JComment Component Spams and CloudFlare

Hi all
I have a Joomla site and there is a Jcomment component for comments/review.
Everyday I was getting more than 50 spam comments
I have added my site to Cloudflare but there are still spams
I have blocked (security/WAF) countries from spam’s IP. But no block
I am a newbie in cloudflare so what should I do about this?
Thank you in advance for your kind help.

Regards

Any idea?
I need an urgent help ;(

What is the site? Can you show a screenshot of your WAF rules?

The simplest way to start is to set a rule to challenge all requests to the comment posting page and see if that stops the bots. You can then adjust from there.

Hi SJR
Thanks for ur kindly reply
Here is WAF rules that blocked countries. (but still spam comments)

If i block “comments that consist URL” i will solve problem
I cant solve this problem inside of my Joomla compenent (developers stopped support 5-6 years ago)
Although i added google Recaptcha (I am not robot)
Everyday getting more than 20-30 spam comments
Cloudflare could not stoppet

Regards

What is the domain?

Can you show a screenshot of rules 1 and 2.

www.avsarobasi.com

Here are SC of 1 and 2:

2 is same as 1

Use “OR” instead of “AND” between each expression. A user can’t be in “Asia AND South America” at the same time.

1 Like

And here is a SPAM COMMENT with URL
every comments includes URLs

An alternative is to set the URL for the comments page or submission to challenge all users, same as I do here…
https://cf.sjr.org.uk/about/contact

This will block bots with just a minor delay for real users.

Dear I dont understand your solution?
Could you give more details?

Create a WAF rule something like this…

1 Like

Thanks Sir
I created a rule like yours…Is it OK?
I will test it

Hi Sjr
Above rule can not stop bot spams
Did it yesterday and this evening and there are more than 10 bot spam messages there
I donnow what can i do :frowning:

The URL /post-comment in my screenshot was just an example. You need to use the actual URL of your comments posting page.

If in doubt, just use / to challenge all requests to your site.

The comment field (ie JComment) is in all page of my site
So as you said I tried to do this. Is it OK sir?
I hope it works :pray:

For some reason I maybe didn’t do the usual and most obvious check. Your site isn’t using Cloudflare…
https://cf.sjr.org.uk/tools/check?66f3e3c4d9e540a68713a0ae85f858f5#dns

You need to change the nameservers at your registrar to the 2 nameservers given at the bottom of the Cloudflare DNS page and ensure the DNS records are proxied if you want any of your Cloudflare configuration to be applied on traffic to your site.
https://dash.cloudflare.com/?to=/:account/:zone/dns/records

2 Likes

Sir
As i understood, i will add Cloudflare’s DNS to my hostings’s DNS field??
Is it correct? Or will I add my hosting DNS to Cloudflare DNS fields??
Here is DNSs in my CF dashboard now:
|NS|chelsea.ns.cloudflare.com
|NS|todd.ns.cloudflare.com

Am i right?

Set the 2 Cloudflare nameservers at your registrar, http://www.atakdomain.com/.

Your nameservers are ns17.kebirhost.com and ns18.kebirhost.com at the moment so those need to be removed and replaced with the 2 Cloudflare ones.
https://cf.sjr.org.uk/tools/check?e8ca4fc341fb4f2eb607b9626d97cbcf#whois

Make sure DNS records are configured here…
https://dash.cloudflare.com/?to=/:account/:zone/dns/records

1 Like

Hi SjR
we changed our nameserver DNS
you can check it from: intoDNS: avsarobasi.com - check DNS server and mail server health
But in sjr.or.uk it is still old dns now