PatrickRQ Posted January 22 Share Posted January 22 Our site is being attacked with following query: https://ourdomain.com/?app=core&module=system&controller=ajax&do=getCsrfKey&path=/cdn-cgi/challenge-platform/h/g/flow/ov1/0.08870637031819933:1674421556:kajjeSQwyYqsNvnO1QhOhWLx91acnwAFij2u8_yoi50/78db81033db0bf76/9d3dff145bc62e5 Sent every second, it makes the site slow as hell, basically kills SQL performance somehow. Link to comment Share on other sites More sharing options...
opentype Posted January 22 Share Posted January 22 Looks like a Cloudflare URL: https://developers.cloudflare.com/bots/reference/javascript-detections/ PatrickRQ 1 Link to comment Share on other sites More sharing options...
Marc Stridgen Posted January 23 Share Posted January 23 Indeed, doesnt look like one of our URLs. If someone is attacking your site with an attempt to DDOS it though, you would want to get together with your hosting to mitigate that attack. That isnt really a vulnerability, its just someone hammering your site every second. Someone could attack your site in that manner using just about any URL. If they hit it hard enough, it will cause issues if not mitigated. PatrickRQ 1 Link to comment Share on other sites More sharing options...
SeNioR- Posted January 23 Share Posted January 23 (edited) It's just Bot Fight Mode. Edited January 23 by SeNioR- PatrickRQ 1 Link to comment Share on other sites More sharing options...
Recommended Posts