What is Reddit's opinion of
Cloudflare?
From 3.5 billion Reddit comments
➔ Cloudflare website
By popularity on Reddit, this Service is:
100 reviews of this app found across Reddit:
Are you not using Cloudflare? If not, do that. It's free and will solve your problem. They serve everything for you and cache it.
Edit: I would also recommend changing your origin IP once you get on cloudflare and keeping it a secret. Only share it with Cloudflare and don't make an obvious DNS record for it like origin.saudiarabiaisisis.com. Your site seems a likely target for a DDOS. If you do it right you are pretty much bulletproof, but 99% of people ignore this advice and do it wrong so their site goes down indefinitely and they throw their hands up (see: private torrent trackers)
Edit2: He appears to be setting up Cloudflare!
It would really be inconvenient if Jones was dropped by his website provider Cloudflare.
https://www.cloudflare.com/abuse/
You could file a complaint against "violent threats and harassment" on Cloudflare IP servers like, say...
MERLIN.NS.CLOUDFLARE.COM
and
ROBIN.NS.CLOUDFLARE.COM
It would be a shame if his site suddenly became inactive and he had no other outlet...
No, you don't need to go that far. Submit a complaint at https://www.cloudflare.com/abuse/form -- and since they have communicated with you via email asking for detailed personal information, I would begin by filing the complaint as phishing.
God damn, they're such fuck ups they can't even setup SSL right :/
SSL isn't hard.
There's even a god damn web server that'll handle it for you.
CloudFlare is a free speech won't ban anything bastion.
Being Nazis is one level of stupid. This is an extra level of stupid.
It means MangaDex was getting too much traffic that Cloudflare finally went "Yeah, you're not a small site anymore and you'll need to start paying for us". Hopefully, going off Cloudflare's plans, they only need to use the $20/month tier?
It'd be a "cease and desist" letter, hopefully.
You may be able to go after their hosting company and report copyright infringement. It is unlikely that they are actually hosting the site out of Bangladesh. This site may be able to determine who hosts them. (If it says Cloudflare, don't worry, Cloudflare accepts abuse reports here - have them forward to both the host and the owner.) Usually the hosting company will have some form of copyright abuse form - in the US, this is also called a DMCA complaint or takedown notice.
You may also be able to report them to PayPal or whatever payment processor they use, although this is a little more difficult.
Because huge sites can't be run from a basement in Romania? A CDN is just one part of the infrastructure necessary to support a large web presence.
> Cloudflare has been ISO 27701 certified as a PII Processor and PII Controller since 2021 and the certificate is available upon request.
and even more importantly
> Cloudflare maintains PCI DSS Level 1 compliance
https://www.cloudflare.com/privacy-and-compliance/certifications/
Technically, yes, but the traffic is completely encrypted, so congrats you have something that is entirely useless. The traffic is only useful to you at one end, and the thing you're connecting to on the other.
If you are affected by this you can fix this by using an alternative IP address for imgur. Imgur uses a service called cloudflare to host their websites. cloudflare have a lot of IPs for their service. (see here if you are interested: https://www.cloudflare.com/ips )
anyway, by adding these two lines to your hosts file you can redirect your traffic to a working IP:
198.41.128.1 i.imgur.com
198.41.128.1 imgur.com
Mac/Linux users hosts file is at /etc/hosts
Windows users your hosts file is at C:\Windows\System32\drivers\etc\hosts
(You will need to open notepad as an administrator to be able to save to this file) right click notepad -> open as administrator then use the open dialog to find the file and edit it.
Please remember to remove this once it is back up as you will not be taking advantage of cloudflares ability to load balance across the world by forcing imgur to just these IPs
The DNS for those websites is also routed through Cloudflare which is a global content delivery network. They are pretty good at putting pressure on web providers who abuse their platform. I’ve reported a few legit Pishing and Malware sites in the past and they shut them down within hours.
I’m gonna submit a few Abuse forms on their site in the hope of finding other angles. - https://www.cloudflare.com/abuse/form
Don’t use Google DNS unless you’re comfortable with Google tracking all of your internet activity. Cloudflare’s DNS (1.1.1.1, 1.0.0.1) is a better option for privacy and performance. An audit by a 3rd party in 2020 supports their claims about privacy (full report here).
https://www.cloudflare.com/learning/ssl/what-is-an-ssl-certificate/
i think this can explain it better than most people on here (including me obv), but TLDR its basically a certificate that a website has that contains a bunch of info that tells whatever is on the receiving end of it that its legit
You're not allowed to use Cloudflare's "unlimited" bandwidth for serving video. See section 2.8 of their terms
> Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service.
The pricing of Cloudflare Stream, their video-serving service, is hard to compare, but it's probably not cheaper than BunnyCDN.
I run a few high traffic sites that get DDOS's regularly.
I've since ended up with the following winning combination.
