Hi, we are getting numerous errors in prod that we...
# ory-networkb
broad-eve-11212
09/26/2023, 11:34 AMHi, we are getting numerous errors in prod that we are being blocked by what looks like Cloudfare, we are getting a page like this returned:
Copy code
Why have I been blocked?</h2> <p data-translate="blocked_why_detail">This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.</p>s
steep-lamp-91158
09/26/2023, 11:40 AM
I do see elevated blocks on your domain, what kind of request is it that you see this? Is this on legit traffic?
b
broad-eve-11212
09/26/2023, 11:49 AMWe believe they are all legit and its the whoami call that seems to be the problem.
broad-eve-11212
09/26/2023, 11:50 AMApologies, its the toSession call
s
steep-lamp-91158
09/26/2023, 11:50 AM
according to cloudflare it is 97% SQL injection
steep-lamp-91158
09/26/2023, 11:50 AM
we are further looking into it
steep-lamp-91158
09/26/2023, 11:51 AM
but it did trigger very suddenly
b
broad-eve-11212
09/26/2023, 11:51 AMThanks
s
steep-lamp-91158
09/26/2023, 11:52 AM
we also do see a sudden ~400% traffic increase on your domain, so I do suspect something weird going on
steep-lamp-91158
09/26/2023, 11:52 AM
will keep you updated
b
broad-eve-11212
09/26/2023, 11:52 AMYeah, we getting suspicous now as well. Will keep checking our side
s
steep-lamp-91158
09/26/2023, 11:59 AM
Can you share the few lines of code where you do the
toSessionb
broad-eve-11212
09/26/2023, 12:03 PMThanks Patrik, looks like it was somewhat a false alarm. We had a Pentest that was supposed to run (but not on Prod!) and they started early and it looks like it was them.
We’ll get that stopped. But for now, thanks for the help!
s
steep-lamp-91158
09/26/2023, 12:03 PM
OK 👍
2 Views