Blog | Too big to care? - Our disappointment with Cloudflare’s anti-abuse posture | Resources
www.spamhaus.org
external-link
We're deeply concerned about the abuse management and prevention policies of Cloudflare, read the full article to understand what we're seeing, the critical issues, and our recommendations for change.

Archived link

Research into websites that are openly advertising services to a cybercriminal audience, such as bulletproof hosting, reveals that many of these domains are supported by Cloudflare’s services, the NGO Spamhaus says.

For years, Spamhaus has observed abusive activity facilitated by Cloudflare’s various services. Cybercriminals have been exploiting these legitimate services to mask activities and enhance their malicious operations, a tactic referred to as living off trusted services (LOTS).

With 1201 unresolved Spamhaus Blocklist (SBL) listings, it is clear that the state of affairs at Cloudflare’s Connectivity Cloud looks less than optimal from an abuse-handling perspective, Spamhaus writes on its website. 10.05% of all domains listed on Spamhaus’s Domain Blocklist (DBL), which indicates signs of spam or malicious activity, are on Cloudflare nameservers . Spamhaus routinely observes miscreants moving their domains, which are already listed in the DBL, to Cloudflare to disguise the backend of their operation, be it spamvertized domains, phishing, or worse.

@0x815@feddit.org
creator
link
fedilink
English
43M

The firm that protects both banks and the Eurovision Song contest (2016) - (Archived link)

Cloudflare’s roots go back to 2004 when [Cloudflare co-founder Matthew] Prince and Cloudflare co-founder Lee Holloway were working on a computer industry project they called Honey Pot […]

Five years later […] the project was far from his [Mr Prince’s] mind, when he got an unexpected phone call from the US Department of Homeland Security asking him about the information he had gathered on attacks.

Mr Prince recalls: "They said ‘do you have any idea how valuable the data you have is? Is there any way you would sell us that data?’.

"I added up the cost of running it, multiplied it by ten, and said ‘how about $20,000 (£15,000)?’.

“It felt like a lot of money. That cheque showed up so fast.”

Mr Prince, who has a degree in computer science, adds: “I was telling the story to Michelle Zatlyn, one of my classmates, and she said, ‘if they’ll pay for it, other people will pay for it’.”

Create a post

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

  • 1 user online
  • 60 users / day
  • 170 users / week
  • 619 users / month
  • 2.31K users / 6 months
  • 1 subscriber
  • 3.28K Posts
  • 67K Comments
  • Modlog