1155
Cloudflare took down our website after trying to force us to pay $120000 within 24h (robindev.substack.com)
submitted 1 month ago* (last edited 1 month ago) by starman@programming.dev to c/technology@lemmy.world
198 comments fedilink hide all child comments

Also, interesting comment I found on HackerNews (HN):

This post was definitely demoted by HN. It stayed in the first position for less than 5 minutes and, as it quickly gathered upvotes, it jumped straight into 24th and quickly fell off the first page as it got 200 or so more points in less than an hour.

I'm 80% confident HN tried to hide this link. It's the fastest downhill I've noticed on here, and I've been lurking and commenting for longer than 10 years.

top 50 comments
sorted by: hot top controversial new old
[-] dojan@lemmy.world 372 points 1 month ago* (last edited 1 month ago)

Cloudflare took down our website after trying to force us to pay 120k$ within 24h

Yikes. That sounds bad.

I'm a SysOps engineer at a fairly large online casino.

Okay all my sympathy is gone. Online casinos deserve to die.

That said, my feelings towards economic vampires aside, the way the events unfolded is concerning to say the least. Cloudflare has been racking up evil-corp points quite rapidly in recent months.

[-] Potatos_are_not_friends@lemmy.world 168 points 1 month ago

As a person who works in server hosting (not as devops or IT), I'm often privy to customer interactions. I feel like my company does a really good job at damage control - where if we fuck up, some rep gets on the phone and makes things right. We've eaten costs on behalf of our customers.

But sometimes, you just gotta tell a customer to go fuck themselves.

And those customers, those biggest complainers are often in online gambling, crypto, adult content, or racist shit.

We get DDos'd a lot from it. But I'm glad the company I work for doesn't bow down to garbage companies.

[-] dojan@lemmy.world 77 points 1 month ago

I'm honestly not surprised.

I used to hook up with a guy who was 100% convinced that he could game the system. It had something to do with break frequencies from various services and certain time windows for playing. He won sometimes, but he obviously didn't talk much about his losses. He wasn't a very happy person, and I think gambling offered an easy release.

That's my big issue with gambling. It's a business preying on addicts leaving many in financial ruin, and overall they do nothing for society at large. Here in Sweden it is regulated, but you honestly don't notice it. There are so many internet casinos vanishing and cropping up on an almost daily basis. If you turn on the radio the adverts are like 40% online casinos, 40% sex toy sites, and 20% various services, like tyre shifting, glass repairs, etc.

load more comments (7 replies)
[-] goferking0@lemmy.sdf.org 61 points 1 month ago

I just wonder how much was left out

[-] dojan@lemmy.world 29 points 1 month ago

That's fair, this is one part of the story, and it's not like screenshots can't be doctored. Any screenshot taken from the web is ridiculously easy to manipulate.

load more comments (1 replies)
load more comments (19 replies)
[-] Tramort@programming.dev 175 points 1 month ago

Jesus. Something shady is happening with cloudflare.

That does not inspire confidence.

[-] Vlyn@lemmy.zip 155 points 1 month ago* (last edited 1 month ago)

Is there? The casino is on a cheap $250 a month plan they don't belong on and they broke ToS with the domains. While also costing Cloudflare money each month (as the casino admits themselves, their traffic alone is worth up to $2000 a month).

It's absolutely in the right of Cloudflare to drop a customer that's bothersome. Casinos usually are (regulations, going around country restrictions), them costing them money on top is a massive issue.

120k a year is a big slap of course, but it's probably the amount Cloudflare would want to keep them on as a customer. If they leave, so be it.

I've seen it several times before at companies I worked at. They cheaped out and went with a tiny service plan to coast by. Or even broke ToS because it would be cheaper. That usually got stopped by plans getting dropped (GitLab Bronze for example), cheap plans getting limited, or the sales team sending a 'friendly' message that we're abusing their plan and how we're going to fix it. If you don't play along at that point you're going to get the hammer dropped on you.

It also wasn't 24h as the title says, the first communication happened in April. At that point they should have started to scramble, either upgrading to a bigger tier immediately or switching providers. And it's totally normal to go to the sales team when you break the ToS of your plan or you abuse a smaller plan. They're going to discuss terms, it's not a technical issue.

