Search help: |
Type what you're looking for. We will try to find it for you! |
|---|
When you log in to your CloudFlare account, you are presented with the Dashboard. On the dashboard, you will see a list of recently challenged threats from all of your sites on the CloudFlare system.
Contents |
Yes, it is pretty normal. Any threat reported on the dashboard that says "Challenged" got stopped by CloudFlare. There are a lot of bad bots online. CloudFlare tries to stop as many of them as possible without any additional action required by the website owner.
The Dashboard shows a global view of the threats, so across of all your sites on CloudFlare.
Here is an overview of what each type of threat means:
Botnet Zombie: Computers that appear to be infected with a virus and doing something like sending email spam
Rule Breaker: Automated crawler that doesn't appear to follow robots.txt and other rules
Email Harvester: Steals email addresses from websites
Web Spammer: Seen posting comment/blog spam
Exploit Hacker: Seen attempting exploits
It is possible that a threat could fall into multiple buckets (for example, most exploit hackers are also botnet zombies). The list is in approximate order of severity, exploit hacker being the most severe. So, if you're a web spammer and exploit hacker then CloudFlare lists you as an exploit hacker.
CloudFlare shows "high priority" alerts for the things that are worth worrying about. These have a little "!" symbol. Generally, these high priority alerts will fall into one of two buckets:
A. Visitors who CloudFlare blocked but passed the CAPTCHA and left you a message requesting to be permanently whitelisted
B. Visitors who were listed as threats in CloudFlare's global system but your security settings allowed to get through
Threat scores are an approximation of how bad something is within the particular category. They are theoretically infinite, but logarithmic so, in practice, you won't see anything over about 100. A threat score above 10 is already getting pretty bad. If it's in the 50s it's really bad.
No, definitely not. Generally, you can just let the system run and do its thing. If you hear complaints from users that they're getting blocked, you can go in and trust them. If something gets through that we should have stopped, you can block it. But, generally, you can just leave the system alone and it'll do its thing.
If you BLOCK/TRUST a visitor from Threat Control, then that does two things:
A. It allows you to override CloudFlare's global behavior (trusting people CloudFlare thinks are bad, but you know are not or blocking visitors permanently)
B. It teaches the system to help us refine the global system (fixing false positives and adding new threats we didn't detect in another way)
Also See: Using your threat control panel