Since two weeks hour contact form on our website is being abused. When looking at the cloudflare log i don’t see anything, Then a set a firewall rule to log the form and it was from a single IP. So i blocked that, upped the firewall setting high, but fogith mode and challenge passage to 5 minutes etc etc.
So it didn’t stop now its a different IP. So i added a challenge to the form page and it seems they can can somehow pass that!
So i think they found a way around the Cloudflare challange…
no it does not end with a 100, and they are going trough cloudflare, i check on my webserver in the logs only cloudflare ip’s there. and i see the spammers connect, they change ip once a day or something. i JS challanged the page friday and it was abused.
So today i setup a challenge for them to see, and the firewall doesn’t seem to block them.
I don not full understand what you mean with: are you rewriting on your webserver the IP addresses from Cloudflare’s to the actual client address? ??
But considering you were saying you only get Cloudflare addresses, that would suggest you are a) not rewriting address (you really should) and b) these requests really go through Cloudflare.
Can you post a screenshot of the logs of these requests?