I run a WordPress server. WordPress being WordPress, I get several hundred IPs per day attempting to brute force logins. I have a fail2ban script which adds these IPs to an IP list which is blocked in the CloudFlare firewall. Right now I have it just set to block IPs flagged by fail2ban for an hour. This works pretty well, but I’m curious about effects on IP reputation and the like. If I set it to browser challenge mode and the bot fails, which it will, does that continue to block queries from that IP until a challenge is passed, or will it be allowed back unchallenged after the fail2ban rule expires[1]? Does getting blocked or failing a browser challenge affect the IP’s reputation or behaviour for other CloudFlare sites? (Anything which is trying to brute force my login will be doing it to other sites as well - it would be nice if I could hint to CF it’s a bad IP, for example.)
[1] Obviously I can set fail2ban’s timeout higher, but there are tradeoffs here with recycled and shared IPs.