New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Attacks from cloudflare IP ranges
From about two weeks I have been seeing a lot attacks from IPs belonging to cloudflare. These are not attacks redirected through their proxy to domains added to CF but ssh or smtp login attempts, port scans etc.
Here's few examples CF IPs that has several dozen reports on abuseipdb:
https://www.abuseipdb.com/check/104.28.159.66
https://www.abuseipdb.com/check/104.28.159.9
https://www.abuseipdb.com/check/104.28.159.89
https://www.abuseipdb.com/check/104.28.159.90
Has cloudflare recently started selling some VPNs or what's the deal here? I know apple has their private relay working on cloudflare network, but they seem to only allow traffic on http(s) ports? Or maybe it is IP spoofing? What do you think?
Comments
Warp is their vpn. Yes, it happens, but cf abuse dep is extreme. Report and go to sleep.
We also see attacks from Cloudflare IPs. But most attacks against us are TCP/UDP and not http requests. I think thats IP spoofing
We can confirm TCP connections to the honeypots, that is not an IP spoof. CF does not give a damn on portscan abuse complaints and keeps saying "We are CDN!!!"
I promise you that one day I will ban AS13335 and whitelist their CIDRs used by reverse proxy for website protection.