Too big to care? Our disappointment with Cloudflare anti-abuse posture
Spamhaus criticizes Cloudflare's anti-abuse policies, noting that 10.05% of its blocklisted domains are hosted on Cloudflare, which allows cybercriminals to exploit its services for malicious activities.
Read original article
Spamhaus has expressed disappointment with Cloudflare's anti-abuse policies, highlighting that the company’s services are being exploited by cybercriminals to mask their activities. Despite Cloudflare's role in protecting websites from DDoS attacks, Spamhaus reports that a significant portion of domains listed on its blocklist are hosted on Cloudflare's nameservers, indicating a troubling trend of abuse. Specifically, 10.05% of domains on Spamhaus's Domain Blocklist are associated with Cloudflare, with many of these domains linked to phishing and other malicious activities.
Cloudflare's current approach to abuse management involves directing reports to the website operators and hosting providers, which Spamhaus argues is ineffective. This policy allows abusive actors to continue their operations while obscuring their true locations. Spamhaus suggests that Cloudflare should suspend services to identified abusers, thereby preventing access to their content through Cloudflare's network.
The blog emphasizes that Cloudflare, as a leader in the CDN market, has the resources to enhance its abuse prevention measures. By improving its handling of abuse reports, Cloudflare could significantly contribute to online safety and trust. Spamhaus calls for a reevaluation of Cloudflare's policies to better address the issue of cybercrime and to work collaboratively with organizations to strengthen internet security.
Related
Cloudflare blocking my IP (2023)
The Cloudflare Community discusses a user facing "verify you are human" prompts on Cloudflare-protected sites. Cloudflare advises contacting site owners for resolution, clarifying they don't block IPs. User frustration ensues.
Block AI bots, scrapers and crawlers with a single click
Cloudflare launches a feature to block AI bots easily, safeguarding content creators from unethical scraping. Identified bots include Bytespider, Amazonbot, ClaudeBot, and GPTBot. Cloudflare enhances bot detection to protect websites.
Cloudflare rolls out feature for blocking AI companies' web scrapers
Cloudflare introduces a new feature to block AI web scrapers, available in free and paid tiers. It detects and combats automated extraction attempts, enhancing website security against unauthorized scraping by AI companies.
Cloudflare reports almost 7% of internet traffic is malicious
Cloudflare's report highlights a 7% increase in malicious internet traffic, linked to global events. Urges prompt vulnerability patching, emphasizes DDoS attacks, API security risks, and the need for proactive defense strategies.
Cloudflare reports almost 7% of internet traffic is malicious
Cloudflare's report highlights a rise in malicious internet traffic, driven by global events. It emphasizes the need for timely patching against new vulnerabilities, notes a surge in DDoS attacks, stresses API security, and warns about harmful bot traffic. Organizations are urged to adopt robust security measures.
5 commentsIt is just not worth dealing with Cloudflare at all in a business network.
> The advantage of this policy is that it makes life easy for Cloudflare, as they do not have to do any deep investigation or analysis of incidents, and notification flow can be largely automated. In this way, the cost of dealing with abuse is very low, benefiting the bottom line…
This seems like a variation of a fundamental attribution error.
You love to see it.
Fuck you for making it impossible to run an independent mail server without dumping hours per week into it or paying for someone else to run it.
Related
Cloudflare blocking my IP (2023)
The Cloudflare Community discusses a user facing "verify you are human" prompts on Cloudflare-protected sites. Cloudflare advises contacting site owners for resolution, clarifying they don't block IPs. User frustration ensues.
Block AI bots, scrapers and crawlers with a single click
Cloudflare launches a feature to block AI bots easily, safeguarding content creators from unethical scraping. Identified bots include Bytespider, Amazonbot, ClaudeBot, and GPTBot. Cloudflare enhances bot detection to protect websites.
Cloudflare rolls out feature for blocking AI companies' web scrapers
Cloudflare introduces a new feature to block AI web scrapers, available in free and paid tiers. It detects and combats automated extraction attempts, enhancing website security against unauthorized scraping by AI companies.
Cloudflare reports almost 7% of internet traffic is malicious
Cloudflare's report highlights a 7% increase in malicious internet traffic, linked to global events. Urges prompt vulnerability patching, emphasizes DDoS attacks, API security risks, and the need for proactive defense strategies.
Cloudflare reports almost 7% of internet traffic is malicious
Cloudflare's report highlights a rise in malicious internet traffic, driven by global events. It emphasizes the need for timely patching against new vulnerabilities, notes a surge in DDoS attacks, stresses API security, and warns about harmful bot traffic. Organizations are urged to adopt robust security measures.