Jump to content

CloudFare Problems


Jazzwineman

Recommended Posts

I am at wit's end dealing with the idiots at Cloudflare. I have directly contacted and spoke with their abuse department for what little they are worth They give every excuse in the book as a reverse proxy, but what they do not apparently understand, is that when they have been made aware of clear criminal, civil and other legal violations that they are allowing to hide behind their services then they take on legal  responsibility. To say they do not have access to their customers "content" when spamcops has from me personally sent more than 250 abuses on this nonsensical and phony identity thieves who use their naked women, obscene materiel and language to send you to a dating site (not real) and the originating ip is already blacklisted and has no real dns or domain and yet they take a complete hands offs approach. 

 

Well, I will be going into Federal Court this week and file a lawsuit and have an appointment with the FBI to discuss their involvement in hiding criminal activity. This is no different than a landlord of a building or a house, being informed that his tenant is running a crack house or a meth lab and then doing nothing- he can now be included in a conspiracy charge and lose his property. What do you want to bet that if criminal or civil penalties were handed out to Cloudflare or ISP's that allow this nonsense they would find a way to stop it all of a sudden?????????????????????????????

 

Allowing obscene language and photos to be sent willy -nilly all over the place and even to minors  would stand up in Court for about 3 minutes. Any jury would convict  them within  a very short time..

 

I would be interested in other opinions and if you want to join the suit, please PM me.

 

Tom in Dallas

Link to comment
Share on other sites

On den 26 september 2016 at 4:50 AM, Jazzwineman said:

I am at wit's end dealing with the idiots at Cloudflare. I have directly contacted and spoke with their abuse department for what little they are worth They give every excuse in the book as a reverse proxy, but what they do not apparently understand, is that when they have been made aware of clear criminal, civil and other legal violations that they are allowing to hide behind their services then they take on legal  responsibility. To say they do not have access to their customers "content" when spamcops has from me personally sent more than 250 abuses on this nonsensical and phony identity thieves who use their naked women, obscene materiel and language to send you to a dating site (not real) and the originating ip is already blacklisted and has no real dns or domain and yet they take a complete hands offs approach. 

 

Well, I will be going into Federal Court this week and file a lawsuit and have an appointment with the FBI to discuss their involvement in hiding criminal activity. This is no different than a landlord of a building or a house, being informed that his tenant is running a crack house or a meth lab and then doing nothing- he can now be included in a conspiracy charge and lose his property. What do you want to bet that if criminal or civil penalties were handed out to Cloudflare or ISP's that allow this nonsense they would find a way to stop it all of a sudden?????????????????????????????

 

Allowing obscene language and photos to be sent willy -nilly all over the place and even to minors  would stand up in Court for about 3 minutes. Any jury would convict  them within  a very short time..

 

I would be interested in other opinions and if you want to join the suit, please PM me.

 

Tom in Dallas

I get the same spam with phony and fake dating sites which is hosted by Cloudflare.

 

Talk to me in PM!

Link to comment
Share on other sites

I posted several earlier today, these are some of them:

6552396455 ( xxxxx) To: abuse@cloudflare.com

6552396454 ( xxxx) To: abuse@cloudflare.com

6552395282 ( xxxxx ) To: abuse@cloudflare.com

6552395281 ( xxxx ) To: abuse@cloudflare.com

6552395048 ( xxxx) To: abuse@cloudflare.com

6552395047 ( xxx) To: abuse@cloudflare.com

 

Link to comment
Share on other sites

As implored time and time again throughout this forum, what is needed, and klappa requested, is a Tracking URL.

At the top of your screen, after you have pressed the "Process spam" button you will see:

SpamCop v 4.8.5 © 2016 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6316845800z8e04731e5cc30573fc71c1c5db2e64ebz

As with the example above, everyone can see the spam, how the parser processed the spam, and the results.

The Report id number you provided above lead to a screen only you can see. For example, 6552436687  a report associated with the Tracking URL above.

I don't mean to sound harsh. I just get tired of explaining what is described many times.

Link to comment
Share on other sites

23 minutes ago, Lking said:

As implored time and time again throughout this forum, what is needed, and klappa requested, is a Tracking URL.

At the top of your screen, after you have pressed the "Process spam" button you will see:


SpamCop v 4.8.5 © 2016 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6316845800z8e04731e5cc30573fc71c1c5db2e64ebz

As with the example above, everyone can see the spam, how the parser processed the spam, and the results.

The Report id number you provided above lead to a screen only you can see. For example, 6552436687  a report associated with the Tracking URL above.

I don't mean to sound harsh. I just get tired of explaining what is described many times.

Well, I do not think talking down to a user with a real concern will accomplish anything. 

