Right there in the article... Moz signed up with CloudFlare "but Mr. Skinner said the attacker has found new ways to attack their systems."
Does anyone know what that might be? There are quite a few people on HN who have zero sympathy for DDoS victims who don't pony up for Cloudflare etc., but I'm curious about situations when that isn't going to help or other attack vectors that will get you regardless.
Because centralization is bad for the internet. CloudFlare unwraps every single SSL connection, they see every cookie, they can modify every response. It is a goldmine for a bad actor to compromise.
I'd love to see every market segment have its share of competition, but at this point, cloudflare comes pretty close to "doing magic" in terms of dealing with the increasing volume of DDOS, and I frankly don't know anyone else who offers the services or results they do. (my only connection to them is that they've pulled a few sites I follow out of the fire over the last few months, and getting to see the before/after more firsthand convinced me a bit more of their importance.)
Basically, I'd rather there is _some_ company that can shut down these exiting known bad actors than avoid it on the off chance that it becomes a bad actor down the road. Better to use the time that buys us to look for better ways to deal with DDOS, both policy and tech based, as other comments suggest.
Does anyone know what that might be? There are quite a few people on HN who have zero sympathy for DDoS victims who don't pony up for Cloudflare etc., but I'm curious about situations when that isn't going to help or other attack vectors that will get you regardless.