Set up a NEW server with a new IP address. Then set up Nginx so it's serving your website through an IPv6 address not IPv4. Most Botnets aren't IPv6 capable. Cloudflare doesn't care and it'll proxy it for you. Then firewall off that IPv6 address so only cloudflare can access it using the list at https://www.cloudflare.com/ips
Then set up a Amazon S3 bucket for all your static assets (css, js, png's, jpg's, etc). Set up cloudflare so s3bucket-xtnodes.s3.amazon.com or whatever is CNAME aliased to static.xtnodes.com and then set a cloudflare rule so everything is heavily cached and it'll rarely, if ever, hit your S3 bucket. Then edit the HTML to point to your static asset host for all of that stuff.
For the dynamic PHP, consider making a quick Laravel PHP site and use an in-memory cache like Redis for all the dynamic stuff rather than a backend MySQL instance. MySQL uses disk too much, but Redis will help a lot.
If you skip the redis stuff, but want an infrastructure that can handle the DDOS, try nearlyfreespeech.net
If you want to roll your own DDOS protected VPS, check out this thread for some good hosts
http://www.lowendtalk.com/discussion/comment/1232674/#Comment_1232674
I'm about to go to the park with my kids for a few hours, but if you want help setting it all up just get a VPS and update it and I can help you out in a few hours. I also have a ton of Amazon credits to burn that I'm happy to throw at the cause and some unused VPS's for redundant backends.
You should be able to handle this with a VPS with 1 or 2 gigs of memory as long as you have that front-end and back-end infrastructure in place and the DDOS asshats don't know your real IP address.
https://www.cloudflare.com/learning/dns/what-is-dns/
Προς το παρόν μια απλή ρύθμιση DNS στις network settings του λειτουργικού αρκεί, δεν χρειάζεται καν να μπλέξουμε με τις ρυθμίσεις του router.
https://iguru.gr/2018/11/08/subs4free-down/
Καλά για την απόφαση μπλοκαρίσματος αυτή καθ'αυτή δεν έχω να πω πολλά, μόνο πως τόσο η ΕΔΠΠΙ όσο και οι επίσημοι διανομείς και κάτοχοι πνευματικών δικαιωμάτων είναι εκτός τόπου και χρόνου.
One thing to note about it:
It looks like CloudFlare may not be selling your userdata (or explicitly naming you as the one using it), but it does look like they are giving it away for free in the form of aggregate data.
Spune-i Ioanei să își bage rapid un www.cloudflare.com peste website [ https://blog.cruvoir.com/ioana-cirlig-post-industrial-stories ] pentru că e picat, posibil din cauza numărului mare de accesări, și pierde vizualizări.
Are nevoie de acces la DNS, deci tre vorbit cu cine i-a configurat site-ul, mai exact domeniul, și să urmeze instrucțiunile de pe cloudflare. Should be fast enough.
You can't set up a self-hosted solution that works like Clouldflare, at least not without spending a boatload of money.
Cloudflare has 151 locations spread around the world and incredibly complex infrastructure in place.
Cloudflare offers a free tier that includes world class distributed DNS combined with free CDN service. It's unbeatable.
Answer: Just use Cloudflare.
It prevents website requests from hitting your host directly. If you have someone who helps you with your site they will know.
When you get a lot of traffic from reddit, it tends to take websites down - just fyi, so your site isn't down with the attention here.
It says it is made by NoAdBlock. I don't know, but they might be associated with Cloudflare. But if it's not Cloudflare, then maybe we could report it for bad behavior, etc?
EDIT: Cloudflare has an abuse form that allows reporting malware. I'm pretty sure that from the user's perspective, this qualifies as malware since it's intentionally causing breakage.
If the server really won't come back, we shoot it off the starboard bow.
....what I mean is, it's a very troubled piece of software from CloudFlare for connection acceleration and response differential compression. But either due to our scale or we just have monitoring detailed enough to notice, it has severe issues. Enough that we disabled it for now.
Also, happy cake day!
If you were a financial institution, you'd know that Cloudflare has a bunch of relevant certificates. Since I assume you are not a financial institution, I don't know what regulations you have to follow, but chances are that Cloudflare can handle your data.
However no one knows since it's your data and regulations might say you need to get this confirmed for all vendors you use, which would include Cloudflare.
But technically you are right: Cloudflare receives the plain text data from the backend server (transport might be HTTPS, but it's repackaged). See also here. Whether this is an actual problem or not depends on your regulator and the certificates Cloudflare has.
What is usually the bigger problem is that PIs can be access by wrong people (e.g. I log in and see your PI).
Ne pričajte gluposti, to je stranica od cloudflarea, koja kešira stranice jutarnjeg, a usput i štiti od ddos napada i slično. Možebitno se spajaš sa neke ip adrese koja je označena kao problematična u njihovom sustavu.
https://www.cloudflare.com/plans/
There you go. They will just quit the free service the moment they decide you need to. If you get enough traffic I give a good bet that the sales department starts mailing you.
You should just put cloudflare in front of your website. It’s free for personal sites, or $20/mo for pro plan. Then you never have to worry about this on accident (reddit hug) or on purpose (ddos).
https://www.cloudflare.com/plans/
Note: I do not work for cloudflare, I just use them at work.
