vipdp
vipdp
PostsComments
CDCloudflare Developers
Created by vipdp on 1/10/2025 in #general-help
Spam attack blocking with WAF rules
Hi guys, I have a quick question. Recently I've created a website on pure html/js (basic static page with a contact form, the only external library I use is one for displaying icons from a database). I've immediately noticed huge amounts of 404s in my server error logs, something I never got on websites I made with software like Prestashop etc. Stuff like this: 
2025-01-09 03:39:05.341403 [INFO] [1851988] [T0] [<IP>:<port>:HTTP2-1#APVH_<DOMAIN>:443] File not found [/home/<SERVER NAME>/domains/<DOMAIN>/private_html/index.php/m6-zzyj-7631-srYSS-33-0w/eywuu/fweykwhsza/yb24yahge3-696_f14w-VLWX_xiuahsgi.html] 
2025-01-09 03:39:05.341403 [INFO] [1851988] [T0] [<IP>:<port>:HTTP2-1#APVH_<DOMAIN>:443] File not found [/home/<SERVER NAME>/domains/<DOMAIN>/private_html/index.php/m6-zzyj-7631-srYSS-33-0w/eywuu/fweykwhsza/yb24yahge3-696_f14w-VLWX_xiuahsgi.html]
Both in public and private html, a lot of wordpress related hits as well, lots of php scripts. Presumably just trying to find anything that's vulnerable/infected. Of course none of these are in my files. I assume it's perfectly normal - every webpage ever is being attacked, but I got curious when I started getting spam contact form submission (usually a yahoo email and a phone number from a foreign country). I have changed the CDN to Cloudflare but the only solution that kinda works that I've found was adding a rule that gives a js challenge to anyone thats not a known bot from a different country 
(not cf.client.bot and ip.src.country ne "PL")
(not cf.client.bot and ip.src.country ne "PL")
This is far from a future-proof solution, and I still get a handful of 404s in my logs. Robots.txt has bot access blocked to all folders except the main one obviously. Would there be any other way of preventing this? Should I even bother? Sadly right now I'm on shared hosting so fail2ban etc. are out of conversation.
4 replies