Message Board

Newbie/Basic Questions

Older Posts ]   [ Newer Posts ]
 DoS via ProjectHoneyPot / CloudFlare?
Author: J.Peters13   (16 Aug 18 11:02pm)
If someone sends or posts spam messages containing a link to my website, does that cause the IP of my server to get blacklisted? If so, that's a DoS attack, because CloudFlare trusts ProjectHoneyPot, and will block access from my server IP address to other websites.

I'm trying to figure out why my RSS fetching script keeps getting blocked by CloudFlare. I only fetch once a day from the affected URLs, so that shouldn't be triggering any limits. I've double-checked everything -- all the data I'm serving checksums correctly, there are no extra files, I'm not running anything dynamic (no PHP, no Wordpress etc). There's nothing odd in the logs. I've run chkrootkit and lynis. So I'm not serving malware or hosting viruses or rootkits or anything like that.

Right now I think ProjectHoneyPot is giving a false positive for my IP address, but since I can only get a summary from the page, not details of what spam posts it has collected (42 in the last 6 months it seems), I can't debug what is going on.
 
 Re: DoS via ProjectHoneyPot / CloudFlare?
Author: H.User1325   (16 Aug 18 11:31pm)
No only the source IP of spam is tracked not any links contained in the spam.
 
 Re: DoS via ProjectHoneyPot / CloudFlare?
Author: J.Peters13   (17 Aug 18 9:25am)
The text on the page is misleading then. It says:

42 appearance(s) in spam e-mail or spam post urls

Really I think if the aim is to get everyone to tighten up their servers then you should provide full evidence to the owner of the IP address to help them debug it. I've been pushing CloudFlare to give me full evidence, but I think they don't have it. They just trust ProjectHoneyPot.
 
 Re: DoS via ProjectHoneyPot / CloudFlare?
Author: J.Peters13   (18 Aug 18 7:39am)
To anyone in the same situation, you can resolve CloudFlare's CAPTCHAs and whitelist on ProjectHoneyPot by using `ssh -D 54321 ...` to create a SOCKS proxy from your local machine to the server machine. Then configure 127.0.0.1 port 54321 as the SOCKS proxy in Firefox.

I think that should be put in the FAQ.

I think when accessing from the IP address itself, there should be a link to view all the evidence gathered by ProjectHoneyPot to allow the problem to be debugged. I still don't know whether this is a real problem due to misconfiguration of my server, or someone spamming links to my site, which is what it appears to be from the description.

Post Edited (18 Aug 18 7:40am)



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–20, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email