Truly random RNG via hardware is a thing in classical computing. Probably the most famous method is by watching lava lamps.
Yes -- you're overreacting.
CloudFlare has 4 millions customers, ranging from national governments, fortune 500 companies, small businesses, and to personal websites. CloudFlare is a microcosm of the internet. You can review who some of the customers using our service here: https://www.cloudflare.com/case-studies/
Just like the internet as a whole, some "bad" (your opinion) websites exist out there. Some "bad" websites might exist on CloudFlare's platform -- it is self service after all. Anyone can sign up for a free level account if they'd like to.
If you come across a website you feel is somehow malicious or abusive then report it -- it's that simple. https://www.cloudflare.com/abuse
CloudFlare is not a hosting provider, however. We do not host websites or the content on websites, and as such we have no capacity to remove content we are not hosting.
"their lack of transparency is somewhat alarming given their anonymizing abilities."
What exactly is this even in reference to? Lack of transparency in what way? Are you referring to the fact that we are a reverse proxy? We are quite transparent -- in fact we publish a Transparency Report regarding law enforcement inquiries for customer data. https://www.cloudflare.com/transparency/ (the 1st half of 2016 update will be out shortly).
Disclaimer: I run CloudFlare's Trust & Safety team.
Yes, I have reported them here: https://www.fbi.gov/tips. I highly suggest everyone do this for safety reasons.
You can also report to their site domain here: https://www.cloudflare.com/abuse/form. Their site mods have tried getting users to stop making calls to violence because they have been warned that continuing to do so will get their site shut down.
I am a big fan of Cloudflare. I would recommend using an Argo Tunnel to expose the service to Cloudflare. Set up basic rules to block non-US traffic, block bots, and then configure Access, which is a zero trust identity aware proxy. All of these are free from Cloudflare.
CloudFlare has denial-of-service attack protection. Normally that screen looks like this (I got that straight from the CloudFlare website as you can tell by the URL).
I've seen some websites use it. Voat was going down so much, I guess that's their solution.
Using Plex violates their TOS section 2.8. Here is the link https://www.cloudflare.com/terms/
They don't limit bandwidth but I heard some people get temporary banned for serving binary content (Plex). The ban lift automatically after some period of time as far I can recall. They really don't give much attention if your traffic is not that much.
I don't think it's right to encourage people use cloudflare in their Plex setup. As it clearly violate their TOS.
If it's static-ish content you could use CloudFlare. We do it for large sites and, for the most part, it works well and saves on bandwidth.
It sits in front of your website and caches your content (also adds some security). So most requests never hit web host. Google Analytics and similar will all still work as they operate client side. Your web server logs, however, won't show most of the traffic unless you put some special things in place.
It's also mostly free.
Good luck!
Blocked by only two ISPs; how pointless.
Change your DNS and I bet it'll works again. The way the government forces ISPs to block sites is insanely easy to bypass and legal.
Speak to HotWheels ( email : .) as he OWNS 8chan , report CP to CloudFlare. VPNs will not protect pedos.
If any laws are being broke, get them v&. I hate pedos , but I don't really understand what it has to do with KIA as we have no power over 8chan or ownership.
Also, If you are actively seeking CP on any website. I suggest you get some help.
DNS lookup shows they're using Cloudflare nameservers and Namecheap as the registrar. You can report abuse here: https://support.namecheap.com/index.php?/Tickets/Submit and here: https://www.cloudflare.com/abuse/
Also reported the phising domain here: https://phish.report/
This just means their SSL certificate is out of date and they need to update it. Nothing that they already have can be leaked, only whatever you may input/bring up while they have no certificate if say there was somebody malignant redirecting or listening to that data, which is unlikely. Just don't visit the site while they didn't update their cert.
https://www.cloudflare.com/learning/ssl/what-is-an-ssl-certificate/
Firefox also supports some additional security measures that Chrome doesn't fully or natively implement. It's also got a great mobile experience for people who like to read.
This worked for me in pfSense without throwing any errors:
- Firewall -> Aliases -> IP -> Import
- Give the Alias a name. I.e CloudflareIPs
- Copy and paste the Cloudflare's IPv4 list and IPv6 list (if you use IPv6) and hit "Save".
- Create your firewall rule using the alias "CloudflareIPs" or whatever you named it to.
Done.
Det er nettsiden som sender sertifikatet, og nettleseren din som validerer sertifikatet. Alle moderne nettlesere gjør dette.
Dersom klienten er en app (og ikke en nettleser), er det opp til klienten å validere sertifikatet. Jeg vet at det for ett par år siden var veldig fokus på at en del apper ikke gjorde dette rett, men vet ikke noe om hvordan status på det som trusselvektor er i dag. Både iOS og Android har i dag APIer som gjør dette automatisk (og dette er standard APIene), slik at utvikleren ikke trenger å tenke på det.
Du kan lese mer her: https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/
I don't know what you are on about. Discord uses HTTPS, that means any communication between your client and the server is encrypted, which makes every JSON payload also encrypted, so your message cannot be read.
