Guest post written by AI (ChatGPT)
User: Write a blog post about DDoS protection using the Cloudflare free plan.
ChatGPT:
Introduction: Maintaining a secure online presence is of utmost importance in today’s digital landscape. However, the rising threat of DDoS (Distributed Denial of Service) attacks poses a significant challenge to the availability and security of websites and applications.
Read more Safeguarding Your Online Presence: Cloudflare’s Free DDoS Protection
According to Cloudflare, “Bot Fight Mode is a simple, free product that helps detect and mitigate bot traffic on your domain”. It attempts to identify traffic from bots that are absent from Cloudflare’s good-bot list, and – unfortunately does not block them, but rather issues “computationally expensive” challenges to make them expend time and resources before moving forward with their potentially nefarious mission.
In August 2017, Cloudflare terminated service to the despicable website Daily Stormer. CF had never previously terminated service to any website based on objectionable content, and had stated repeatedly that it would never do so. Two years later, in August 2019, CF terminated service to the equally despicable website 8chan.
Read more A slope gets slippery, just as Cloudflare’s Matthew Prince predicted
Every time I create a new post or page using WP, the post or page is automatically duplicated in an RSS feed – for example wppov.com/mynewpost/feed. It isn’t exactly an evil twin, just antiquated and – by 2023 standards – more troublesome than useful.
RSS feeds were popular and useful a decade or two ago, but not so much in 2023. These days feeds are more likely used for content scraping, data mining, and spamming. No thanks, I’d rather block this bad behavior.
On November 1, 2022 Cloudflare officially declared End-of-Life for its cPanel plugin that provided one-click setup and access to certain common CF admin functions (CF/cP integration had been deprecated a year earlier).
I review my Cloudflare firewall rules infrequently – maybe every couple of years – so I didn’t notice immediately when early in 2022 CF retired their CAPTCHA (thus ending the Cloudflare CAPTCHA Kerfuffle – oh well, it was fun while it lasted) and deprecated their JavaScript Challenge in favor of their new, more advanced Managed Challenge.
Not bad …
Toward the end of September 2022, Cloudflare breathlessly announced the introduction of Turnstile, a free “user-friendly, privacy-preserving alternative to CAPTCHA”
In spite of being urged by the Ukrainian government and others, Cloudflare is refusing to pull its services from Russia.
As a precaution against distributed denial of service (DDOS) attacks, I allow access to my websites only through Cloudflare. Direct access – for example using my IP number – is not permitted. I put a bit of code in my htaccess file that checks to see if the Cloudflare IP Country header is present. That worked fine but would be pretty easy for a determined bad guy, gal, nonbinary person, or bot to defeat – especially since I posted here about it.
Recently CF added a Transform Rule feature. It consistently amazes me the great features that CF makes available on their free tier. Using a Transform Rule, I can create a custom, secret request header which I can then check for using htaccess. Something like this …
Every once in awhile I login to Cloudflare and browse around the dashboard, looking for any new features on the free plan – to their credit CF adds helpful new features frequently. Today I noticed the new Security Center, and I was anxious to try it out.
Read more New Cloudflare Security Center – Beta, use with caution
Cloudflare is being sued in California court by two wedding-dress makers – yep, wedding-dress makers – for copyright infringement. According to Mon Cheri Bridals and Maggie Sottero Designs, Cloudflare has “failed to terminate sites” that the plaintiffs claim are selling counterfeit dresses.
Read more Cloudflare – responsible for copyright infringement?
Cloudflare announced its new Automatic Platform Optimization (APO) service for WordPress sites on October 2, 2020. APO promises to accelerate the speed of WP sites by smart-caching of HTML. By default, Cloudflare caches only ‘static’ content such as CSS, JavaScript, and images, but not HTML. A great thing about the new APO service – it is free if my site is hosted on WordPress.com, and no-additional-cost if I am on a Cloudflare paid plan. Read more Cloudflare APO
Rule 1: Allow Good Bots | Rule 2: Block Potentially Malicious Requests | Rule 3: Block Bad Bots | Rule 4: JS Challenge
In some cases I want to keep bots off a page, but I don’t want to block or unduly inconvenience humans. A JavaScript challenge will display an interstitial page for about five seconds while Cloudflare performs a magical check to verify the visitor is human. Suspected bots will be served a Captcha.
Read more Cloudflare Firewall Rules for WordPress: JS Challenge
Rule 1: Allow Good Bots | Rule 2: Block Potentially Malicious Requests | Rule 3: Block Bad Bots | Rule 4: JS Challenge
Good bots are whitelisted by Rule 1. Some bad bots will be blocked by Rule 2. I’d like Rule 3 to block *all* remaining bots, but that isn’t possible as far as I know. I’ll block as many as I can.
Read more Cloudflare Firewall Rules for WordPress: Block Bad Bots
