“...I've been working since 2008 with Ruby / Ruby on Rails, love a bit of Elixir / Phoenix and learning Rust. I also poke through other people's code and make PRs for OpenSource Ruby projects that sometimes make it. Currently working for InPay who are based in Denmark...”

Rob Lacey
Senior Software Engineer, Copenhagen, Denmark

Blocking Chinese Bots from your Shopify store

After realising that Bot traffic originating from China takes up significantly more hits to a store than normal traffic, we’re taken steps to try and block traffic to get analytics back in good order. Here are the CloudFlare rules we’ve gone with.

Block CN + Other Regions

Blocks all traffic that Cloudflare sees as coming from China according to GeoIP.

(ip.geoip.country in {"CN" "RU" "KP" "SY"})

Block China Unicom ASNs

AS 4134 is the “ChinaNet Backbone” (China Telecom).

ip.src.asnum in {4134}

Block China Unicom ASNs

These are several ASNs owned by China Unicom. For example, AS 4837 is a well-known Unicom backbone. Cybercrime Information Center. AS 133118 and other ASNs (136958, 134543, 135061) are also associated with Unicom.

ip.src.asnum in {4837, 133118, 134543, 135061, 136958}

Block China Mobile / CMCC ASNs

AS 9808 is commonly associated with China Mobile.

ip.src.asnum in {9808}

Challenge Suspicious / Low-Reputation Requests

Uses Cloudflare’s threat scoring + bot detection to challenge likely bot traffic. Good for reducing automated “dead” sessions.

cf.threat_score > 20 and cf.client.bot

Fingers crossed this give us some respite.

Image