Edit: And I should also say, the whole "paying for a whole year is extortion" is bullshit too. Their CFO or CEO told Cloudflare they are looking at switching providers (as they looked at Fastly). So of fucking course Cloudflare is going to demand a full year upfront. Otherwise the casino could pay for a single month and during that month they switch away to another provider. So Cloudflare would still be thousands in the red with that ex-customer after they used so much traffic the last few years.

[-] tiramichu@lemm.ee 76 points 1 month ago* (last edited 1 month ago)

That Cloudflare were justifiably unhappy with the situation and wanted to take action is fine.

What's not fine is how they approached that problem.

In my opinion, the right thing for Cloudflare to do would have been to have an open and honest conversation and set clear expectations and dates.

Example:

"We have recently conducted a review of your account and found your usage pattern far exceeds the expected levels for your plan. This usage is not sustainable for us, and to continue to provide you with service we must move you to plan x at a cost of y.

If no agreement is reached by [date x] your service will be suspended on [date y]."

Clear deadlines and clear expectations. Doesn't that sound a lot better than giving someone the run-around, and then childishly pulling the plug when a competitor's name is mentioned?

[-] realbadat@programming.dev 56 points 1 month ago

Considering the perspective of the poster, the misleading title, etc - are you actually sure they didn't?

load more comments (2 replies)
load more comments (2 replies)
[-] Cryophilia@lemmy.world 39 points 1 month ago

The first communications were intentionally misleading though. CF wasn't trying to solve a problem, they were trying to sell a service. If CF had just led with "upgrade or we nuke your site" then that's scummy, but fair. Leading these guys on about technical problems and "trust & safety" bullshit was not fair at all.

load more comments (4 replies)
[-] slaacaa@lemmy.world 114 points 1 month ago* (last edited 1 month ago)

The biggest red flag is the up-front payment for a year, gives the indication that they are in actual financial trouble, meaning short in cash right now.

Fucking idiots could have been just increasing the price yearly without any resistance, it’s unlikely a big casino would care about an extra 50-100 per month.

[-] foggy@lemmy.world 37 points 1 month ago* (last edited 1 month ago)

I'm pretty heavily invested in cloudflare. This news is definitely making me reconsider that investment.

What I can say, is their stock is looking very healthy. There are a lot of people buying a lot of stock for them and the prospect over the next 3 to 5 months looks very promising. The only way they wouldn't have cash on hand as if they're spending a ridiculous amount of cash on some project that I'm not aware of, and I feel like I would be aware of it.

This is very peculiar. Definitely warrants further investigation.

[-] raspberriesareyummy@lemmy.world 28 points 1 month ago

The only way they wouldn’t have cash on hand as if they’re spending a ridiculous amount of cash on some project that I’m not aware of, and I feel like I would be aware of it.

Maybe someone dipshit in marketing heavily invested in LLMs, since that's the current hype among dipshits?

load more comments (2 replies)
load more comments (9 replies)
load more comments (18 replies)
[-] Gestrid@lemmy.ca 167 points 1 month ago

Found the thread on HN. Here's what (I'm guessing) a mod had to say:

It set off the flamewar detector, got flagged by users, and got downweighted by a mod.

The 'customer support of last resort' genre is common and not usually a good fit for HN [1]. If people feel this story is unusually relevant and interesting, I'm not sure I agree—long experience has taught us that one-sided articles like this nearly always leave out critical information—but I also don't mind yielding in an occasional specific case, so I've rolled back the penalties on this thread.

The issue from our point of view is not about story X or company Y—it's a systemic one: the most popular genres of submission (especially the rage-inducing ones) get massively over-represented by default, so countervailing mechanisms are needed [2] if we're to have a space for the more intellectually curious stories that the site is meant for.

[1] https://hn.algolia.com/?dateRange=all&page=0&prefix=true&query=by%3Adang%20%22last%20resort%22%20support&sort=byDate&type=comment

[2] https://hn.algolia.com/?dateRange=all&page=0&prefix=true&query=by%3Adang%20countervail&sort=byDate&type=comment

[-] starman@programming.dev 27 points 1 month ago

Okay, that's understandable

load more comments (2 replies)
[-] solrize@lemmy.world 139 points 1 month ago* (last edited 1 month ago)

HN thread is here and it's on the front page 7 hours old: https://news.ycombinator.com/item?id=40481808

Many mentions made that a significant part of the issue seemed to be Cloudflare IP addresses getting banned in some countries. They wanted the customer to switch to a bring-your-own-IP plan.