Just run a Wireshark and send some messages. All you are going to see is an SSL stream between you and CloudFare see here: https://www.cloudflare.com/case-studies/discord/
> until the first people go to jail because of something they wrote on Discord. Censorship, surveillance
This is just straight up bullshit, the reason why your so called "surveillance and censorship" is possible is because Discord allows bots to exist. Bots behave just like a normal account, except they can be automated for example to respond in a way to certain messages, log messages, user activity and so on. There's a ToS for bot usage, which states that logging user data without notifying the user or allowing them to opt out is strictly illegal. What you can do against it is either don't join or message in that particular discord server. Also the bot must be invited to the server, meaning only the server owners can do it.
Hey /u/Fatherlorris I noticed that whenever you post a new comic, your site loads like s... well, poorly (I'm from Europe).
May I suggest using Cloudflare? There's a free plan that should be enough.
Let's Encrypt is great. Cloudflare is terrible.
Here are some reasons not to use Cloudflare: * It's not really free. It's like a drug dealer "First ones free". * Shared SSL certificates * Forced to use Comodo for SSL * Can't use Let's Encrypt for SSL * Can't use your own SSL * Decrypts SSL traffic, breaking End-To-End Encryption. * Cooperates with tyrannical governments * Provides services to terrorists, child pornographers, and so on * Has no "vetting" process for new customers * Does not protect your website from hacking * Doesn't provide any value to 99% of websites * Cloudflare's CEO is an ego-maniac who believes he controls the entire internet.
> Keyless SSL requires that Cloudflare decrypt, inspect and re-encrypt traffic for transmission back to a customer’s origin.
Source: https://www.cloudflare.com/ssl/keyless-ssl/
By doing that, Cloudflare is violating the trust between users and server operators and making the SSL certificate itself worthless. A website cannot be considered "Secure" if the traffic is decrypted by a man in the middle.
So to answer your question, ditch Cloudflare and use Let's Encrypt.
Ak beží na normálnej infraštruktúre (nie divné minihostingy v Číne, Turkmenistane, Rusku), tak je fajn nahlásiť zneužitie administrátorom (napr. na Cloudflare).
Quote from this article.
"Some bots can get past the text CAPTCHAs on their own. Researchers have demonstrated ways to write a program that beats the image recognition CAPTCHAs as well. In addition, attackers can use click farms to beat the tests"
Basically, there are ways around it. Read the article for more info
That's an interesting article, thanks for sharing! As far as I am aware, even by blocking the connections using iptables (or any software firewall), you're still getting the traffic which might hit hard your CPU, and it can bottleneck your bandwidth as well.
​
As far as I know, the most efficient and definitive way to mitigate a DDOS attack is by "blackholing" the traffic, but that requires a network infrastructure with a lot of bandwidth, that's why cloudflare is so popular when protecting from DDOS attacks - that traffic will never hit your infrastructure.
There's a bit more context on this article, if you're interested: https://www.cloudflare.com/learning/ddos/glossary/ddos-blackhole-routing/
Ну схоже що це не біржа заблокувала нас, а Performance & security by Cloudflare.
Може ддосили з нашої территорії або ще щось.
The site uses CloudFare services to protect itself from attacks such as DDOS and uses a GoDaddy domain (the url).
If you want to stop people from accessing it then everyone should file a complaint so that it could be brought down.
https://supportcenter.godaddy.com/abusereport and here: https://www.cloudflare.com/abuse/form
The answer to all your questions and all the security issues is by dropping in CloudFlare in front of your domain. Gives you DNS that propagates within seconds, masks your networks public IP behind their servers and supports dynamic IP addresses. Since you're on a home network the speed is definitely not on a server provider level, but most of your assets will be cached by CloudFlare and served directly from their high bandwidth servers. You also get a very powerful DDoS protection and security overall. On top of that you get a SSL certificate for your domain. And the best part of it is that all of this is completely free.
To enable CloudFlare on your domain, simply change nameservers of your domain to CloudFlares nameservers and then wait for the change to propagate - after that your site will be enabled and you can handle the DNS directly from CloudFlare, just make sure your A record goes through CloudFlare (the cloud logo) and not bypasses it.
Backblaze is part of the bandwidth alliance: https://www.cloudflare.com/bandwidth-alliance/
> Our partners have agreed to pass on these cost savings to our joint customers by waiving or reducing data transfer charges.
In theory, you could store in B2 and proxy through R2 for savings, depending on the egress rate they charge into R2. Though it's all theoretical until the product is live.
You mean the PTR Records shown?
What is PTR?
https://www.cloudflare.com/learning/dns/dns-records/dns-ptr-record/
"DNS PTR records are used in reverse DNS lookups. When a user attempts to reach a domain name in their browser, a DNS lookup occurs, matching the domain name to the IP address. A reverse DNS lookup is the opposite of this process: it is a query that starts with the IP address and looks up the domain name."
