Stop HACKERS and BOTS from reaching your website server - Cloudflare
ฝัง
- เผยแพร่เมื่อ 18 ก.ค. 2022
- Stop HACKERS and BOTS with FREE Cloudflare WAF
FREE: cloudflare.com
WAF layered defenses
Cloudflare managed rules offer advanced zero-day vulnerability protections.
Core OWASP rules block familiar “Top 10” attack techniques.
Custom rulesets deliver tailored protections to block any threat.
WAF Machine Learning complements WAF rulesets by detecting bypasses and attack variations of XSS and SQLi attacks.
Exposed credential checks monitor and block use of stolen/exposed credentials for account takeover.
Sensitive data detection alerts on responses containing sensitive data.
Advanced rate limiting prevents abuse, DDoS, brute force attempts along with API-centric controls.
Flexible response options allow for blocking, logging, rate limiting or challenging.
#firewall #WAF #CLoudflare - วิทยาศาสตร์และเทคโนโลยี
Fire content as always thanks, brother. I'm setting up Cloudflare for my website and I was looking for WAF rules I may have missed out on. I will be implementing a few of the ones you've mentioned.
Hey Jake,
Awesome, glad to hear it! I'm always happy when people find my content helpful. Let me know if you have any questions about setting up Cloudflare or the WAF rules - I'd be more than happy to help out.
@@SaaStuto Thanks, bro I appreciate that. I’m going through the settings now that my name server is transferred to Cloudflare. Your video has put me halfway through there already so thank you 😊 🙏.
The country WAF rule is working brilliantly you wouldn’t believe the number of unwanted countries it blocked in less than 24hrs. 😂 I’ve got a niche online store selling to the UK market only and my server used to get hit with requests from irrelevant audiences.
Great information! Thank you for creating this video and protecting a fellow business owner!
Hey @Iordnutz, So happy to hear that you found the information useful! Keeping the business community protected is definitely a priority. Appreciate you watching!
Good video , you showed me some new things to block - I have been getting hammered with bots lately , its so bad if I didnt have cloudflare my server would be maxxed out most of the time
Hey @ecswest6083, Glad to hear you found some new insights from my video! Dealing with bots can indeed be a hassle. Keep strong, stay protected and remember, sharing is caring so, pass on the knowledge to a friend in need!
Great clear video. Dont really need the sub, but giving it anyway cos the vid is so useful. Keep up the good work.
Hey Patrick McCarthy,
Thank you so much for your kind words and support! I'm really glad you found the video useful, that means a lot to me. Your subscription is very appreciated - thank you!
Really great video. Very useful. I've also had Cloudflare for a few days now and I'm very impressed. Especially the geo-blocking feature, HTTP1.0, known bots and the threat score are useful for my personal websites. I have just allowed Europe and North America and blocked countries like Russia and Ukraine (due to current events). It's enough that the world is a war zone, it doesn't have to be my server too.
Hey @Voigt_Analytics, I'm glad to hear the video was useful and that you're finding Cloudflare beneficial for your personal websites. It sounds like you're making great use of the features, especially given the current global situation. Stay safe, online and offline. :)
I love Cloudflare I use it for all my sites. Thanks for the recommendation; I will compare it with my current rules and apply the necessary changes. The majority of bad requests I've received to date come from the following countries: Russia, Singapore, the US, France, the Netherlands, South Africa, China, India, Indonesia, Germany, and so on. These are countries I have no business with, so blocking countries you don't serve is a no-brainer.
Hey Alex,
That's great to hear! I'm glad you found Cloudflare helpful. Please let me know if there is anything else I can help with!
@@SaaStuto -- I'm good for now and I feel like I have covered all if not most of the corners. 😂So keep up the awesome work. Your videos are helpful.
Singapore is terrible Germany my 2nd worst , they are my biggest hassle as well . Im pretty sure its chinese hackers using vpn's because everyone known for so long so much hacking out of china they get region blocked so much
Thank you so much!! It did help.
Hey Frank,
You're welcome, I'm glad you found it helpful! If there's anything else I can do to help just let me know. Thanks for watching and have a great day! :)
Thanks for sharing! Subbed.
Hey @AutomotiveForBeginners, That's awesome to hear! Hope you enjoy the upcoming content. Do not hesitate to share the videos you find useful.
Looks interesting, thank you
Hey @pasanflo, Hey, I'm really glad you found it interesting! Feel free to share it with others who might also find it helpful.
