Since you added the path logging to the log output (thank you!) I can see clusters of these entries, maybe 10-20 entries in a few minutes every few hours... does this path need to be excluded or is it a spambot on the frontend?
2020-03-20 07:28:05 [][][info] Value submitted is null. [https://www.clientdomain.com/index.php?p=actions/commerce/payments/pay]
This is simply an alternative way of accessing /actions/commerce/payments/pay, so I don't think it should be excluded as the spam blocking appears to be working correctly.
Since you added the path logging to the log output (thank you!) I can see clusters of these entries, maybe 10-20 entries in a few minutes every few hours... does this path need to be excluded or is it a spambot on the frontend?
2020-03-20 07:28:05 [][][info] Value submitted is null. [https://www.clientdomain.com/index.php?p=actions/commerce/payments/pay]