Re: cloudflare hosting a ddos service?
On Jul 26, 2016, at 7:58 PM, Justin Paine <justin@cloudflare.com> wrote:
Folks,
"For a long time their abuse@ alias was (literally) routed to /dev/null. I'm not sure whether that's still the case or whether they now ignore reports manually."
@Steve It (literally) never was. :)
Yes, it was. The smiley doesn't make your statement true.
The team I manage processes reports all day long. If you have a report to file certainly do so, https://www.cloudflare.com/abuse
I gave up on doing that in late 2014 after reporting thousands of pieces of spam advertising websites hosted by Cloudflare, with no action taken, no reply received, no ticket created, *nothing*. Not in response to mail sent to abuse@cloudflare, not in response to backchannel reports, not in response to mentions in person to staff at conferences. (This was mostly people selling lists of credit card numbers rather than booters, but it's the same sort of issue). Just to see what had changed, I went back to look at the sites I reported to Cloudflare in 2014. The couple I spot-checked are still hosted by Cloudflare. Given that you (Cloudflare, rather than you personally) haven't changed your policy of never terminating abusive websites you host then continuing to report them to you seems fairly pointless.
On the topic of booters:
Short version -- As someone already mentioned, CloudFlare continues not to be a hosting provider.
That's untrue, of course. You terminate the http connection; you're hosting the website; you're hiding the identity of any other operators involved; you continue to serve the website even when the backing server has been terminated. Adding an interstitial for sites hosting malware is nice and all, but the problematic customers are the ones that are selling access to those malware compromised machines. You are taking sole responsibility by your actions, while denying all responsibility in your public statements.
Our CEO has broadly covered this topic several times. https://blog.cloudflare.com/thoughts-on-abuse/
Even if we removed our service the website does not go away,it doesn't solve the problem if we temporarily stop providing DNS to the domain(s). An often overlooked but extremely important note: there are some situations where law enforcement has required that we *not* terminate service to certain websites. In those situations we are of course not allowed to discuss specifics.
Cheers, Steve
participants (1)
-
Steve Atkins