Cloudflare Inferno?

For topics beyond KeyHelp. / Für Themen jenseits von KeyHelp.
Post Reply
User avatar
Ralph
Posts: 1464
Joined: Mon 30. Mar 2020, 16:14

Cloudflare Inferno?

Post by Ralph »

Kann Cloudflare eigentlich auch vor Attacken von Cloudflare IPs schützen?
Bei der Masse an proxied CF IP Adressen bekomme ich ein leichtes Unwohlsein ... und die Nackenhaare stellen sich hoch, auch wenn ich CF generell nicht schlecht reden möchte :shock: :oops:

Die CF Netze sind ja bei vielen whitelisted (0%) und LE verwendet wohl auch teilweise deren IPs, aber schaut Euch mal die Kommentare an.
https://www.abuseipdb.com/check-block/172.71.144.0/24
https://www.abuseipdb.com/check-block/172.71.15.0/24

Code: Select all

172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.git/refs/heads/master HTTP/2.0" 403 239 "-" "-" 144 375
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.development HTTP/2.0" 403 239 "-" "-" 50 269
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env_backup HTTP/2.0" 403 239 "-" "-" 45 269
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env~ HTTP/2.0" 403 239 "-" "-" 42 269
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env2 HTTP/2.0" 403 239 "-" "-" 41 269
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.dist HTTP/2.0" 403 239 "-" "-" 44 269
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.container HTTP/2.0" 403 239 "-" "-" 47 269
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /docker/.env HTTP/2.0" 403 239 "-" "-" 45 269
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /server/.env HTTP/2.0" 403 239 "-" "-" 45 269
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /var/www/.env HTTP/2.0" 403 239 "-" "-" 47 269
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env_config HTTP/2.0" 403 239 "-" "-" 45 269
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env_settings HTTP/2.0" 403 239 "-" "-" 46 269
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.local.backup HTTP/2.0" 403 239 "-" "-" 49 269
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.git/HEAD HTTP/1.1" 403 239 "-" "-" 226 512
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.git/config HTTP/1.1" 403 239 "-" "-" 228 512
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.git/logs/HEAD HTTP/1.1" 403 239 "-" "-" 232 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.git/refs/heads/master HTTP/1.1" 403 239 "-" "-" 240 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.local HTTP/1.1" 403 239 "-" "-" 228 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.production HTTP/1.1" 403 239 "-" "-" 233 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.bak HTTP/1.1" 401 421 "-" "-" 226 760
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.old HTTP/1.1" 401 421 "-" "-" 226 760
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.production.local HTTP/1.1" 403 239 "-" "-" 239 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.development.local HTTP/1.1" 403 239 "-" "-" 240 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /api/.env HTTP/1.1" 403 239 "-" "-" 226 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /core/.env HTTP/1.1" 403 239 "-" "-" 227 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.json HTTP/1.1" 403 239 "-" "-" 227 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env1 HTTP/1.1" 403 239 "-" "-" 223 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env2 HTTP/1.1" 403 239 "-" "-" 223 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.dist HTTP/1.1" 403 239 "-" "-" 227 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.envrc HTTP/1.1" 403 239 "-" "-" 224 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.dev.local HTTP/1.1" 403 239 "-" "-" 232 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.docker HTTP/1.1" 403 239 "-" "-" 229 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /docker/.env HTTP/1.1" 403 239 "-" "-" 229 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /docker/.env.local HTTP/1.1" 403 239 "-" "-" 235 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /srv/.env HTTP/1.1" 403 239 "-" "-" 226 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /site/.env HTTP/1.1" 403 239 "-" "-" 227 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /www/.env HTTP/1.1" 403 239 "-" "-" 226 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /var/www/html/.env HTTP/1.1" 403 239 "-" "-" 235 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env_settings HTTP/1.1" 403 239 "-" "-" 231 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.env.local.backup HTTP/1.1" 403 239 "-" "-" 235 511
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /.git/config HTTP/2.0" 403 239 "-" "-" 45 269
172.71.144.154 - - [30/Mar/2026:18:45:55 +0200] "GET /docker-compose.env HTTP/2.0" 404 75281 "-" "-" 50 75633

