a month ago
I deployed my project in the Singapore region using a private domain and only shared it with a few friends.
However, I am receiving a large number of requests from other regions (such as the US and Europe),
which appear to be bot traffic. This is causing my serverless service to be triggered continuously.
When I deploy the same service on other platforms (DigitalOcean, Vercel), this issue does not occur.
Is this normal behavior ?
21 Replies
a month ago
Are you using a custom or generated domain?
a month ago
If custom, are you using Cloudflare's proxy?
a month ago
Seen this before.
I'd suggest using Cloudflare's DNS and enabling their proxy. This will prevent bots/scrapers like these that try to find common exploits/vulnerabilities.
I tried both and it’s still happening.
Yes, the custom domain is behind Cloudflare DNS.
If it’s a public domain, then I think this is normal.
But I just deployed it 1–2 days ago and no one knows about it yet, which is weird.
a month ago
Go to your domain page in Cloudflare dashboard, Security > Settings
a month ago
Then turn on what you can
a month ago
I think that should prevent these bots from trying to hit these routes.
a month ago
The key ones are stuff like block AI bots, bot fight mode, and browser integrity check.
did you register the domain recently? the things theyre requesting are very common scans
a month ago
I would just like to mention that you were using a public domain.
Sorry for not being clear. Yes, this is a custom domain and also a public domain.
By “public domain,” I mean it’s new and no one knew about it before.
So it doesn’t make sense for bots to attack it like this.
25 days ago
Bots are constantly scraping the internet.
25 days ago
Looking for leaked information, vulnerabilities, exploits, etc.
My point is that this is a private project and it’s serverless, but the requests keep waking the server up every day. 😅
I’m just wondering, because other projects on the same domain (using subdomains and deployed on Railway) don’t have requests like this.
25 days ago
Well tbh, I'm not exactly sure how they even find domains like this in the first place.
25 days ago
I'm more or less making a general statement from what I know.
25 days ago
Whenever you (or Cloudflare, Railway) provision a new TLS certificate for a domain, that is now public knowledge via the CT (certificate transparency) logs.
Searchable here https://crt.sh
So, I’d assume scrapers/bots use these logs to find new domains to exploit.