2 months ago
I deployed my project in the Singapore region using a private domain and only shared it with a few friends.
However, I am receiving a large number of requests from other regions (such as the US and Europe),
which appear to be bot traffic. This is causing my serverless service to be triggered continuously.
When I deploy the same service on other platforms (DigitalOcean, Vercel), this issue does not occur.
Is this normal behavior ?
21 Replies
2 months ago
Are you using a custom or generated domain?
2 months ago
If custom, are you using Cloudflare's proxy?
2 months ago
Seen this before.
I'd suggest using Cloudflare's DNS and enabling their proxy. This will prevent bots/scrapers like these that try to find common exploits/vulnerabilities.
I tried both and it’s still happening.
Yes, the custom domain is behind Cloudflare DNS.
If it’s a public domain, then I think this is normal.
But I just deployed it 1–2 days ago and no one knows about it yet, which is weird.
2 months ago
Go to your domain page in Cloudflare dashboard, Security > Settings
2 months ago
Then turn on what you can
2 months ago
I think that should prevent these bots from trying to hit these routes.
2 months ago
The key ones are stuff like block AI bots, bot fight mode, and browser integrity check.
did you register the domain recently? the things theyre requesting are very common scans
2 months ago
I would just like to mention that you were using a public domain.
Sorry for not being clear. Yes, this is a custom domain and also a public domain.
By “public domain,” I mean it’s new and no one knew about it before.
So it doesn’t make sense for bots to attack it like this.

2 months ago
Bots are constantly scraping the internet.
2 months ago
Looking for leaked information, vulnerabilities, exploits, etc.
My point is that this is a private project and it’s serverless, but the requests keep waking the server up every day. 😅
I’m just wondering, because other projects on the same domain (using subdomains and deployed on Railway) don’t have requests like this.
2 months ago
Well tbh, I'm not exactly sure how they even find domains like this in the first place.
2 months ago
I'm more or less making a general statement from what I know.
2 months ago
Whenever you (or Cloudflare, Railway) provision a new TLS certificate for a domain, that is now public knowledge via the CT (certificate transparency) logs.
Searchable here https://crt.sh
So, I’d assume scrapers/bots use these logs to find new domains to exploit.