Hi all,
We've been using Cloudflare for a while now and atm we are in the free tier if that helps(and have turned off acceleration).
Since like last week we've seen a sudden hike in requests to the point where the server cannot handle it anymore.
These should be AI crawlers and we're trying to limit access to them but they seem to crawl into the forum somehow.
While we would want non-logged-in users/visitors to see the content, since no one can use the site anymore we have decided to only let in logged-in users without checks and for others, for a human check to go through.
The following is the rule we're using to identify logged in/actual users:
I was wondering if there is a better/more standardised/more accurate way to identify logged in users.
Thanks very much!
You can also use this online tool to check servers when reviewing the logs in cloudflare, this is an example of one of those serves that showed up, the radar tracks it as 86.8% bot
https://radar.cloudflare.com/bots/as132203
Here can be seen the 6th of September surge on on the graph and it coincides with the server traffic
A lot of these bots are hammering wordpress exploits with targets such as
/wp-content/index.phpand so on, it might not be a bad idea to block by default if you have server load issues.