lots of my deployed workers just got multiple requests at the same time
There was two deployed service i deleted but got the same issue too (forgot to take screenshot). Those service aren't even tied with a domain and was deployed 24hrs ago.
6 Replies
one of the service which was deleted is a ChatGPT plugin template on cloudflare workers create dashboard. Another is a worker that proxies openai's API to access chatgpt. They both have the same issue (i think one of them was 2k requests at the same time)
If on a custom domain, you can check zone analytics to see more about the requests e.g are they coming from crawlers or suspicious providers
If on a workers.dev then you may need to add logging to the worker itself, which if you use Workers Paid could be as simple as enabling workers logpush and using console.log to store the appropriate data (ip, regoin, paths, headers etc.)
This data will let you narrow down where they're coming from and why
i just setup another worker about 3hrs ago and same thing happend again.
the url isn't even posted on any public forum, can't think of any problem on my side.
Oh wait, I understand. I thought you meant this was recurring and not just at the start
It's because when you create a new Worker we issue an SSL certificate for it, and a list/stream of all new SSL certificates are publicly available (see e.g. https://crt.sh/) - there are quite a few malicious bots that use these issuances to try and scrape/exploit websites that come online
also https://en.wikipedia.org/wiki/Certificate_Transparency
wait you guys don't issue just one cert for *.workername.workers.dev and use it for all?
nah, there's another cert they issue for each worker, *.workername.workersubdomain.workers.dev
iirc it was originally for environments (so you could have production.worker.subdomain.workers.dev, testing.worker.subdomain.workers.dev)
Like Erisa linked above, you can use sites like crt.sh to see certs issued for a domain, ex. for the per-worker wildcard: https://crt.sh/?q=update-me-pls.chaika.workers.dev