Why are banned IPs allowed to access my site?

I have set up a number of Firewall rules to block IP ranges that I have seen to sent me multiple spam messages through contact forms on my websites.

But lately, I’ve continued to get a slew of spam messages on my contact forms from these IP ranges. Anyone know how that can be?

The requests most likely circumvent Cloudflare and connect directly to your server. Make sure your server is firewalled off and only accepts connections from Cloudflare’s datacentres.

Interesting. Do you have a guide somewhere that talks through how to do that?

Firewall configuration would be a topic for StackExchange I am afraid :slight_smile:

Simply make sure that you accept only web requests from aforementioned addresses and drop everything else.

1 Like

My VPS host offers an easy firewall GUI. Keep in mind that such a firewall requires root access at the server. Some hosts have their own firewall configuration for websites. What’s your hosting setup?

I’ve also done a cheater method with .htaccess:

This topic was automatically closed after 30 days. New replies are no longer allowed.