7 months ago
How do you block? or is there way ? from being scanned for those typical wp paths? My site clearly isn't wordpress, but I guess someone somewhere trying to find a vulnerability ...
Is there a way to block? or do something about it? I use Cloudflare for domain
Attachments
Pinned Solution
7 months ago
Yeah that's a lot of background internet noise and nothing really to worry about - but it does mess up your logs and adds a bit of extra traffic/resource drain.
Since you're using CloudFlare, you could set up some WAF rules - they have some built-in rules to block some of this common stuff, and you can also make your own custom rules for other bits - although bear in mind you'll never block everything...
Look for: Cloudflare Managed Rules → Common Threats
Some of these features might be on paid plans only.
I found a lot of that noise traffic was coming either through Tor or from countries very much NOT our audience, so I set up a CloudFlare Managed Challenge on those countries.
If you use Git, I do suggest putting a CloudFlare rule to block anything to the .git path - just in case you accidentally ever deploy your .git folder (eeek).
Depending on your stack, you could also do something like this apache config for example, for some extra protection of the internet noise actually finding something you accidentally deploy:<DirectoryMatch "^/.*/\.git/">
Require all denied
</DirectoryMatch>
<DirectoryMatch "^/.*/icons/">
Require all denied
</DirectoryMatch>
<FilesMatch "^\.git">
Require all denied
</FilesMatch>
<FilesMatch "^((composer|package|installed)\.json)$">
Deny from all
</FilesMatch>
<FilesMatch "^((composer|package)\.lock)$">
Deny from all
</FilesMatch>
4 Replies
7 months ago
Hey there! We've found the following might help you get unblocked faster:
If you find the answer from one of these, please let us know by solving the thread!
7 months ago
Hey, I would recommend not caring much about those automated scanners. It takes quite a bit of work to block them using methods such as IP block lists, common User Agents, and more. As long as your application is updated, you should be good.
7 months ago
Yeah that's a lot of background internet noise and nothing really to worry about - but it does mess up your logs and adds a bit of extra traffic/resource drain.
Since you're using CloudFlare, you could set up some WAF rules - they have some built-in rules to block some of this common stuff, and you can also make your own custom rules for other bits - although bear in mind you'll never block everything...
Look for: Cloudflare Managed Rules → Common Threats
Some of these features might be on paid plans only.
I found a lot of that noise traffic was coming either through Tor or from countries very much NOT our audience, so I set up a CloudFlare Managed Challenge on those countries.
If you use Git, I do suggest putting a CloudFlare rule to block anything to the .git path - just in case you accidentally ever deploy your .git folder (eeek).
Depending on your stack, you could also do something like this apache config for example, for some extra protection of the internet noise actually finding something you accidentally deploy:<DirectoryMatch "^/.*/\.git/">
Require all denied
</DirectoryMatch>
<DirectoryMatch "^/.*/icons/">
Require all denied
</DirectoryMatch>
<FilesMatch "^\.git">
Require all denied
</FilesMatch>
<FilesMatch "^((composer|package|installed)\.json)$">
Deny from all
</FilesMatch>
<FilesMatch "^((composer|package)\.lock)$">
Deny from all
</FilesMatch>
6 months ago
Hey smilehyun,
Did my answer clear up your query? If so, care to mark it as solved?
Thanks
Status changed to Solved chandrika • 7 months ago