Cloudflare being shady?

2

Comments

  • Maybe there was a glitch on their system at that time.

    A lucky glitch.

  • AuroraZeroAuroraZero ModeratorHosting Provider

    WTH guys!!!!!! why would a big company that traffics in information ever be shady? /s

    Thanked by (1)bikegremlin

    Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?

  • rdnrdn
    edited June 2

    1 year old site, should I be worried also? :|

  • I am using Cloudflare for a couple domains for some personal projects. I have been think about moving to another provider for the majority of my domains multiple times..

    Are there any other free (or atleast cheap) alternatives for simple dns hosting without any fancy features? I have a lot of domains with different registrars and the only reason for them being in Cloudflare is haveing them in one place.

  • edited June 2

    @Multi_ said:
    I am using Cloudflare for a couple domains for some personal projects. I have been think about moving to another provider for the majority of my domains multiple times..

    Are there any other free (or atleast cheap) alternatives for simple dns hosting without any fancy features? I have a lot of domains with different registrars and the only reason for them being in Cloudflare is haveing them in one place.

    My personal favorite is Gcore, more information https://lowendspirit.com/discussion/comment/177755#Comment_177755

    More alternatives (thanks to @tetech ) https://lowendspirit.com/discussion/comment/168087/#Comment_168087

    Thanked by (3)bikegremlin Multi_ adly
  • I wonder if/when they'll make a policy that says that only the domains registered via Cloudflare Registrar can use their Free plan.

  • edited June 2

    MS said:
    I wonder if/when they'll make a policy that says that only the domains registered via Cloudflare Registrar can use their Free plan.

    No. They want ALL the traffic, so they can terminate TLS and spy on it. To improve their DDoS detection, ... and sell your data to feds. At their scale, having a free plan basically being a data-mine is beneficial, and if they were to discontinue it for some reason, I'm sure the Govt would offer them "grants" with an excuse being "improving cybersecurity in the World" to continue offering it.

    Thanked by (1)_MS_
  • @Multi_ said:
    I am using Cloudflare for a couple domains for some personal projects. I have been think about moving to another provider for the majority of my domains multiple times..

    Are there any other free (or atleast cheap) alternatives for simple dns hosting without any fancy features? I have a lot of domains with different registrars and the only reason for them being in Cloudflare is haveing them in one place.

    HE.net, ClouDNS, NS1 and gCore.

  • yokowasisyokowasis Services Provider
    edited June 4

    @Joseph said:

    @Multi_ said:
    I am using Cloudflare for a couple domains for some personal projects. I have been think about moving to another provider for the majority of my domains multiple times..

    Are there any other free (or atleast cheap) alternatives for simple dns hosting without any fancy features? I have a lot of domains with different registrars and the only reason for them being in Cloudflare is haveing them in one place.

    HE.net, ClouDNS, NS1 and gCore.

    bunny.

    I want to know if there an alternative to orange cloudflare ? the route on my isp country to hetzner is shit. 5 out 10 it will timed out.

  • @Joseph said:
    HE.net, ClouDNS, NS1 and gCore.

    Let’s not forget https://desec.io/

  • There will always be alternatives.

  • edited June 5

    @yokowasis said:

    @Joseph said:

    @Multi_ said:
    I am using Cloudflare for a couple domains for some personal projects. I have been think about moving to another provider for the majority of my domains multiple times..

    Are there any other free (or atleast cheap) alternatives for simple dns hosting without any fancy features? I have a lot of domains with different registrars and the only reason for them being in Cloudflare is haveing them in one place.

    HE.net, ClouDNS, NS1 and gCore.

    bunny.

    I want to know if there an alternative to orange cloudflare ? the route on my isp country to hetzner is shit. 5 out 10 it will timed out.

    Gcore, but you only got 1TB of bandwidth per month, for free. It would be more cost effective to get a server acting as a reverse proxy with good routing. My all time favorite network is Datapacket/CDN77 and I would recommend getting a server with its transit, especially in AMS.