An IP of: 45.80.90.125 will have a PTR of 125.90.80.45.in-addr.arpa (the reverse of the previous IP with a in-addr.arpa appended at the end)
Nothing is compromised on your system.. PTR, DNSSec, RRSIG and others are all part and parcel of the current DNS protocol.. It is behaving exactly as it should be..
So, I like what you're putting out overall, but I question the level of intention you're applying to "them"
I don't doubt anything about what you've written with regards to the nature and sophistication of the hardware and software attached to our markets... but I do question as to whether those forces are being intentionally directed toward retail order flow, or abused against retail order flow.
I suspect what's really underlying what we see is the equivalent of DNS amplified DDOS attacks (link your compsci quant this):
https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/
To break it down: My theory is that the shorts are intentionally putting out signals (through the way they're performing wash trades, down to timings, volume, and size of peaks/dips) to simulate otherwise normal market behaviors and cause OTHER organizations to help with their shorting.
To put it into a quick analogy, this isn't someone's D-Wave system run amuck on its own and shorting, like "The Sorcerer's Apprentice" in Fantasia, but rather the shorts intentionally playing "harmonious selling music" in contrast to retail's buying to cause such systems monitoring the market to also join in on keeping down buy pressure / not recognize the profit opportunity.
I can't think of any immediate ways to discriminate between these two potential underlying causes though, so perhaps the distinction of intention is unimportant.
Do not send emails, send a formal DMCA Take Down notice. I have success in the past submitting a DMCA notice here:
https://www.cloudflare.com/abuse/form
There are numerous examples of DMCA notices on Internet. Adapt yours according. Is not necessary to register your copyright, but i noticed everyone work faster when you register and submit your copyright registration documentation.
You can submit the same notice to the Cloudflare, the host and directly to the website.
An effective way is to report them to Google or to Cloudflare (only if they are actually using CF, check if they're SSL certificate is from CF).
Cloudflare usually responds to abuse reports within a few hours. Google takes some more time apparently...
​
Taking this a step further.. If your router allows for custom firewall rules, you can grab the cloudflare IP set that will talk to your server and only port forward if from one of them.
https://www.whois.com/whois/rocket-league.one There you can see that he is using fake data. Only thing you could do is writing an E-Mail to the Registrar company (http://key-systems.net) and to Cloudflare (https://www.cloudflare.com , he uses it to disguise his server ip/host)
We don't really know what goes on inside DDG, but at least they've promised to not track your requests, and that's one of their differentiators. If they are keeping their promise, there's no record of your search.
Now, suppose they began to use a CDN. Cloudflare, for example, states they do log requests. So then, there would be no difference between the big guys and DDG.
My concern is that creating your own rules is impractical and expensive. Blocking by IP Address? Fools errand in the world on botnets. Creating my own string matching for SQL injection? There are so many ways for these to be written. Maybe I'm missing something but I prefer how CloudFlare does this.
Well, you do realize that the IP address 198.41.189.94 belongs to Cloudflare, right? Or that 198.41.190.94 also belongs to Cloudflare, correct? And you know what Cloudflare does, right?
If you can answer those three questions, you will understand why you jumped to conclusions based on nothing conclusive at all.
edit: added URLs
> if I am using Unbound do I need to enable DOH?
There is no setting to "enable DoH". Unbound runs in two fundamentally different modes.
- Recursive mode (described and set up per our guide at https://docs.pi-hole.net/guides/dns/unbound/) does not do any encryption of the DNS traffic. Unbound communicates directly with the authoritative nameservers to resolve domain names to IP's.
- Forwarding mode will stop recursion by unbound and will forward your DNS queries to a recursive upstream resolver. You can set up encryption on this connection, typically via DoT on port 853.
- You will need to decide for yourself which of these two modes of unbound operation best meet your needs.
>when using DOH & Unbound following the default guide from pihole I get a question mark on Secure DNS from this test: https://www.cloudflare.com/ssl/encrypted-sni/
It appears that you are running unbound in recursive mode if you followed our guide. As a result, none of the Cloudflare tests are going to show you anything of use. They are intended to check if your Cloudflared client (which you do not appear to be running) is working, and even then the tests are of questionable value since the DNSSEC setting in Pi-hole affects the results there.
If you like unbound running as a recursive resolver (which is my preference), then skip all the Cloudflare tests and don't worry about any of this.
Whenver I see someone say something so explicit as "don't want to rely on a 3rd party like CloudFlare" all I can think is it is your loss.
Cloudflare is terrific, and their "access" product would probably exactly what you are looking for. Only it will work faster and better than anything you could implement yourself.
Not sure about SNOW, but NET to me seems like a forever hold stock. I work in the tech sector and Cloudflare offers a product that AWS and Azure are not trying to compete against and their fundementals seem solid.
https://www.cloudflare.com/en-au/learning/bots/how-captchas-work/
A user has to identify the images that contain certain objects, such as animals, trees, or street signs. If their response matches the responses from most other users who have submitted the same test, the answer is considered "correct" and the user passes the test.