Thank you so much
Hey Cat Clothes,
You're welcome, I'm glad you found it helpful!
Fantastic!!
Hey André Francisco,
Wow, thank you so much! I'm really glad to hear that and I hope you continue to enjoy my content. :)
Muy buenas reglas para evitar los bots. Gracias por la explicación. Un saludo desde España
¡Muchas gracias! Estoy contento de que te haya gustado mi explicación. ¡Un saludo desde Mexico!
Thank You So much brother 💌 love from Bangladesh
Hey Seaworthy Fish,
Thank you for the love from Bangladesh! It really means a lot to me. I'm glad my videos have been able to reach people all around the world and that they find them helpful. Thanks again, stay safe and take care!
Thank you sir, usefull and good video
Hey @expertcoder3101,
Thank you so much! I'm glad the video was useful and that you enjoyed it. Please share this with your friends if they could benefit from watching it too.
Thanks:-)
Hey Shahir Naga,
No problem! You're welcome.
Great explanation. I have started using Cloudflare, so this was a very useful tutorial. Fast and to the point. In addition to the WP file blocks discussed, is there a list available for other common platform/dev specific files we can block?
Thanks for the kind words! I'm glad you found the tutorial useful. As far as other platform/dev specific files to block, Cloudflare has a list of recommended file types that should be blocked in their documentation here: support.cloudflare.com/hc/en-us/articles/200170086-What-file-types-shouldn t -I-. Hope this helps!
Amazing bro thanks for this valuable information
Hey My CH,
Thank you so much for the kind words and your appreciation! I'm really glad that this video was helpful to you. If there's anything else I can help with, please don't hesitate to ask. :)
Good idea thanks
Best stop these bots before they reach the site
@@SaaStuto my traffic from india, tell me-> what can i set country challange. (my site is attecking on my site, please help me)
Your explanation is good, but how can you prevent content scraping...i tried to block a website ip address that perform the content scraping, moreover, i excluded all other bots except user agent(googlebot & bingbot) and i have done all these in cloudflare WAF, yet unable to stop them from doing the content scraping
Hey zayn clips,
Thank you for your question. The best way to prevent content scraping is by using a Content Security Policy (CSP). CSPs are effective at stopping malicious bots from stealing and replicating content, as it blocks requests coming in through an unauthorized source. Additionally, you can also use CAPTCHAs or honeypots to further protect your site's content against scrapers. Hope this helps!
Very Nice!
Thanks
@@SaaStuto my traffic from india, tell me-> what can i set country challange. (my site is attecking on my site, please help me)
Great video 👍, can you please tell me I am planning to upgrade the shared hosting to dedicated cloud hosting in the same hosting provider but in new hosting they are not providing Ipv6, but in shared hosting, they have provided it, Do I delete the ipv6 record in Cloudflare?
Hey asmr allz,
Thanks for the positive feedback! You'll need to contact your hosting provider and ask them if they provide IPv6 in their dedicated cloud hosting. If not, then you can delete the IPV6 record from Cloudflare.
Thank you so much for this great video. I am having issue with the IP source address not equals rule, I put my ip in it but it not letting me access my admin panel. I did same as how told in the video.
Hey @raghavgakhar09, Glad you found the video great! Just double-check the IP settings and maybe try a quick reboot. Hope that helps! 😊
I wonder if this kind of limitation affect your SEO? Does it? And what would be the better setting to avoid loosing SEO if any ?
As long as you don't block search engines or public pages you are ok
Great info. But I need help. I added the managed challenge if not verified bot since last week on 4 websites.. and I noticed since than all four websites have big drop in Organic Traffic, but the same amount that dropped is added as direct traffic in my GA4. Any idea what this is, because it distorts my data a lot 😢
Hey @thenoobdev, Hey there! Hmm, that's interesting and it sounds frustrating. Maybe try adjusting a few things and see if that helps. Hang in there! 😅
@@SaaStuto it's so weird.. Organic went from 5k daily to near 0.. While Direct traffic went from near 0 to 5k daily :/
amazing
Hey NOFOOD?,
Thanks so much for the kind words! I'm glad you enjoyed my video and that it was helpful. :)
@@SaaStuto easily explained. Any ideas how to stop people from downloading videos from my site? Possible with cloudflare you think?
Hello SaaStuto,
I want to block the access to my website from all other countries except India... I Can Do that by ClouldFlare Rules does that effect the SEO...
