[ronnier]

Cloudflare is making my live very difficult right now. Spammers are hosting websites using free domains, like .ml, .tk, so an unlimited supply of random domains, hosting them behind cloud flare which prevents us from easily getting the page content or blocking the IP for a period of time since the IP is shared.

Lots of spam hosted on cloudflare these days.

[Dylan16807]

How do they make it hard to get the page content?

Is it easier/better to block by IP than to block unknown free domains?

[luckylion]

We've seen similar things where spammers scrape our sites, put them up slightly modified and use cloudflare to block access to most of the web. They're obviously letting Googlebot through, but I've tried accessing it from dozens of countries and they're always straight up denied. I don't know what they're doing exactly, maybe it's an SEO attack, or they might be running ads and allowing that traffic to pass through.

If CF had a simple way to get (verified!) customer details, much of the crime using CF would go away while the pure DDOS-protection and CDN-usage wouldn't be impacted. Legitimate companies have their legal info on their websites anyhow, they don't care if you also can query CF about who they are.

[TDiblik]

No op, but

I believe that once you put your website behind cloudflare it's really hard, if not imposible to get content using requests. Don't know about scraping tho.

Also, I think it's better to block unknown free domains, because (public) IPs can have thousands of devices asociated with them. Once you block a domain, the "scammer" has to buy a new one.

[Schnurpel]

You can get the originating IP via mod_remoteip, or its nginx brethren. You can block those IPs in your firewall, or via the Cloudflare firewall.

[capableweb]

> or via the Cloudflare firewall.

Wouldn't that be a dream world for Cloudflare? "We protect spammers and if you wanna be as well protected against said spammers, sign up for our firewall"