Code: Select all

2026-03-30 18:31:56,668 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.70.251.46 - 2026-03-30 18:31:56
2026-03-30 18:31:56,865 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.15.62 - 2026-03-30 18:31:56
2026-03-30 18:31:57,443 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.15.148 - 2026-03-30 18:31:57
2026-03-30 18:31:57,772 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.15.74 - 2026-03-30 18:31:57
2026-03-30 18:32:01,177 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.15.60 - 2026-03-30 18:32:01
2026-03-30 18:32:15,748 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.15.42 - 2026-03-30 18:32:15
2026-03-30 18:32:15,922 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.15.94 - 2026-03-30 18:32:15
2026-03-30 18:32:16,098 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.70.251.45 - 2026-03-30 18:32:16
2026-03-30 18:32:20,198 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.15.38 - 2026-03-30 18:32:20
2026-03-30 18:32:21,420 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.15.112 - 2026-03-30 18:32:21
2026-03-30 18:32:21,487 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.15.80 - 2026-03-30 18:32:21
2026-03-30 18:32:21,516 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.15.44 - 2026-03-30 18:32:21
2026-03-30 18:45:55,778 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.144.171 - 2026-03-30 18:45:55
2026-03-30 18:45:55,873 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.144.171 - 2026-03-30 18:45:55
2026-03-30 18:45:55,914 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.144.170 - 2026-03-30 18:45:55
2026-03-30 18:45:56,011 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.144.155 - 2026-03-30 18:45:56
2026-03-30 18:45:56,115 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.144.155 - 2026-03-30 18:45:56
2026-03-30 18:45:56,226 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.144.154 - 2026-03-30 18:45:56
2026-03-30 18:45:56,381 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.144.154 - 2026-03-30 18:45:56
2026-03-30 18:45:56,429 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.144.170 - 2026-03-30 18:45:56
2026-03-30 18:45:57,739 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.144.154 - 2026-03-30 18:45:57
2026-03-30 18:46:06,512 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.144.171 - 2026-03-30 18:46:06
2026-03-30 18:46:07,745 fail2ban.filter         [404889]: INFO    [kh-recidive] Found 172.71.144.154 - 2026-03-30 18:46:07
Top
User avatar
Jolinar
Community Moderator
Posts: 4294
Joined: Sat 30. Jan 2016, 07:11
Location: Weimar (Thüringen)
Contact:
Contact Jolinar

Re: Cloudflare Inferno?

Post by Jolinar »

Ich nutze selber CF nicht mehr aktiv...Aber du solltest doch Einiges an Traffic schon mit der WAF von CF abfangen können, indem du zB. gegen .env-Scans filterst.


BTW:
Ich sehe das übrigens als Problem, welches man sich selber einbrockt...
Die Krux an der ganzen Sache ist doch, daß CF die ganzen bösen Buben durch seine Free Plans anzieht wie der Honig den Bären. Das würde einem in der geschilderten Form bei alternativen Anbietern so nicht passieren, da deren Proxy-IPs viel kleiner/spezifischer sind und keine Massen-Missbrauchsprobleme wie bei CFs gigantischem Netz aufweisen.
Natürlich kann und muß das jeder für sich entscheiden, ob er an diesem Punkt wirklich sparen will...Ich bin da eher der Pragmatiker und sage: Lieber ein paar Euro in einen alternativen Anbieter investieren und so aber nicht jeden Tag viel Zeit unnütz mit dem Durchwühlen der Logs verplempern...
Wenn jemand inkompetent ist, dann kann er nicht wissen, daß er inkompetent ist. (David Dunning)

Data Collector für Community Support
___
Ich verwende zwei verschiedene Schriftfarben in meinen Beiträgen /
I use two different font colors in my posts:
  • In dieser Farbe schreibe ich als Moderator und gebe moderative Hinweise oder begründe moderative Eingriffe /
    In this color, I write as a moderator and provide moderative guidance or justify moderative interventions
  • In dieser Farbe schreibe ich als Community Mitglied und teile meine private Meinung und persönlichen Ansichten mit /
    In this color, I write as a community member and share my personal opinions and views
Top
Post Reply

Return to “Off Topic”