I have created a script, which collects FAILED LOGINS and BRUTE FORCE attacks all over our hosting facilities. Website owners must agree to participate with their Wordpress and Joomla websites, then we agree to create some non-common usernames (instead of admin) and watch for hackers to try to login.
But I have A LOT of problems, because on the list of BRUTE FORCERS and LOGIN attacks are quite some CloudFlare IP addresses. There’s a pattern most of the time the same - 1 try from 1 IP address, then they wait for few hours, then repeat. And they cycle IP addresses. But they use CloudFlare a lot.
What is there to be done?
I could write abuse report t CF, but sometimes there are hundreds of attacks per day, who would follow all them?
Is there maybe some API that I can submit attack report, as soon as CF IP gets on my list? I would then first need to compare found IP with a list of CF IPs, and if matches, run some API to report issue.
But in the end there’s a question, whether those reports will do any good.