  • yokowasisyokowasis Services Provider

    @treesmokah said:
    Gcore, but you only got 1TB of bandwidth per month, for free. It would be more cost effective to get a server acting as a reverse proxy with good routing. My all time favorite network is Datapacket/CDN77 and I would recommend getting a server with its transit, especially in AMS.

    what's the name of the service ? I can't find the way to make my dns "orange"

  • edited June 5

    @yokowasis said:

    @treesmokah said:
    Gcore, but you only got 1TB of bandwidth per month, for free. It would be more cost effective to get a server acting as a reverse proxy with good routing. My all time favorite network is Datapacket/CDN77 and I would recommend getting a server with its transit, especially in AMS.

    what's the name of the service ? I can't find the way to make my dns "orange"

    CDN. You can of course play with rules and customize it to your liking, or don't cache at all and let it act like a reverse proxy. It also provides WAF and some basic DDoS protection.

  • FatGrizzlyFatGrizzly Hosting Provider

    @AaronSS said:

    @Joseph said:
    HE.net, ClouDNS, NS1 and gCore.

    Let’s not forget https://desec.io/

    whats your thoughts on this provider @treesmokah?

  • Been trying these guys as my current setup is less than satisfactory and they're generally good but my goodness is the panel abysmally slow. Maybe it's nice and snappy if you live on top of their server, but it's as slow as a wet week from Australia.

    I'm still not totally satisfied but really can't find anything that works better that doesn't cost a million dollars or involve selling your soul to the devil (Cloudflare).

  • edited June 5

    @FatGrizzly said:

    @AaronSS said:

    @Joseph said:
    HE.net, ClouDNS, NS1 and gCore.

    Let’s not forget https://desec.io/

    whats your thoughts on this provider @treesmokah?

    Have used it in the past, extremely basic, can't speak on reliability but I wouldn't host anything "production" there.
    Its a cool hobby project someone made, they were dealing with DDoS attacks which took it down entirely.
    As things I usually host are subject to DDoS, I didn't want to cause them even more problems.
    Their TOS is also very strict, since its German and freedom is illegal there.

    As much as I dislike corporations, I wouldn't rely on small/hobby providers for something as critical as DNS and would rather go with a large established provider for it.
    Its definitely something cool for some hobby projects or low traffic websites, just not for me.

    @whoami said:

    Been trying these guys as my current setup is less than satisfactory and they're generally good but my goodness is the panel abysmally slow. Maybe it's nice and snappy if you live on top of their server, but it's as slow as a wet week from Australia.

    I'm still not totally satisfied but really can't find anything that works better that doesn't cost a million dollars or involve selling your soul to the devil (Cloudflare).

    Panel is hosted in the Netherlands last time I checked, so that may be your issue. It works just fine for me from EU.
    Having a PoP in Australia is the last thing I would expect from a provider to have, personally. But they cover it with their CDN and DNS servers.

    Cloudflare also uses a single location for their panel, its somewhere in US, I don't remember where exactly.

    Thanked by (1)FatGrizzly
  • @Mumbly said:

    @Fritz said: CF will never discontinue Free Tier

    Never is a very long time. We thought the same with "always free" Google Apps (Google Apps for Work -> G Suite -> Google Workspace) some 15 or more years ago.

    Google is different. Dont trust Google, ever. We even have a website that lists all discontinued Google services.

  • @NanoG6 said:

    @Mumbly said:

    @Fritz said: CF will never discontinue Free Tier

    Never is a very long time. We thought the same with "always free" Google Apps (Google Apps for Work -> G Suite -> Google Workspace) some 15 or more years ago.

    Google is different. Dont trust Google, ever. We even have a website that lists all discontinued Google services.

    I just found an email that CF discontinuing their 3rd party app. Hmm...

  • RazzaRazza OG
    edited June 6

    @treesmokah said:
    My personal favorite is Gcore, more information https://lowendspirit.com/discussion/comment/177755#Comment_177755

    What update time like, I currently use Cloudflare within 15-20 secs after changing the DNS records via API or UI if I query the DNS record against the nameservers the change is propagated, in the past when using other free DNS hosting can't remember who if you updated on the UI it could be mins until the change is reflected.

