In the first half of 2023, automated bots constituted nearly 48% of total internet traffic, predominantly dominated by malicious and other bad bots, which contributed to 30% of the overall traffic.
In a study commissioned by Netacea, an AI-driven bot detection service, Coleman Parkes surveyed 440 businesses, revealing that 53% of all bot attacks originated from Russia and China.
The findings also indicated that 72% of respondents experienced bot attacks traced back to China, while 66% reported incidents linked to Russia.
With the rise of cyber threats, protecting your website from spam and bad bots, particularly those originating from China is crucial. However, a knee-jerk reaction like blocking an entire country may not be the most prudent choice, considering the potential impact on search engine optimisation (SEO) and protentional international sales.
This is where Cloudflare steps in with an effective solution: the Web Application Firewall (WAF) and its Managed Challenge feature.
Why Blocking an Entire Country is Not the Best Answer:
While blocking access from a specific country can be tempting, it’s essential to consider the broader implications. Such a strategy can negatively affect your website’s SEO, as search engines may interpret the blocking as a form of restricted content.
Additionally, if your business targets an international audience, you risk alienating potential customers and hindering global sales opportunities.
The Cloudflare Advantage:
Cloudflare, a leading web security and performance company, offers a sophisticated solution to this conundrum. By leveraging Cloudflare’s WAF and specifically utilising the Managed Challenge feature, you can effectively thwart Chinese spam and bad bots without resorting to drastic country-wide blocks.
Benefits of Cloudflare’s Managed Challenge:
- Precision in Targeting: Instead of a blanket block, Cloudflare’s Managed Challenge provides a more nuanced approach by targeting traffic from specific regions, minimizing collateral damage.
- Maintaining SEO and International Reach: By not outright blocking a country, your website maintains a healthy SEO standing, and you can continue to attract international visitors and potential customers.
- Dynamic Protection: Cloudflare’s WAF continuously evolves to adapt to emerging threats, ensuring that your website stays protected against the latest spam and bad bot tactics.
Understanding Cloudflare’s Managed Challenge:
The Managed Challenge feature in Cloudflare’s WAF allows you to set up rules to manage and filter incoming traffic from specific regions, in this case, China. Here’s how it works:
- Identification of Chinese Traffic: Cloudflare’s extensive network identifies incoming traffic based on its geographical origin. Through advanced algorithms, GEO IP and ASN databases, it accurately discerns requests coming from China.
- WAF Rules Configuration: With the WAF, you can create rules to manage traffic from China. The Managed Challenge feature enables you to set up a rule that places all connections from China under a challenge.
- Challenge for Legitimate Users: When a connection from China is detected, Cloudflare imposes a challenge. This challenge can be in the form of a CAPTCHA or other human validation methods. Legitimate users can easily pass this challenge, ensuring they can access your website without hindrance.
- Blocking Bad Bots: Simultaneously, the Managed Challenge feature acts as a formidable deterrent against bad bots. Since many malicious bots struggle with CAPTCHAs and similar challenges, they are effectively thwarted at this stage.
Cloudflare Challenges
When a website is protected by Cloudflare, there are several occasions when it will challenge visitor traffic:
- The visitor’s IP address has shown suspicious behavior online (as tracked by Project HoneypotOpen).
- The website owner has blocked the country associated with the visitor’s IP address.
- The visitor’s actions have activated a WAF custom rule enabled by the website owner.
If the visitor passes the challenge, their request is allowed. If they fail, the request will be blocked.
Cloudflare Managed Challenge (recommended)
Managed challenges are where Cloudflare dynamically chooses the appropriate type of challenge based on the characteristics of a request. This helps avoid CAPTCHAs, which also reduces the lifetimes of human time spent solving CAPTCHAs across the Internet.
Unless there are specific compatibility issues or other reasons to use other types of challenges, you should use managed challenges for your various custom rules.
Depending on the characteristics of a request, Cloudflare will choose an appropriate type of challenge, which may include but is not limited to:
- A non-interactive challenge page (similar to the current JS Challenge).
- A custom interactive challenge (such as click a button).
- Private Access Tokens (using recent Apple operating systems).
How Block Bots From China -Cloudflare Managed Challenge
Step-by-step guide
1. Create a Cloudflare Account:
- Go to the Cloudflare website and sign up for an account if you don’t have one already.
2. Point Your DNS to Cloudflare:
- Change your domain’s nameservers to the Cloudflare nameservers provided during the account setup process. This is usually done at your domain registrar.
3. Navigate to WAF (Web Application Firewall):
- Log in to your Cloudflare account.
- In the dashboard, navigate to the “Security” section and then click on “WAF.”
4. Create a New Rule:
- Within the WAF section, find the option to create a new rule.
- Click on “Create Rule”
5. Follow the Instructions In The Image Below
The managed challenge rule will result in legitimate users and traffic from China presented with the following page before visiting your website. (Conducting Browser Checks) Approx 2 seconds.
Challenge Security Log Sample – Cloudflare Activity Log
Blocking Bad Actors And Bots From China- Summary
Implementing a Cloudflare managed challenge to block automated malicious bot traffic from China while preserving access for legitimate users is a prudent and effective security measure.
It is essential, however, to regularly assess and fine-tune the rules, taking into account evolving threat landscapes and changes in IP addresses associated with China.
Continuous monitoring of Firewall Events and proactive adjustments to rule settings will contribute to the accuracy and efficiency of the implemented security measures, preventing false positives and negative.
By adopting a targeted approach to blocking bad actors from China, organisations can strike a balance between security and accessibility, safeguarding their online assets without unnecessarily restricting access for legitimate users.
Additionally, the approach provided in this article aligns with the principles of risk-based security, allowing organisations to adapt their defenses in response to specific threats while maintaining an optimal user experience for their global audience.
