CloudFlare usually is pretty good with blocking malicious traffic, but recently my own websites have been hit with a lot of spam comments. Enough for my host Siteground, to take all of my sites down. After investigating several logs, I realized my own site was under a severe, what I am dubbing, “spam-attack.”
The majority of the spam I was getting was in the form of spam comments. However, my websites use Akismet, the anti-spam plugin, which was deleting the comments so I never saw the effects of the attack. The downfall? Akismet does not prevent these spammers from wasting precious server resources and CPU cycles.
I went and investigated and it seems that most of the spam was coming from server farms. The most notorious one being Colo Crossing. However, instead of playing IP address whack a mole, as they were flooding my server with hundreds of different IP’s; I opted to outright block them by their autonomous system number or ASN.
Think of an ASN as a range of IP addresses that an organization has been allocated. Blocking Colo Crossing’s ASN outright was not, in theory going to damage my website traffic. Only real users on their network would be blocked from visiting my websites (employees of the company).
However, CloudFlare does not specify the correct format for adding an ASN you want to block. It only tells you the following:
- Enter an IP
- IP Range Country Name, or ASN
Naturally, you may think you should enter ASN123456, but that is incorrect. You simply need to drop the N. The correct format would be AS123456 (then select the block option). The ASN number listed above is an example. Use the numbers related to the ASN you want to block.
However, if you want to block the ASN that was attacking my website, this is AS134928. This ASN belongs to an Indian “web development” company and they were the ones hammering my server with nonsense requests.
I wrote a post a few months ago that goes into more detail on what happens when you get a lot of spam comments and that lists the most common ASN’s that you should block.
Note, you need to fully understand the company that you want to block. This is to avoid blocking an internet service provider (ISP) that your users might actually be using.
If you have any questions please feel free to ask me below!