  • edited June 6

    @Razza said:

    @treesmokah said:
    My personal favorite is Gcore, more information https://lowendspirit.com/discussion/comment/177755#Comment_177755

    What update time like, I currently use Cloudflare within 15-20 secs after changing the DNS records via API or UI if I query the DNS record against the nameservers the change is propagated, in the past when using other free DNS hosting can't remember who if you updated on the UI it could be mins until the change is reflected.

    Its near instant, it propagates really fast. Comparable to Cloudflare if not faster.
    Its definitely a premium product made by people who know what they are doing, with a massive network of PoP's.

    (Speaking from previous experience, I have not tested it now.)

    Thanked by (1)Razza
  • @treesmokah said:

    @Razza said:

    @treesmokah said:
    My personal favorite is Gcore, more information https://lowendspirit.com/discussion/comment/177755#Comment_177755

    What update time like, I currently use Cloudflare within 15-20 secs after changing the DNS records via API or UI if I query the DNS record against the nameservers the change is propagated, in the past when using other free DNS hosting can't remember who if you updated on the UI it could be mins until the change is reflected.

    Its near instant, it propagates really fast. Comparable to Cloudflare if not faster.
    Its definitely a premium product made by people who know what they are doing, with a massive network of PoP's.

    (Speaking from previous experience, I have not tested it now.)

    Any recommendations for a GeoDNS provider?

  • @bikegremlin said:
    An interesting article - containing four links to similar HackerNews shared experiences:

    https://robindev.substack.com/p/cloudflare-took-down-our-website

    Corporations being corporate, basically.

    Anyone who thinks it's a good idea to register their domains with the Cloudflare DNS/CDN/Firewall provider might want to reconsider - as that might increase the time needed to get back on line when Cloudflare pulls the rug.

    "Guys you are misreading this. CloudFlare wanted out of the relationship at all costs, period. OP openly admits to using CF to rotate IP's in case one of theirs gets banned by a gambling regulatory body. Think about it, if they wanted to keep the relationship they would have found a way, but obviously they weren't trying to negotiate.

    Obviously this is terrible PR and bad corporate communication, but the truth is probably that CF's legal/risk department didn't want to create a bunch of discovery on an email server somewhere that could be subpoenaed. So they made a high-ball offer in bad faith to find an excuse to kill the relationship. Maybe they would have accepted the extra money if the offer had been accepted (because it is a business), but probably they figured they needed that because the risk/reward profile was out of whack.

    The risk managers made them do it. CF was making very little money from this and they were running very high risks by enabling the customer to break the law by violating ToS (which they openly admit to doing). You guys are trashing CF for being a bad actor but read between the lines, if they wanted to keep the account they wouldn't have summarily deleted the entire thing at the slightest provocation.

    I have no sympathy for the OP. Gambling destroys people's lives. Some people have no ability to control themselves, and it's a tax on the stupid. If you want to use someone else's services to violate ToS then you should expect to be rugpulled. If you've ever dealt with litigation holds or subpoenas from a prosecutor's office before you will realize that it gets insanely expensive VERY FAST, so the price tag CF demanded was probably commensurate with the risk profile of the customer.

    The real scandal here is that CF may have indeed been willing to just take the $120k and look the other way to continue to facilitate the customer's [probably] illegal activities. To me that's what's shady. The ethical thing to do would have been to just inform them they were in violation of ToS and shut them down. Clearly there are no shortage of ethical issues on all sides here."

    They violated Cloudflare’s Terms of Service. The problem isn’t that Cloudflare removed them, but that Cloudflare was willing to accept a bribe. However, that is how most companies work, "Pay us $x and we won't ban you for violating our ToS."

    They were running a unlicensed casino.

  • @Vexelia said:

    @bikegremlin said:
    An interesting article - containing four links to similar HackerNews shared experiences:

    https://robindev.substack.com/p/cloudflare-took-down-our-website

    Corporations being corporate, basically.

    Anyone who thinks it's a good idea to register their domains with the Cloudflare DNS/CDN/Firewall provider might want to reconsider - as that might increase the time needed to get back on line when Cloudflare pulls the rug.

    "Guys you are misreading this. CloudFlare wanted out of the relationship at all costs, period. OP openly admits to using CF to rotate IP's in case one of theirs gets banned by a gambling regulatory body. Think about it, if they wanted to keep the relationship they would have found a way, but obviously they weren't trying to negotiate.

