Непонятные запросы с разных IP

[Вито 4]

Ребят помогите, если кто сталкивался идет множество запросов на сайт с разных IP, но у них есть похожая схема

78.138.172.96 - - [19/Dec/2022:21:31:21 +0300] "GET / HTTP/1.1" 200 141260 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"
91.201.236.50 - - [19/Dec/2022:21:31:21 +0300] "GET / HTTP/1.1" 200 141268 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"
185.54.238.36 - - [19/Dec/2022:21:31:21 +0300] "GET / HTTP/1.1" 200 141268 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"
94.232.91.170 - - [19/Dec/2022:21:31:22 +0300] "GET / HTTP/1.1" 200 141268 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"
217.17.163.77 - - [19/Dec/2022:21:31:22 +0300] "GET / HTTP/1.1" 200 141268 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"

Где-то читал, что могли включить дешевую накрутку трафика, пока пагубного влияния на сайт не заметил, но ждать не хочу. если кто-то сталкивался с подобным, напишите плиз) Или может это фигня и я зря парюсь, но таких запросов реально много(

[files 2844]

HTTP/1.1 - это обычно боты

Уже давно, около 90% посещений на сайтах - боты (не только краулеры, но и накратка ПФ, полный вагон другого счастья). 

Закрывать доступ всякому мусору рекомендуется! Если у вас cloudflare, можно так (в Security - Firewall rules):

(http.request.version in {"HTTP/1.0"} and not cf.client.bot) or (http.user_agent eq "") or (http.user_agent eq " ") or (http.user_agent eq "-") or (http.user_agent eq "'") or (http.user_agent contains "'XOR(") or (http.user_agent contains "ALittle") or (http.user_agent contains "got (") or (http.user_agent contains "quic-go-HTTP") or (http.user_agent contains "Go-http-client") or (http.user_agent contains "fasthttp") or (http.user_agent contains "python") or (http.user_agent contains "java") or (http.user_agent contains "Nmap") or (http.user_agent contains "scrapy" and not cf.client.bot) or (http.user_agent contains "bot" and not cf.client.bot) or (http.user_agent contains "spider" and not cf.client.bot) or (http.user_agent contains "crawl" and not cf.client.bot) or (http.user_agent contains "bot" and not http.user_agent contains "bing" and not http.user_agent contains "google" and not http.user_agent contains "yandex" and not http.user_agent contains "duckduckgo" and not http.user_agent contains "facebook" and not http.user_agent contains "linkedIn" and not http.user_agent contains "twitter" and not http.user_agent contains "yahoo" and not cf.client.bot) or (cf.threat_score ge 20 and not cf.client.bot) or (http.request.method in {"PURGE" "PUT" "OPTIONS" "DELETE" "PATCH"}) or (http.x_forwarded_for contains "192.0.") or (http.x_forwarded_for contains ".0.0") or (ip.geoip.country in {"T1" "XX"}) or (http.user_agent contains "lient" and http.user_agent contains "ttp") or (http.user_agent contains "libweb") or (http.user_agent contains "libwww") or (http.user_agent contains "wrk") or (http.user_agent contains "hey/") or (http.host contains ":80") or (http.host contains ":443") or (http.cookie contains "cf_use_ob=" and not http.cookie contains "0" and not http.cookie contains "80" and not http.cookie contains "443" and not cf.client.bot)

И контрольный выстрел можно в .htaccess

https://seo-zona.ru/badbot

[Вито 4]

20.12.2022 в 2:10 PM, files сказал:

HTTP/1.1 - это обычно боты

Уже давно, около 90% посещений на сайтах - боты (не только краулеры, но и накратка ПФ, полный вагон другого счастья). 

Закрывать доступ всякому мусору рекомендуется! Если у вас cloudflare, можно так (в Security - Firewall rules):

(http.request.version in {"HTTP/1.0"} and not cf.client.bot) or (http.user_agent eq "") or (http.user_agent eq " ") or (http.user_agent eq "-") or (http.user_agent eq "'") or (http.user_agent contains "'XOR(") or (http.user_agent contains "ALittle") or (http.user_agent contains "got (") or (http.user_agent contains "quic-go-HTTP") or (http.user_agent contains "Go-http-client") or (http.user_agent contains "fasthttp") or (http.user_agent contains "python") or (http.user_agent contains "java") or (http.user_agent contains "Nmap") or (http.user_agent contains "scrapy" and not cf.client.bot) or (http.user_agent contains "bot" and not cf.client.bot) or (http.user_agent contains "spider" and not cf.client.bot) or (http.user_agent contains "crawl" and not cf.client.bot) or (http.user_agent contains "bot" and not http.user_agent contains "bing" and not http.user_agent contains "google" and not http.user_agent contains "yandex" and not http.user_agent contains "duckduckgo" and not http.user_agent contains "facebook" and not http.user_agent contains "linkedIn" and not http.user_agent contains "twitter" and not http.user_agent contains "yahoo" and not cf.client.bot) or (cf.threat_score ge 20 and not cf.client.bot) or (http.request.method in {"PURGE" "PUT" "OPTIONS" "DELETE" "PATCH"}) or (http.x_forwarded_for contains "192.0.") or (http.x_forwarded_for contains ".0.0") or (ip.geoip.country in {"T1" "XX"}) or (http.user_agent contains "lient" and http.user_agent contains "ttp") or (http.user_agent contains "libweb") or (http.user_agent contains "libwww") or (http.user_agent contains "wrk") or (http.user_agent contains "hey/") or (http.host contains ":80") or (http.host contains ":443") or (http.cookie contains "cf_use_ob=" and not http.cookie contains "0" and not http.cookie contains "80" and not http.cookie contains "443" and not cf.client.bot)

И контрольный выстрел можно в .htaccess

https://seo-zona.ru/badbot

Спасибо огромное, только увидел ответ) А я все искал инфу по разных источниках)
У меня защита от ddos-guard через провайдера. Там можно подобный код вставить?) и обычных пользователей это не заблокирует?