Yes, every time you create a new TLS connection it does a new handshake and generates new ciphers used only for that session. Ditto for SSH and basically every other encrypted protocol still in use. This is the basic foundation of modern secure infrastructure. Even at Chili's.
https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/
I use Cloudflare for all my sites.
It's completely free to get an SSL certificate. Instead of installing a certificate, you just point your nameservers at them (easy to do in your hosting account) and turn SSL on in the settings.
You can also set up a free custom rule, which forwards all traffic from http to https.
Another great (free) benefit of cloudflare, is you can cache your site and have it delivered over their CDN. This makes your web pages load quicker and uses less data for your users.
In CloudFlare you can enable "I'm Under Attack Mode" which will verify that visitors to your site are not bots if you are under Layer 7 attack. Also, I recommend firewalling off all traffic to your machine except the CloudFlare IPs if your server is under direct attack. You can find a list @ https://www.cloudflare.com/ips
EVE has always been sensitive to packet loss.
If you're on a wireless network, don't be. This is the most common source of issues. Even under best possible wireless network conditions, you could very easily be dropping packets without realizing.
You can try using MTR to pinpoint where you're losing traffic between you and CCP's Cloudflare edge. Cloudflare themselves have a decent article on how to use and interpret results.
https://www.cloudflare.com/learning/network-layer/what-is-mtr/
This will tell you which network hop is problematic for you.
Downloads here: https://www.bitwizard.nl/mtr/ (Linux) https://github.com/White-Tiger/WinMTR (Windows)
CCP does more than most game companies to control their network connectivity but due to single shard, single physical location nature of EVE servers, and connecting to two network peering exchanges they are susceptible to issues stemming form their clients taking problematic network routes to reach them. Managing this is realistically not feasible and not really on them.
> Project Multatuli's website was DDoS'D after publishing an article critical of the police's handling of a statutory rape case in Luwu Timur
I think I read somewhere that Cloudflare has a subscription plan for NGO or something, probably want to use that.
Edit: Yes, Project Galileo.
DDoS against servers is the best and easiest way to take down a site, probably DNS resolvable hosts.
It not only can affect people trying to get to the servers (Domain Name won't resolve) but can cause internal problems if they're (the company) is dependent upon external resources such as Ping, Google or other authentication methods.
Even though the company may be up, access would be blocked.
https://www.cloudflare.com/learning/ddos/famous-ddos-attacks/
The other options would be supply-chain attacks, shell-shock and bouncy-castle type vulnerabilities, not to mention internal compromise of users / systems which we see with ransomeware.
But externally, bot-based accounts performing a DDoS is one of the hardest to defend against.
The Fastly issue was a configuration problem due to a valid config being pushed, and encountering a bug. 1-minute to detect, hours to remediate.
No, that's not how random number generators work. They will always give the same results from the same seed, as long as you don't change the RNG or its implementation.
That's why some people go through elaborate lengths to get a truly random seed for their RNG: https://www.cloudflare.com/learning/ssl/lava-lamp-encryption/
This pops up on the main page of lodgame.com. Still large parts of the website are down despite this future tech.
This page (http://lodgame.com/) is currently offline. However, because the site uses Cloudflare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Always Online™ is powered by Cloudflare (https://www.cloudflare.com/)
We use Cloudflare to help cache the site and handle heavy traffic loads. Cloudflare occasionally decides that a certain IP is a spammer or involved in a DDOS and will give them a captcha -- this should be quite rare. Sorry for the trouble!
This is incorrect. Politico is using Cloudflare as a CDN for their site. While it is hosted on Cloudflare it is still the Politico website. Learn what a CDN is
I’m confused by your question. You stated that you pointed you domain dns servers to Cloudflare, correct? In that case you domain provider is no longer involved in DNS management it should be pointing only to the cloudflare dns servers. To enabled DNSSEC when it’s hosted on Cloudflare you login to the Cloudflare dashboard to enabled this feature and add/update dns entries.
https://www.cloudflare.com/dns/dnssec/universal-dnssec/
https://support.cloudflare.com/hc/en-us/articles/360006660072
I think you’ll need to provide more info as to which dns registrar you’re using. If they don’t support it have you considered transferring the domain to another domain register that does?
- Website using HTTPS are more trustworthy for users.
- HTTPS authenticates websites.
>HTTPS myth-conceptions
>
>Myth: I don’t handle sensitive information on my website so I don’t need HTTPS
>
>Reality: Modern web browsers now limit functionality for sites that are not secure. Important features that improve the quality of the website now require HTTPS. Geolocation, push notifications and the service workers needed to run progressive web applications (PWAs) all require heightened security.
These were gathered from cloudflare.com > Why Use HTTPS
How are you resolving DNS queries to the outside world? Sure, you can use unbound as a local DNS proxy, but you still need upstream DNS servers to query. You can use unbound to query the DNS root servers directly - and that's fine - but the DNS roots run unencrypted on port 53, so if your ISP wanted to snoop that traffic they can do so.
If you aren't querying the DNS roots and are using your ISP's DNS servers, obviously they can log all DNS traffic if they want to, so definitely avoid using your ISP's DNS.