    Obviously this is terrible PR and bad corporate communication, but the truth is probably that CF's legal/risk department didn't want to create a bunch of discovery on an email server somewhere that could be subpoenaed. So they made a high-ball offer in bad faith to find an excuse to kill the relationship. Maybe they would have accepted the extra money if the offer had been accepted (because it is a business), but probably they figured they needed that because the risk/reward profile was out of whack.

    The risk managers made them do it. CF was making very little money from this and they were running very high risks by enabling the customer to break the law by violating ToS (which they openly admit to doing). You guys are trashing CF for being a bad actor but read between the lines, if they wanted to keep the account they wouldn't have summarily deleted the entire thing at the slightest provocation.

    I have no sympathy for the OP. Gambling destroys people's lives. Some people have no ability to control themselves, and it's a tax on the stupid. If you want to use someone else's services to violate ToS then you should expect to be rugpulled. If you've ever dealt with litigation holds or subpoenas from a prosecutor's office before you will realize that it gets insanely expensive VERY FAST, so the price tag CF demanded was probably commensurate with the risk profile of the customer.

    The real scandal here is that CF may have indeed been willing to just take the $120k and look the other way to continue to facilitate the customer's [probably] illegal activities. To me that's what's shady. The ethical thing to do would have been to just inform them they were in violation of ToS and shut them down. Clearly there are no shortage of ethical issues on all sides here."

    They violated Cloudflare’s Terms of Service. The problem isn’t that Cloudflare removed them, but that Cloudflare was willing to accept a bribe. However, that is how most companies work, "Pay us $x and we won't ban you for violating our ToS."

    They were running an unlicensed casino.

    While the original complaint may be one sided, you’re making some very generous assumptions here to side with Cloudflare.

    The truth is likely somewhere between what has been claimed and what actually happened, but to take the case (along with many past similar reported cases) and assume that, because the client is doing something you morally object to, the client must be doing something wrong is a leap.

  • @entrailz said:

    @treesmokah said:

    @Razza said:

    @treesmokah said:
    My personal favorite is Gcore, more information https://lowendspirit.com/discussion/comment/177755#Comment_177755

    What update time like, I currently use Cloudflare within 15-20 secs after changing the DNS records via API or UI if I query the DNS record against the nameservers the change is propagated, in the past when using other free DNS hosting can't remember who if you updated on the UI it could be mins until the change is reflected.

    Its near instant, it propagates really fast. Comparable to Cloudflare if not faster.
    Its definitely a premium product made by people who know what they are doing, with a massive network of PoP's.

    (Speaking from previous experience, I have not tested it now.)

    Any recommendations for a GeoDNS provider?

    GeoDNS is included with Gcore free plan. I haven't used it much, but it should work just fine.

  • @treesmokah said: Having a PoP in Australia is the last thing I would expect from a provider to have,

    AWS Route53 would probably be the only big one. They do have a local CDN and DNS presence but it doesn't help if their backend is far far away and Europe certainly is. To put it into perspective, it takes 14 seconds for the reports dashboard to load and 8 seconds for the list of zones to open, though a zone itself isn't too bad, ~1.5 seconds.

    It's one of the worst performing websites I've had to deal with in recent times.

    @Razza said: What update time like, I currently use Cloudflare within 15-20 secs after changing the DNS records via API or UI if I query the DNS record against the nameservers the change is propagated,

    It's literally instant. I queried the NS within a couple seconds of hitting the submit button when testing and the record was there.

    Thanked by (1)treesmokah
  • @whoami said:

    Been trying these guys as my current setup is less than satisfactory and they're generally good but my goodness is the panel abysmally slow. Maybe it's nice and snappy if you live on top of their server, but it's as slow as a wet week from Australia.

    I'm still not totally satisfied but really can't find anything that works better that doesn't cost a million dollars or involve selling your soul to the devil (Cloudflare).

    Have you found a solution to the slow panel? I am located in Europe and 50% of the time it takes like 5 minutes to get the page loaded. Lot of timeout or just endless loadings. It's really annoying to use. Never had similar problems with any other webpage.

