Your metaphor indeed proved what you said is wrong. Yes unlisted phone number still cannot prevent people from calling you if they just dial randomly. But you still won’t publish your number every where. Because you know publishing the number everywhere gets trouble for you in the next minute. If you get it unlisted you may only get such calls occasionally.
Let me give another metaphor. Someone is going to a battle field and he has a bullet-proof vest. Since the vest can only cover his body but not arms legs etc, he thought OK I’m going to die anyway if I get shot so I just don’t need the vest. A veteran probably will chose to do so to save weight for other stuff. But a newbie or normal soldier still wants to put it on for a free protection.
The world is full of real hackers, regular crackers, and script kiddies. We have a fundamental diversity here:
I believe if a method is easy to implement, I still should put it on. Even if it could only stop some script kiddie type of attack. It can screen out those troubles with low cost. ( = You don’t get spam calls the next minute).
You believe that since a method is not 100% perfect, it cannot stop real hackers so than it should not be used. This is what I learned from your words. Correct me if you didn’t mean so.
Maybe from your hosting business perspective it is appropriate to do so to minimize variables. As you got your own team to worry about all this and may do better than CF in terms of fitting into your own business situation. But from a regular website operator perspective, which probably is the situation of the majority of the visitors here, I believe my approach is more practical.
Don’t over interpret what I said here and in above posts. I never said one should not set his server up right in the first place because there is CF protection. I just said he can use CF as another protection if it does not cost $1000/mo or need one 1 week to set up.
I’d rather appreciate you share some more about how to make the server setup right if CF is not helpful in your opinion.