I’ve kind of been bugged out by the amount of botters and hack attempts on my very modest site. I average almost 10 blocked IPs in my wordpress firewall per day. That’s unacceptable. So I registered for Cloudflare and installed fail2ban and started banning IP’s in iptables…This is useless. Furthermore, even after installing mod_cloudflare (to get the botter’s actual IP’s), I was just banning an IP that was Cloudflare proxied.
So, in order to stop them at the Cloudflare level, you can ban them in Cloudflare’s firewall via their API: Head on over to the cloudflare api page and simply copy-pasta this POST request into your fail2ban ban action script. Then, check your Cloudflare firewall:
success
If everything went well, you should start seeing the botters’ IPs in your Cloudflare firewall, before they even reach your machine.
Time spent researching fail2ban and getting regex expressions to work? Almost 3 hours. Peace of mind? No not really. Watching IP’s fill up in my Cloudflare firewall? Priceless.
UPDATE 10/11/2015:
I think this has been a success. Roughly ten days later, I have 100+ blocked IP’s in Cloudflare, over 4000+ blocked connection attempts. And most importantly, Cloudflare helped me save 182 MBs of bandwidth.