  • whoamiwhoami OG
    edited June 28

    @Multi_ said:

    @whoami said:

    Been trying these guys as my current setup is less than satisfactory and they're generally good but my goodness is the panel abysmally slow. Maybe it's nice and snappy if you live on top of their server, but it's as slow as a wet week from Australia.

    I'm still not totally satisfied but really can't find anything that works better that doesn't cost a million dollars or involve selling your soul to the devil (Cloudflare).

    Have you found a solution to the slow panel? I am located in Europe and 50% of the time it takes like 5 minutes to get the page loaded. Lot of timeout or just endless loadings. It's really annoying to use. Never had similar problems with any other webpage.

    Yeah I found a solution but it was pretty convoluted. I use NetBox as my DCIM so I decided to make that the DNS source of truth and use octoDNS to deploy the records so I never have to touch their panel and deal with the slowness. Here's a summary of the steps I took:

    1. Install the NetBox DNS plugin
    2. Create your zones in NetBox. Do not configure the zones with nameservers and ignore the associated "No nameservers are configured" error as then octoDNS will try to sync NS records to Gcore which will cause errors as they apparently don't support that.
    3. Sync zone data from Gcore to NetBox using octoDNS and the octodns-netbox-dns plugin. The zones should be configured with netbox as the target and gcore as the source
      Here is an example of this config
    ---
    providers:
      gcore:
        class: octodns_gcore.GCoreProvider
        token: gcoretoken
        token_type: APIKey
      netbox:
        class: octodns_netbox_dns.NetBoxDNSProvider
        url: "https://netbox"
        token: netboxtoken
        view: false
    
    zones:
      mycooldomain.com.:
        sources:
          - gcore
        targets:
          - netbox
    
    1. Once synced, flip around the source and target so NetBox is now the source and Gcore is the target
    2. (Optional) The NetBox DNS plugin out of the box doesn't allow underscores at the beginning of record names (e.g. _dmarc) as apparently it's not strictly speaking RFC compliant. You can disable this behaviour using the settings described here https://github.com/peteeckel/netbox-plugin-dns/blob/main/docs/using_netbox_dns.md#name-validation

    At this point you're ready to proceed so long as you're happy with manually running octoDNS whenever you want to commit a change. What I did to make things more convenient is create a small script to use with webhookd and a pair of buttons in NetBox, one to plan and one to deploy changes.

    The webhookd script looks like this

    #!/bin/bash
    cd /opt/octoDNS/
    source env/bin/activate
    git pull
    if [ "$doit" == "true" ]; then
        octodns-sync --config-file=octodns.yaml $zone --doit
    else
        octodns-sync --config-file=octodns.yaml $zone
    fi
    

    The git pull is just because I have my octoDNS YAML file source controlled so it just makes sure I have the latest version of the file. From NetBox, my buttons are just 2 custom links present on each zone page which link to the webhook like so http://netbox:8222/wh/update_zone?zone={{ object.name }}.&doit=false for planning and the same with doit=true for applying.

    Don't expose it to the Internet given the script is vulnerable to command injection.

    I like this setup since I maintain ownership of the records and can very easily move to another octoDNS supported provider if there's ever any issues. Since my NetBox is hosted locally, there's no performance concerns and NetBox is extremely well built for data entry, its fields can be navigated via keyboard extremely easily and there's options for bulk addition using CSVs.

    If anyone is interested in a more in-depth guide with screenshots, I can make a new post for this.

    Thanked by (2)skhron Multi_
  • @whoami

    Thanks for that solution. In the meantime I could solve the issue on my end. Opening the Panel with Chrome works like a charm. Opening it with Firefox does take minutes to load. Haven't tried to find the actual issue (probably some addon). Maybe you're using Firefox aswell?

  • chadsixchadsix Services Provider

    Cloudflare has been recently rewriting history.

    https://blog.cloudflare.com/automatically-replacing-polyfill-io-links-with-cloudflares-mirror-for-a-safer-internet

    If you want someone to read AND write on your domain/website on your behalf, even unbeknownst to you (see above article), then keep using the biggest MITM in the world.

    Start self hosting with an external IP with IPv6rs.
    The only thing between your host and your data is trust. Trust is not security.

Sign In or Register to comment.