Thousands of calls to /?wc-ajax=get_refreshed_fragments (probable bot attack)

We had our server taken down due to this traffic and now I’m trying to investigate the issue and how to prevent it going forward.

Sample of one of thousands of requests:

24.46.35.220 www.redacted.com - [25/Mar/2021:19:12:02 +0000] "POST /?wc-ajax=get_refreshed_fragments HTTP/1.1" 429 593 "https://webcache.googleusercontent.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36" | TLSv1.3 | - - 0.000 - 0 NC:000000 UP:-

Is this a new bot flood attack looking for Woo vulnerabilities? Anyone else running into this? We use cloudflare for bot protection, perhaps there are further locking down opportunities there. If anyone has insight I’d appreciate it, thanks!

• This topic was modified 3 years ago by Marty.