Thanks for the question. Yes, you can block access to your website from all other countries except India with CloudFlare rules without affecting SEO. However, it is important that you set up the rules correctly so as not to interfere with any of your content being indexed by search engines or appearing in SERPs (Search Engine Results Pages). If done incorrectly there could be a negative impact on SEO performance.
Pls can you tell us how to enable google adsense and indexing once you block other countries?
Is the country challenge not going to cause issues with search engine crawlers like Bing and Google?
Update: I have whitelisted Google and other good bots.
Correct, update good bots to pass
I am getting deceptive site ahead again & again i want to fix it through cloudflare what should i do for that please tell me sir 😢 3:29
One of the WAF rules is being too hard. Try disabling one by one and test to see what rule is causing the issue.
How can we protect AdSense by use of cloudflare, want to add setting like 1 user can only click maximum 2 times on our advertisement in 1 day
That would probably set in adsense and not in cloudflare
my traffic from india, tell me-> what can i set country challange. (my site is attecking on my site, please help me)
In the WAF section. create a rule to block or challenge the country
if i say -> captcha if threatscore is 1 or 2, is that too low?
Yes
@@SaaStuto because to many false positivs?
It is a good way but it is not enough! You can not stop hackers by only using this unless your host provider is Cloudflare which is not the case, I assume for most people. The IP address can be easily found and the hacker can use it to request a connection to the site or the server by writing just the IP address and then /wp-login or the server port. To solve this you need to enforce your server to only accept HTTPS connections from Cloudflare; otherwise, this method would be useless. Also, you need to make sure that you get the other stuff right like server security updates, exposed ports, DNS Protection, OWASP firewall (Included in the Cloudfalre Paid Plan), etc.
You are correct that using Cloudflare's WAF alone may not be enough to fully protect a website or server from hackers. To increase security, it is important to also enforce HTTPS connections from Cloudflare and keep the server updated with security patches and firewall configurations. Additionally, using other security measures such as DNS protection and an OWASP firewall can also help to further enhance security.
Good evening, I'm from Brazil, I need to block the United States, but I need to let Google bots pass and also adsense trackers, is it possible to do this in Cloudflare?
Hey Charles Moura,
Yes, it is possible to block the United States in Cloudflare while allowing Google bots and Adsense trackers. To do this you will need to create an access rule that allows certain IP addresses or domains through your firewall. You can find more information on how to set up these rules here: support.cloudflare.com/hc/en-us/articles/200170056-Creating-access-rules
@@SaaStuto It didn't help me with what I need, but thanks for answering. :(
is cloudflare useful for api endpoints?
Yes, definitely
Is it still free in June of 2024?
Yes 💯
Si hago tal cual lo dices no tendré problemas para que el robot de Google adsense acceda a mi blog, apenas lo voy a monetizar y quiero bloquear ciertos países ya que hace unos meses tuve un ataque y no paso a más pero no quiero bloquear al robot de Google 😩 espero me puedas responder
Configura Cloudflare WAF para permitir el tráfico del User Agent "Googlebot" antes de bloquear los países deseados, así no interferirás con el acceso de AdSense a tu blog.
This doesn't help if they find out your server IP. They'll just bypass cloudflare and use your server IP directly
That's not correct. Plus, the server IP is public and anyone can know it via DNS checker
@@SaaStuto this video explains it
th-cam.com/video/YRsZoySY3Zo/w-d-xo.html
@@JamesAutoDude --- If hackers find your origin IP, then this is where your host comes into play. If you use a decent host, they'll take care of it, especially if you're on a managed solution. If you manage your own server, then you'll have to protect it yourself or hire competent pros to do it for you. There is no perfect method, and companies big and small get hacked all the time. So it's just about making it as hard as possible. This video does a good job of showing people how to protect their websites at the DNS level. Server protection is another whole level.
For example:If you use nginx, you can block all IP addresses and allow only those IP addresses which cloudfare uses. This way only cloudfare can access ur server and no one else
Good afternoon. Please, I need help. Serous help
What happened?
Hey Kosisochukwu Emmanuel Derrick Udeh,
I'm sorry to hear that you need help. Please let me know what I can do to assist you.
@@SaaSMaster Good afternoon. I have disabled and even deleted my rss feed from feedburner and Blogger dashboard. Yet Indians are still scraping my contents and outranking me
@@SaaStuto What do I do please?
Excelente video tutorial muchas gracias por toda esta gran ayuda.
🍀 p̴r̴o̴m̴o̴s̴m̴
🚀