Numrous reports of this bot net on phpbb.com affecting phpBB forums. I've seen it reported on another site that uses VB too.
The only way I know to shake them off is to require cookies for every bot.
Cloudflare. Numerous options. Generally:
Under security section go to settings and enable Bot fight mode, this will block the most egregious bot nets CF has identified. You can also enable block AI but this is for any identified AI bot which you may or may not want to block.
Next go to Security Rules, Create rule >>
1st rule is for worst offenders, set action to interactive challenge.:
Country >> Equals >> CN OR
Country >> Equals >> IN OR
Country >> Equals>> ? .......
2nd rule you can whitelist and for action issue Managed Challenge to everyone else:
Country >> Does not equal >> US AND
Country >> Does not equal >> UK AND
Country >> Does not equal >> ? AND.......
Result for this is China and India get issued a solvable captcha, the US and UK get nothing and the rest of the world gets some kind of challenge based on what CF determines ranging from "Checking your browser..." page to a solvable captcha. You can just set it to JSChallenge which is the "Checking your browser..." page. I think the default is two hours before they get it again.
You get 5 rules with free plan but each rule can have multiple conditions. ,You can also create rules for ASN, user agent and many other things. There is also rate limiting section but this has limited functionality with free plan because it will only block the IP for 10s. You need Pro plan or better for this to be really effective.
You need to install mod_rmoteiip or something that will restore original IP. CF sends numerous custom headers including original IP, country code etc If you want to fully take advantage of the DDOS protection firewall ports 80 and 443 on the server except CF IP's. Email needs a different IP and anything else that can expose the IP should be removed.
