My website has been getting plagued with fake account signups lately, some of which have managed to bypass Cloudflare.
For example, I had a fake account created yesterday evening (20:14) from someone apparently in Ukraine with an IP of 188.8.131.52 (I don’t care about sharing spammer IPs). I know it’s a fake account as the fields were filled with spam messages.
I checked the logs on the host and can confirm the date and IP on the servers own logs, but when I go into Cloudflare’s Firewall Events page neither the IP address or anyone from the Ukraine show up in the filters!? FYI I checked cloudflare a few hours later so it should still be in the 24 hour log and events are listed before and after that time period.
So, am I missing some setting that’s allowing some nefarious visitors to bypass Cloudflare’s firewall and not get logged? Or are these hackers now bypassing the firewall completely?