking/managing stuff like this.
BTW, it climbed to this in the short time I have been writing this messgage.
Last edited: