this post was submitted on 02 Aug 2024
38 points (100.0% liked)

Technology

37724 readers
651 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Archived link

Research into websites that are openly advertising services to a cybercriminal audience, such as bulletproof hosting, reveals that many of these domains are supported by Cloudflare’s services, the NGO Spamhaus says.

For years, Spamhaus has observed abusive activity facilitated by Cloudflare’s various services. Cybercriminals have been exploiting these legitimate services to mask activities and enhance their malicious operations, a tactic referred to as living off trusted services (LOTS).

With 1201 unresolved Spamhaus Blocklist (SBL) listings, it is clear that the state of affairs at Cloudflare’s Connectivity Cloud looks less than optimal from an abuse-handling perspective, Spamhaus writes on its website. 10.05% of all domains listed on Spamhaus’s Domain Blocklist (DBL), which indicates signs of spam or malicious activity, are on Cloudflare nameservers . Spamhaus routinely observes miscreants moving their domains, which are already listed in the DBL, to Cloudflare to disguise the backend of their operation, be it spamvertized domains, phishing, or worse.

all 8 comments
sorted by: hot top controversial new old
[–] garrett@infosec.pub 6 points 3 months ago

People who don’t work in fraud or abuse don’t understand how miserable Cloudflare is to work with. They have a single email box I can send to for identifying if I host a website that takes them days to respond to, no automation by the year of our lord 2024.

[–] 0x815@feddit.org 4 points 3 months ago

The firm that protects both banks and the Eurovision Song contest (2016) - (Archived link)

Cloudflare's roots go back to 2004 when [Cloudflare co-founder Matthew] Prince and Cloudflare co-founder Lee Holloway were working on a computer industry project they called Honey Pot [...]

Five years later [...] the project was far from his [Mr Prince's] mind, when he got an unexpected phone call from the US Department of Homeland Security asking him about the information he had gathered on attacks.

Mr Prince recalls: "They said 'do you have any idea how valuable the data you have is? Is there any way you would sell us that data?'.

"I added up the cost of running it, multiplied it by ten, and said 'how about $20,000 (£15,000)?'.

"It felt like a lot of money. That cheque showed up so fast."

Mr Prince, who has a degree in computer science, adds: "I was telling the story to Michelle Zatlyn, one of my classmates, and she said, 'if they'll pay for it, other people will pay for it'."

[–] lud@lemm.ee 4 points 3 months ago* (last edited 3 months ago)

Good!

I really really don't want cloudflare to gatekeep what is or isn't allowed on the internet. That is the job of the hoster and/or NIC and at very worse the ISP of the hoster.

[–] FlashMobOfOne@beehaw.org 1 points 3 months ago

My brother in Christ, you just described the very essence of the American economy.