I’m a newby to all this. I have a personal website that is very elementary but has a store with a contact form. Was getting lots of phony replies which were easy to identify but annoying. My hosting service recommended a free Cloudflare account. This has reduced but not eliminated the spam/scam, so I am trying to block the ip whenever a new email comes in. The hosting service did it for me at first, but I want to do it myself. Is there any rule when you should just block the ip 196.196.53.99 vs the range 196.196.53.0/24?
As I said, I have a free account and don’t think I can create a custom rule. I’m not disputing the disposable IP address problem, but I was wondering whether the perps tend to operate through a cluster of IP addresses that might be blocked as an IP range. And as I said, these emails are just an annoyance and not much of a threat. So did I over-react by signing up for the Cloudflare reverse proxy?
Sorry. I’m so new to this that when I opened Security>WAF and it opened to Managed Rules, I didn’t notice the Custom Rules tab. Do I already have a challenge page, maybe the JS challenge? When I visit stevebrown.us, there is a brief “verifying you are human” screen, without the need to check a box. Do I need another or different page? I think the current setup is keeping robots from seeing my form page, which sends the user to mail.php, the script that sends the emails to me. But it apparently doesn’t keep the perps from getting to mail.php another way, perhaps using manual input from a stored form page that isn’t on my website. What kind of custom rule would help with that?
Thanks. I did find the custom rules page. I also discovered from my visitor logs that most of the annoying emails come from a User Agent “Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)” I’ve never created a rule. Would the syntax be Expression: https.user_agent eq “GPTBot/1.2; +https://openai.com/gptbot”
with Action: Block ?
or do I need to copy the entire string starting with Mozilla?
or something else?
For simplicity, I use a “Contains” instead of equals. Then I select a very specific piece of the UAS, like “GPTBot”. That way, if they up the version to 1.3, or some other minor change, it’ll still block.
Thanks. I suspected that might be possible, and I’ve added the rule. Am I correct that Cloudflare recommends the custom rule over the User Agent rule available under Tools?