Also, the discussion took place over 1 month, not 24 hours.

I think the HN thread is reasonably informative and nuanced. CF didn't do great but it was somewhat a fog of war situation.

[-] goferking0@lemmy.sdf.org 58 points 1 month ago

Yeah this substac just reads as we abused cloudflare then were surprised they didn't take us saying no well.

[-] Eyeuhnluuung@lemmy.world 113 points 1 month ago

The irony here, is this is the kind of vague and obtuse fuckery online casinos and sportsbooks pull with their customers all the time.

[-] Aux@lemmy.world 56 points 1 month ago

The irony here is that the article author confirms that they break TOS of CF and he still has a Pikachu face. Reddit discussion is pretty positive that CF is right in their decision and that new provider will shut them down at some time as well.

[-] juliebean@lemm.ee 23 points 1 month ago

even if they were breaking tos (and i don't think it sounds quite so cut and dry), shouldn't the response be to notify them and allow them to fix it, or just terminate the account? demanding a ton of money to make the problem seems a skeevy way of handling it on cloudflare's part.

load more comments (1 replies)
[-] draughtcyclist@lemmy.world 110 points 1 month ago

Realistically, this is why you pay for Akamai. You don't get these shenanigans.

How the fuck were they still on a $250 dollar a month plan when they pumped through $2000 a month worth of traffic? That's shady on the companiy's part and Cloudflare shouldn't have allowed it to happen in the first place.

Each party played their part here and did shitty things. Sounds like the tech equivalent of a crackhead arguing about selling stuff to the pawn shop employee.

[-] ryven@lemmy.dbzer0.com 101 points 1 month ago* (last edited 1 month ago)

The $250/month plan supposedly includes unlimited traffic. If there's actually a limit where you're supposed to switch to a more expensive plan with no standardized price, maybe CF should say what the limit is?

[-] draughtcyclist@lemmy.world 60 points 1 month ago

They absolutely should have outlined a traffic limit for the $250 a month plan. That's on Cloudflare for allowing it.

That said, if you make wildly excessive use of that loophole it probably shouldn't surprise you if they do something like this. They called it "trust and safety" because it allows them to do anything they want under the guide of security.

Really, they didn't define their service clearly and wanted to fire them as a customer unless they paid up for what they felt they were owed.

[-] TheTetrapod@lemmy.world 74 points 1 month ago

If something is marketed as "unlimited", I don't think there is such a thing as "wildly excessive use". This isn't a competitive eater going to an all-you-can-eat buffet and being mad about getting kicked out. It's a business using a service in a way that's seemingly in-line with what they paid for.

load more comments (2 replies)
load more comments (3 replies)
load more comments (1 replies)
[-] neuracnu@lemmy.blahaj.zone 74 points 1 month ago

I worked for Akamai for 7 years.

This is why, if your CDN infra is core to the operation of your business, you make your systems accommodate multi-CDN integration. Cutting one CDN off shouldn't be significantly difficult, and it comes in handy during contract negotiations. All the major players work this way.

[-] NOT_RICK@lemmy.world 100 points 1 month ago

Well that all reads like extortion.

[-] Speculater@lemmy.world 25 points 1 month ago

"Pay us money or we will destroy your business." Pretty cut and dry extortion. The entire article was infuriating to read.

[-] ssj2marx@lemmy.ml 71 points 1 month ago

casino

lmao get fucked

[-] UnderpantsWeevil@lemmy.world 37 points 1 month ago

Sounds like a shake down, and it couldn't have happened to a more deserving group.

Still, real lesson in how Cloudflare does business.

load more comments (3 replies)
[-] todd_bonzalez@lemm.ee 54 points 1 month ago

Regarding the HN shenanigans, their algorithm does some weird things.

If a new post gets too many upvotes and not enough comments, it gets demoted very quickly.

If any of the activity appears manufactured, it basically delists the post.