Unbound supports connecting to encrypted DNS using DNS-over-TLS (DoT). So pick a DoT provider you trust - I use Quad9 myself, but other options are available - and configure unbound to use that for upstream queries via DoT on 853 instead.
Bear in mind that even if you connect to a website via SSL/TLS, the domain part is still sent in cleartext, although the rest of the url is hidden. There's not much you can do about that, because the web server at the other end needs to know which certificate to use, especially if the server is serving multiple domains (and most will be).
with the way you've been responding it doesn't look so much like you're learning, but hoping for someone to feed you exactly what you need without developing any kind of understanding about what it is you're doing.
if you can't even be arsed to go review some basic intro resources on the very basic building blocks of the web you have no business running a website.
cloudflare itself has a very good course. start there.
if there's anything you don't understand after that, do some basic research first and then if you still can't figure it out, ask. outline what it is you're trying to do (the goal), what you've tried so far, what parts you think you don't understand, and what you've found to try to answer it. demonstrate some effort in trying to solve the problem instead of expecting people to feed you all the answers and you'll get a more receptive audience.
Here is a Browser Checker and firefox instructions to enable DoH.
It's not about anyone living at your house using the site, it's about potentially anyone within your ISP's IP block (some of which are even national wide for mobile ISPs), and IPs are often banned via subnet instead of individually
While you can pretty easily spoof the sender address of a UDP packet, getting any sort of reply (or establishing a connection with TCP) across the publicly routed internet is pretty hard/requires a lot of trust (BGP hijacking). I don't doubt you got something demonstrated, but I doubt that it was what you think it was, or is applicable to the public internet.
It was a pretty convoluted plan to get to the end result, but I figure he didn't care about getting caught for the initial obvious hacking he did because it was a distraction so authorities wouldn't notice him sneaking in the code he needed for whatever Archlight in.
There's a kernel of truth in the idea of screwing up domain names can screw up the Internet, and that there are people specifically in charge of making sure they don't get tampered with. Articles about the DNSSEC Root Signing Ceremony here and here if you're interested. The silly part is the show portraying it all being in one facility, but TV often simplifies real-world concepts so it can be a plot point that fits into a 45 minute episode.
Orders submit to http://www.ipay88.com/
Sending CC details unencrypted using base64 is not even remotely secure. Which I doubt the owner of this site really cares about.
If you delete the div elements for the shadowbox the site is completely a shell behind it.
Posting fake data sends a post request using base64 to /process with seems to always return a status 200.
The ip address for the post requests suggest they are protected around CloudFlare. It might be worth sending an email to CloudFlare or file a report here https://www.cloudflare.com/abuse/ they are pretty good with not providing support for these kind of websites.
Mind you it won't take them down but it will make things a pain.
If you got tricked I would contact your bank and get your card cancelled.
CF simply works as a CDN/MITM between the visitor and the website. This doesn't need much research, it is well known. The traffic goes from the visitor to CF. Then they send it to your server. Even all IPs you will get are from CF (with an extra header with the original IP.) If you read the SSL section it will talk about 2 SSL certificates: from CF to the visitor and from your server to CF. I really think it's clear for anyone to see that CF can see all traffic from all of those companies.
Now while I sound so negative, I use CF myself too for a small site (and some others.) They are pretty good, protect well against DDOS but even just spam-bots, good CDN with proper caching and they even have free "universal" SSL. This is all for $0. Obviously in a way, you pay by sacrificing the privacy of your visitors and business. Not so relevant for my small sites though, but more so for the ones in OP.
edit: I am not saying CF "needs" this against DDOS, I am just saying this is really how they work.
Great information, but I think you need to feed the hamsters that are powering your host.
You might want to consider utilizing a content delivery network (CDN) if utilizing a better host is not possible; this one is free and supports WordPress sites with relative ease.
Not Hirez' servers that were faulty. One of Telias' transatlantic cables were cut. Cloudflare servers had quite the trouble: https://www.cloudflare.com/system-status https://twitter.com/CloudFlare/status/468494276691640320
This caused trouble for services & sites such as Reddit, 4chan, puush, Twitter, Newgrounds & Twitch (at least those I had trouble with)
This is what I'm trying, multiple A records for the same hostname, each with a different IPv4 address. It's called DNS Load Balancing
I don’t go that far. Just have a non-root user that runs them. I keep my online footprint as small as possible while having everything publicly available for my convenience.
I’d suggest everyone use cloudflare to proxy access to their infrastructure AND lock down your firewall to only allow 443 from cloudflare or use Argo tunnels. Cloudflare access is free for up to 50 users. I use access policies to lock down things like the admin login page for my blog.
Cloudflare stands in the middle between public traffic and your server, filtering out various kinds of bad traffic including DDoS attacks. Your domain points to their server, which forwards valid traffic on to yours. You can then further limit requests coming into your server to Cloudflare's IP ranges, so that only traffic going through them is considered valid.
