Hacker News new | ask | show | jobs
by Illniyar 270 days ago
Load of bull. Every article linked in this is either wrong or mischaracterized.

Cloudflare does not facilitate phising - it just made proxying and tunneling easier.

The breaches and bypasses mentioned are anything but - they are linking to a successful mitigation of an attack as if the attacker got away with something of value.

This entire article reeks of trying to fit the evidence to an agenda.

Considering they couldn't find actual evidence of problems and had to resort to mischaracterization this is actually a great reason to use Cloudflare.
1 comments
TkTech 270 days ago
I've reported blatant phishing attacks targeting seniors dozens of times to cloudflare (and so far it's always been cloudflare) and never once have they replied with anything except "we could not determine this was phishi g". They absolutely facilitate phishing through inaction.
link
peanut-walrus 270 days ago
Not my experience at all. We've reported hundreds if not thousands of sites and with few exceptions they have taken them down swiftly. Definitely one of the best cloud operators when it comes to this.
link
TkTech 270 days ago
As recently as August 8th, I reported a phishing site targeting seniors into installing a pre-configured Atera client (who _also_ failed to respond in a reasonable time) by pretending to be an event invite. It was blatant and obvious phishing. This was the response:

---

Hello,

Cloudflare received your Phishing report regarding: ----

We are unable to process your report for the following reason(s):

We were unable to confirm phishing at the URL(s) provided.

Please be aware Cloudflare offers network service solutions including pass-through security services, a content distribution network (CDN) and registrar services. Due to the pass-through nature of our services, our IP addresses appear in WHOIS and DNS records for websites using Cloudflare. Cloudflare cannot remove material from the Internet that is hosted by others.

Please reply to this message, keeping the report identification number in the subject line intact, with the required information.

To respond to this issue, please reply to abusereply@cloudflare.com.

Thanks, The Cloudflare Team.

---

This is the typical response for me from Cloudflare - it took 2 more weeks before it was finally taken down. If I had to hazard a guess, your high volume of reports gets you into a very different support bucket than the occasional reporter.

link
twisteriffic 270 days ago
My most recent experience was terrible for two reasons:

1. They didn't take down an obvious banking scam site that was hiding behind their service

2. They forwarded my "report phishing content" submission, including contact information, to the scammer, resulting in a roughly 100x increase in the amount of spam I receive and ensuring that I won't ever use their reporting function again

link
Thorrez 270 days ago
I reported a phishing site to them in 2013. They responded "Access to the submitted phishing URL(s) has been restricted."
link