workers.dev spam | Cloudflare Developers | Page 1

storm dragon Apr 9, 2024, 2:52 PM

#

My workers are receiving a lot of spam lately on the workers.dev routes. Should they be disabled or is there a better way to handle it?

rigid merlin Apr 9, 2024, 3:01 PM

#

Disabling is the best way.

#

It is because bots scrape the certification issue list so they see the ones issued to your dev domain

storm dragon Apr 9, 2024, 3:38 PM

#

Ok, thanks. That was my guess. I could not see the FQDN in the TLS certificate. But maybe I looked in the wrong place.

storm dragon Apr 9, 2024, 4:21 PM

#

The TLS certificate does not contain the FQDN. So somebody thought about this but then something happend.

untold swift Apr 9, 2024, 4:33 PM

#

storm dragon The TLS certificate does not contain the FQDN. So somebody thought about this bu...

what are you talking about? There's a unique wildcard cert for every worker, here's a few examples: https://crt.sh/?q=tylerobrien.workers.dev

crt.sh | tylerobrien.workers.dev

Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)

#

storm dragon Apr 9, 2024, 4:48 PM

#

Yes, that is my conclusion too. So, the FQDN is not in the public certificate. But then there is an ordering process... Maybe the theory is a wild goosechase but somehow bots are finding the FQDN for my workers.

#workers.dev spam