How to deal with a sudden intensive bot traffic from many ASNs/IPs to a vBulletin4 forum + Cloudflar

Discussion in 'Site & Server Administration' started by postcd, Dec 29, 2025 at 1:28 PM.

0
  1. #1
    Hello, I wanted to share my experience how I have rather successfully eliminated intensive bot traffic from many ASNs and subnets using free Cloudflare account + I would like your feedback on what that traffic is and if i could do it better way, maybe even without Cloudflare...

    My vbulletin4 forum website went down due to a CPU limit reached on a shared hosting account.
    According to a logs, the reason was many visitors, sometimes several per second.
    They did not come from the same IP or User-Agent, nor similar subnets /16 or /24 but many ASNs, most visits (according to Webalizer stats - i have pulled these into Calc app and sorted) I have noticed from:
    HostPapa
    RackNerd
    Web2Objects

    I had no better budget friendly idea than setting Interactive challenge (captcha) for visits which seemed resource intensive and rarely used by regular visitors. These rules were set at https://dash.cloudflare.com/idhere/mysite.com/security/security-rules
    like this:
    "When incoming requests match…"
    Field = URI Path, Operator = wildcard, Value = /tags.php*
    Field = AS Num, Operator = equals, Value = 36352

    Full expression:
    at that page /security/security-rules, i have also set another rule for Interactive challenge for IPs/subnets listed in https://dash.cloudflare.com/idhere/configurations/lists/idhere :
    Field = IP Source Address, Operator = is in list, Value = blockedips
    (blockedips is name of my list)

    what really made a change in my logs (in terms of a traffic reduction) was that last rule: 
    http.request.uri wildcard r"/[I].php*s=[/I]"
    Code (markup):
    Sample traffic before applying the rule:
    am I blocking legitimate traffic using that s= rule? I have used it because when I am browsing the site as a human, i do not see these s= in URLs nor in logs near my visits.

    Note that also as a next measure to reduce bot flood I am using .htaccess firewalls:
    https://perishablepress.com/8g-firewall/
    and
    https://perishablepress.com/ultimate-ai-block-list/

    and having set crawl-delay in robots.txt (most bots does not respect, but such bots may be at least reported)
     
    postcd, Dec 29, 2025 at 1:28 PM IP
  2. mike30

    mike30 Well-Known Member

    Messages:
    888
    Likes Received:
    38
    Best Answers:
    0
    Trophy Points:
    140
    #2
    The last time I used .htaccess to block bots, my forum got very slow.
    I ended up putting most of it visible only to logged in users.

    Now everybody has a bot using AI... It's insane.
     
    mike30, Dec 29, 2025 at 8:21 PM IP
    postcd likes this.