You cannot implement the kind of traffic inspection and filtering Cloudflare does. They're very good at it, and they're getting better with every attack they see.
This was almost certainly a DNS reflection attack — or attempted attack.
https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/
As in, someone actually trying to attack Cloudflare. We didn’t originate the traffic.
You'll need to allow based on the list that Cloudflare keeps posted here.
The IP list doesn't change often if at all, but if you want to automate against the list, they maintain an ipv4 list here and an ipv6 list here.
To put it simply: You pay a Registrar (GoDaddy, etc.) for your domain name, and they put it in a database that feeds the DNS servers.
It is much, much more complicated than that in reality. https://www.cloudflare.com/learning/dns/what-is-dns/
Looks like Craig has fired up his bitcoin supercomputer botnet
>Error 1020 Ray ID: 4d4b566889df5db2 • 2019-05-10 10:47:52 UTC
>
>Access denied
>
>What happened?
>
>This website is using a security service to protect itself from online attacks.
>
>Cloudflare Ray ID: 4d4b566889df5db2 • Your IP: 1.156.204.61 • Performance & security by Cloudflare
Likely just someone using a custom tool or using curl to test stuff.
You can set whatever UA you want in a curl like so:
curl https://www.cloudflare.com -H "User-Agent: You are really courageous."
that will then show up in your logs, and Cloudflare logs, with what you see there. You may want to work with the Cloudflare support team to see if they can look into other internal instances of this UA popping up which might lead them to finding some type of malicious service doing generic scanning, and they may be willing to add this to a black list if it looks shady enough.
I also believe you can create a user agent rule (depending on your plan) and block that specific user agent if it seems to be doing weird stuff based on your logs.
> This article claims that Dropbox runs as a front-end to AWS s3
No, it claims that it used to.
> And people who think they can compete with S3 on anything including cost, edge-latency, ingest, capacity or durability are simply kidding themselves. Dropbox can do it because they own the use case and business requirements including how their app works.
Didn't you just contradict yourself?
> Amazon has been running exabyte-class erasure-coded multi-region replicated distributed storage on a hostile internet for years and during that time they've been repeatedly and reliably dropping price, adding new classes and adding new features left and right.
It's definitely true that Amazon is the market leader and expert in this space. No disagreement there.
> And this is just laughable "If you're distributing data all over the world rather than putting it in a $600 million data center in rural Kansas, you can get a lot more performance out of it." -- they are seriously claiming that sharding bits of your files across thousands of consumer-class storage devices sitting all over the world at the end of internet links of various quality will end up being "more performant".
Yes, we are claiming that. Isn't getting closer to the edge what Cloudflare just launched? https://www.cloudflare.com/products/cloudflare-workers/. In fact, what's the point of CDN at all?
Distributing across a wide variety of nodes with high variance allows us to return data as soon as the fastest nodes return. Enormous parallelism gives us unbeatable throughput. If you're concerned about consumer-class storage devices, do you think S3 is all SSDs? They're spinning metal just like everything else.
Why so negative?
Yes. They offer two services - one, you (the hosted company) share your private key with them; two, you provide separately authenticated access to your private key via a key server. In both cases they can still see all of your traffic.
Om dessa medier hade haft någon tekniskt kunnig person till hands skulle de haft CloudFlare framför sina sidor. Istället har de en halvdan lösning från ett svenskt företag som inte kan någonting om nätverksattacker...
CF har mitigerat de tre största DDoS-attackerna i historien, varav den senaste var på 400 Gbps!
You could use a free CloudFlare (https://www.cloudflare.com) account to power the SSL using the flexible method that way they will get valid SSL experience and it won't cost you anything. Plus the DNS and caching services they offer are pretty good all for free.
Why not use Cloudflare on top of wherever you're hosted? The free plan should be more than sufficient.
Cloudflare is amazing at caching static content, be it web pages, images or files. Only the first request from a particular zone will be served by your server, the rest from then on will be served by Cloudflare. You can set how long each type of / specific resources should be cached.
Even if your host goes down for a little while (very unlikely since you're only serving cache-able, static resources) Cloudflare can continue serving your site as if nothing happened.
Unrelated to W3 Total Cache, I run a high-traffic Wordpress site (~13million monthly unique)..
I actively encourage WP Super Cache + (Varnish if you can) + CloudFlare Pro ( read about optimizations here )
Non autoritativa: un server dns che non ha autorità, quindi chiede ai root e a quelli autoritativi se conoscono l’indirizzo del server. Non so nulla, non ce l’ho in cache, mo lo chiedo a quelli seri.
Autoritativa: ho la risposta alla tua richiesta di indirizzo ip per un dominio. Tieni questo campo CNAME che mi hai chiesto.
Qua sono spiegati abbastanza bene: https://www.cloudflare.com/it-it/learning/dns/dns-server-types/
If you're hosting with cloudflare, you can use cloudflare tunnels (formally called Argo tunnnels). No firewall hole punching, port forwarding, IP whitelisting needed.
It creates a secure tunnel to cloudflare, that only cloudflare can access without exposing anything else to the net.