Bad traffic in last 20-25 days - .bc.googleusercontent.com

[SpiderWeb]

Hi friends...

I have a blog and it is getting bad traffic since last 20-25 days with wordfence recognising hostname like xxx.xxx.xxx.xxx.bc.googleusercontent.com
Though i have blocked them in wordfence with advanced rules.

In last 1 month, my blog saw 189 complex attacks and 98 bruteforce attempts. Because of all checks in place at wordfence and cloudflare, all were getting failed.

But since last 20-25 days, this attack is hitting my blog again and again (though blocked at wordfence level)

Is there anyway i can block this bad traffic before reaching my website (at cloudflare firewall)...

I tried putting hostname as *.bc.googleusercontent.com (in Cloudflare Firewall rule), but this firewall rule did not work...

Any further steps will be appreciated....

Spidy

 

[Tuton]

can you Pm the website?

 

[abidbielson]

Add all these in a page rule in cloudflare

URL: https://yourdomain.com/wp-admin



And in Firewall

1)


(http.user_agent contains "Yandex") or (http.user_agent contains "muckrack") or (http.user_agent contains "Qwantify") or (http.user_agent contains "Sogou") or (http.user_agent contains "BUbiNG") or (http.user_agent contains "knowledge") or (http.user_agent contains "CFNetwork") or (http.user_agent contains "Scrapy") or (http.user_agent contains "SemrushBot") or (http.user_agent contains "AhrefsBot") or (http.user_agent contains "Baiduspider") or (http.user_agent contains "python-requests") or (http.user_agent contains "crawl" and not cf.client.bot) or (http.user_agent contains "Crawl" and not cf.client.bot) or (http.user_agent contains "bot" and not http.user_agent contains "bingbot" and not http.user_agent contains "Google" and not http.user_agent contains "Twitter" and not cf.client.bot) or (http.user_agent contains "Bot" and not http.user_agent contains "Google" and not cf.client.bot) or (http.user_agent contains "Spider" and not cf.client.bot) or (http.user_agent contains "spider" and not cf.client.bot)

2)



(http.request.uri eq "/wp-admin")

 

[sijibae]

Just check your installed plugins and theme. Make sure, there are no encrypted/encoded/obfuscated code which hard to read.

 

[robertrocks2342]

In most recent multi month, my blog saw 189 complex assaults and 98 bruteforce endeavors. On account of all actually takes a look at set up at wordfence and cloudflare, all were getting fizzled.

Be that as it may, since last 20-25 days, this assault is hitting my blog over and over (however impeded at wordfence level)

Is there at any rate I can obstruct this awful traffic prior to arriving at my site (at cloudflare firewall)...