R
Railway13mo ago
.valiumknight

Under attack from ByteSpider bots from Singapore

Hi, I have a small Ghost blog at https://ghost-tech.up.railway.app/ that's serving the blog for https://techinterview.coach/blog (through a Netlify redirect). I am under attack from a ByteSpider crawler from Singapore, that's causing my Cloudinary usage (and bills) to spike. I am trying to block them. So far: - I have put https://techinterview.coach/ behind Cloudflare, but I think bots are hitting the railway.app domain directly so I am not sure this will help. - I've modified the https://ghost-tech.up.railway.app/robots.txt to disallow crawling. Can I do anything else? Is there a way to put the railway app domain itself behind CloudFlare? Thanks, Andrea
13 Replies
Percy
Percy13mo ago
Project ID: 3e1d8e5a-85d2-453c-ae03-c5983d51b5e0
.valiumknight
.valiumknight13mo ago
3e1d8e5a-85d2-453c-ae03-c5983d51b5e0
Brody
Brody13mo ago
you can change the railway domain
ThallesComH
ThallesComH13mo ago
As brody suggested change the domain. you can also block any traffic that isn't going through cloudflare, just validates if the origin IP is from Cloudflare: https://www.cloudflare.com/ips/ Also, you can probably block their user agent https://stackoverflow.com/questions/57908900/what-is-the-bytespider-user-agent Here's a guide for doing that in Cloudflare: https://developers.cloudflare.com/waf/tools/user-agent-blocking/
.valiumknight
.valiumknight13mo ago
Amazing - thank you! How do I validate that the IPs are from Cloudflare? I will change the domain in the meantime, but keen to learn alternatives in case they find the new one...
Brody
Brody13mo ago
that depends entirely on what kind of app you are running maybe there's a middleware available that will only respond to cloudflare ip's
.valiumknight
.valiumknight13mo ago
I am running a fork of this https://github.com/railwayapp-templates/ghost
GitHub
GitHub - railwayapp-templates/ghost: A self-hosted version of Ghost...
A self-hosted version of Ghost with a MySQL database. - GitHub - railwayapp-templates/ghost: A self-hosted version of Ghost with a MySQL database.
.valiumknight
.valiumknight13mo ago
btw, looks like the robots.txt and putting https://techinterview.coach behind cloudflare solved the problem... can't tell which of the two though...
.valiumknight
.valiumknight13mo ago
traffic before
.valiumknight
.valiumknight13mo ago
traffic after
Brody
Brody13mo ago
62.7 thousand holy moly
.valiumknight
.valiumknight13mo ago
I know, brutal...
Brody
Brody13mo ago
Want results from more Discord servers?
Add your server
More Posts
Draining During DeploymentsHow long does Railway wait to drain old instances before tearing them down during deployments? We haGetting this error on my web-pageHey. I am currently getting such an error: `upstream connect error or disconnect/reset before headerIntermittent Network ErrorsI am receiving intermittent errors from my service today. There have been no configuration changes tWhy are just Showed Logs?On API are just logged ERROR,but i can't find 200* successful request and responseGithub-Railway Account Linking LimitationsHello Railway Team, I'm reaching out from our startup studio regarding a limitation with the RailwaError during 1st Deploy#10 6.775 Collecting amqp==1.4.9 #10 6.779 Using cached amqp-1.4.9-py2.py3-none-any.whl (51 kB) MYSQLoriginal: Error: Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated cTrying to deploy a Vite/Vue2 AppHi all. I’m trying to deploy a service from GitHub that’s a Vue.js app built vía `create-vue`. RunI need help in pointing my domain to my railway appMy DNS configuration not workingConnection Error: Connection ended unexpectedlyRailway seems to have a bug where the connection between our nodejs server and the postgres db ( in