Very exploitable, but also prevents popular articles that don't stimulate conversation from sticking around on page 1 for too long, and makes botting upvotes do more harm than good.

load more comments (1 replies)
[-] VantaBrandon@lemmy.world 54 points 1 month ago

The tl;dr seems to be this was a money losing account for Cloudflare, and they couldn't squeeze them so they weaseled out with some TOS violation to prevent losing money on what was promised to be unlimited traffic, they have better lawyers so they're not worried.

Cloudflare 100% in the wrong here, they are closing accounts for TOS violations when they are just unprofitable, I would very strongly consider how tightly to couple with them knowing how cavalier they are about squashing small businesses.

If enough of these happen though, they'll get destroyed by a class action lawsuit, and they'd deserve every bit of it

[-] daq@lemmy.sdf.org 71 points 1 month ago

CF doesn't give a fuck about 80tb of traffic. These guys were in severe TOS violation that could affect all CF customers if CF IPs got blocked. Given 48 hours to bring their own IPs and switch to (expensive AF anywhere) enterprise account and finally shut down TWO WEEKS later after trying to weasel their way out of this instead of accepting they need to pay to play this stupid game.

We've been CF customers forever and enshitification is definitely affecting all of their services and mostly customer support, but in this instance I'm 100% on the side of CF.

[-] merc@sh.itjust.works 45 points 1 month ago

I’m 100% on the side of CF.

100%?

We scheduled a call with their “Business Development” department. Turns out the meeting was with their Sales team,

...

So we scheduled another call, now with their "Trust and Safety" team. But it turns out, we were actually talking to Sales again.

This is the part that's ridiculous to me. If CloudFlare thinks they're violating TOS that's fine. If they're willing to let them continue with their business as-is as long as they pay more? That's fine. But, scheduling calls with one group and it turns out it's actually CloudFlare's sales team on the phone, that's ridiculous.

[-] daq@lemmy.sdf.org 23 points 1 month ago

Well, the way he describes it does sound messed up, but if the only solution CF is willing to accept is for them to bring their own IPs and that is only available with an enterprise plan, what kind of conversation were they expecting? And like I said in another thread, enshitification at CF affected their customer service the most. We went from being able to to speak directly to devs, to people who actually understood the problem, to first tier support that didn't understand shit to 0 tier support that barely understands English.

load more comments (3 replies)
load more comments (8 replies)
[-] KairuByte@lemmy.dbzer0.com 51 points 1 month ago

Okay, yes this is an issue. But small business? This was a multinational casino site… that doesn’t scream small business to me.

load more comments (3 replies)
[-] thatirishguyyy 50 points 1 month ago* (last edited 1 month ago)

Multi CDN integration is a thing. And fuck CF. Unlimited means unlimited. Stop trying to lie to your customers and change the rules.

If the IP's were an issue, then they wouldn't have offered to make the issue go away with $$$.

load more comments (2 replies)
[-] Chriszz@lemmy.world 34 points 1 month ago

250$ a month for their service seems like cloudflare was straight up losing money on the deal. Although cloudflare seemed to have given them extra time than they said before terminating service, which they didn’t have to do. That being said, I think both sides suck here.

[-] bane_killgrind@lemmy.ml 60 points 1 month ago

Nah. CF initiated a contract renegotiation, and then suspended services right after being informed the customer was price leveling.

That's crappy.

They gave less than a single billing period notice for a price increase.

That's crappy.

They sent a price increase for 40x the current billings, with no corroborated cost or value.

See where I'm going here?

load more comments (7 replies)
[-] catalog3115@lemmy.world 31 points 1 month ago

I really love cloudflare especially for my hobby projects but in this case they asked for outright Ransome. From this I learnt to keep Nameservers & domain sellers different. I am going to transfer domain away from nameserver.

load more comments (5 replies)
[-] someguy3@lemmy.world 30 points 1 month ago

Also, interesting comment I found on HN:

What is HN?

load more comments (11 replies)
[-] the_crotch@sh.itjust.works 28 points 1 month ago

Repoint your DNS, send everything to legal, delete Facebook hit the gym

[-] anticurrent@sh.itjust.works 27 points 1 month ago* (last edited 1 month ago)

Don't believe anything advertised as unlimited , cause it isn't, they always cover their asses in the fine prints in their TOS.

load more comments
view more: next ›
this post was submitted on 26 May 2024
1155 points (91.4% liked)

Technology

55610 readers
2583 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world