It seems the issue is not fully resolved yet, as the user is still asking for additional steps and suggestions on blocking the bot’s IPs and reaching out to Microsoft. Here’s a response offering some extra tips:
It sounds like you’ve already taken solid steps with Wordfence and IP range blocking. For further action:
- Rate Limiting: You can implement stricter rate limiting on your server to slow down or stop the bot if they’re sending frequent requests.
- CAPTCHA: Add CAPTCHA for specific pages or after several failed attempts to verify human visitors.
- IP Reputation Services: You could use an IP reputation service (like Spamhaus or Project Honey Pot) to dynamically block known bad IP addresses without manually maintaining your own block list.
Regarding Microsoft, it’s tricky, but you can escalate the case by documenting everything and reaching out via security-specific contacts at Microsoft, like their Abuse team or through their Security Response Center.