CloudFlare Ninja killing
spam

CloudFlare loves threat data. CloudFlare's sytem continually gets smarter through a variety of ways, including through user-reported data. So for example, users can add IP and IP ranges to their Block List. This information is fed back to the CloudFlare system benefiting the entire community. Recently, we also made some enhancements to our API that makes it even easier for CloudFlare users to feed reports of spam back to CloudFlare.

Reporting spam to CloudFlare with WordPress

If you run are running your website on WordPress, you can easily share spam data with CloudFlare.

  1. If you don't have the CloudFlare plugin installed, you will first need to install the CloudFlare WordPress plugin to get the spam reporting benefits.
  2. After you install the plugin, please go to the sidebar in WordPress for 'Plugins' and click on CloudFlare.
  3. You will need to enter in the CloudFlare API key and your CloudFlare account email address in the fields at the bottom of the configuration page. You can find your CloudFlare API key on your account page.
  4. After you've configured the plugin, you will be able to report spam back to CloudFlare for comments that are found under 'All' or 'Pending' comments. If you want to select only one comment as spam, click on the 'spam' option and this will report the data back to CloudFlare. If you want to do a bulk report of spam comments, you can also use the bulk selector to mark the items as spam like you do now.

Note: You will not be able to report spam that is already marked as spam.

Reporting spam to CloudFlare with the regular API

If you're not using WordPress, or if you want to report spam a little differently, you can use our Client Interface API to report spam back to us.

To interface with the CloudFlare Client Interface API you will need:

  • Your API Key (which is available on your account page)
  • Your account's email address
  • The root domain name for a website under your account

You may interface with the API via HTTPS POST or GET requests to www.cloudflare.com/api_json.html. Unencrypted HTTP requests are not supported. Responses are returned in a JSON format.

The API call to send spam to CloudFlare:

$value = array("a" =\> $comment-\>comment\_author,   
              "am" =\> $comment-\>comment\_author\_email,  
              "ip" =\> $comment-\>comment\_author\_IP,  
              "con" =\> substr($comment-\>comment\_content, 0, 100));  
$url = "/ajax/external-event.html?evnt\_v=" .urlencode(json\_encode($value)) .
"&u=$cloudflare\_api\_email&tkn=$cloudflare\_api\_key&evnt\_t=";

send to www.cloudflare.com, port 443;

This threat data is used to make CloudFlare smarter and benefits not only your website, but the entire community. Let us know if you have any suggestions for making it easier to feed threat data to us.

Thanks for making the web a better place!