I have every intent on filing a lawsuit against Cloudfare. They can use their reverse proxy excuse all day long and after they have been informed of the illegal content and still do nothing, I believe that a reasonable conspiracy case can be made against them. They indicate they have no access to their customer's web content, but they can after having been informed of such. I would hope that spam cops would be more understanding of less informed people that the Chinese through (qq.com) are attempted to defraud and steal the identities of people and send clear obscene material through the web-( probably to minors as well) Cloudfare is acting as their wall of protection, but Cloudflare could stop this if so motivated.

Link to comment
Share on other sites

2 hours ago, kluless said:

I posted several earlier today, these are some of them:

6552396455 ( xxxxx) To: abuse@cloudflare.com

6552396454 ( xxxx) To: abuse@cloudflare.com

6552395282 ( xxxxx ) To: abuse@cloudflare.com

6552395281 ( xxxx ) To: abuse@cloudflare.com

6552395048 ( xxxx) To: abuse@cloudflare.com

6552395047 ( xxx) To: abuse@cloudflare.com

 

Coudfare is a reverse proxy and will use this excuse to avoid responsibility. Spamcops has sent thousands of reports to them and they know exactly which web sites or dns mailers are using them as a shield and do nothing. You need t let Cloudfare know it is lawsuit time. When ISP or reverse proxies or any of the other "hiders" on the Internet are informed and do nothing- they take on a legal and financial liability. If it started costing them jail time or money- what do you want t be they would take action??

Link to comment
Share on other sites

2 hours ago, Lking said:

As implored time and time again throughout this forum, what is needed, and klappa requested, is a Tracking URL.

At the top of your screen, after you have pressed the "Process spam" button you will see:


SpamCop v 4.8.5 © 2016 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6316845800z8e04731e5cc30573fc71c1c5db2e64ebz

As with the example above, everyone can see the spam, how the parser processed the spam, and the results.

The Report id number you provided above lead to a screen only you can see. For example, 6552436687  a report associated with the Tracking URL above.

I don't mean to sound harsh. I just get tired of explaining what is described many times.

here is an example of what lking is referring to:

 

 

SpamCop v 4.docx

Link to comment
Share on other sites

I'm well aware of the tracking URL, but that disappears once spam report is sent, I thought maybe you could do something with the actual report numbers.

Sorry for being soooooo stupid.....

I won't trouble you again...

Edited by kluless
Link to comment
Share on other sites

2 hours ago, kluless said:

I'm well aware of the tracking URL, but that disappears once spam report is sent

No it doesn't.  You can find the tracking URL of past reports by viewing the report in your history and clicking the "Parse" link at the top.

 

2 hours ago, kluless said:

I thought maybe you could do something with the actual report numbers.

No, we can't.  We need the tracking URL.

Link to comment
Share on other sites

21 hours ago, Jazzwineman said:

I have every intent on filing a lawsuit against Cloudfare. They can use their reverse proxy excuse all day long and after they have been informed of the illegal content and still do nothing, I believe that a reasonable conspiracy case can be made against them. They indicate they have no access to their customer's web content, but they can after having been informed of such. I would hope that spam cops would be more understanding of less informed people that the Chinese through (qq.com) are attempted to defraud and steal the identities of people and send clear obscene material through the web-( probably to minors as well) Cloudfare is acting as their wall of protection, but Cloudflare could stop this if so motivated.

Cloudflare is 100% correct that they don't have any access to the customer's content.  They're simply a middleman handing things back and forth.  You have just as much access to the original content as they do.

However, as a middleman proxying things back and forth, Cloudflare is completely in control of handing that content back and forth through their own systems.  That's their entire point of existing.

They absolutely cannot be expected to remove the original content, as it's entirely someone else's system.  They absolutely should be expected to stop proxying content when notified that it's illegal.  Google can't take down the actual sites listed in their search results (because it's someone else's system), but they are expected to remove links from their own system which point to those systems.  I see no reason why Cloudflare should be treated any differently.

 

Caveats:

  1. You telling them that you don't like something doesn't make it illegal and/or necessary for them to remove it.
  2. Laws are complex.  Even if there is some allegedly illegal content, there are procedures to be followed in dealing with it.
  3. Laws frequently lag behind technology.  Even if something is illegal offline (and should be elsewhere according to common sense), it may not be illegal online due to technicalities in laws.

The anonymity of the internet, its international nature, and the technological cluelessness of our lawmakers all contribute to making legal fights against these sorts of things very difficult.  I'm not in any way qualified to give you legal advice, but I wish you luck in fighting against those who enable spam and other fraud.

Link to comment
Share on other sites

2 hours ago, InvisiBill said:

Cloudflare is 100% correct that they don't have any access to the customer's content.  They're simply a middleman handing things back and forth.  You have just as much access to the original content as they do.

However, as a middleman proxying things back and forth, Cloudflare is completely in control of handing that content back and forth through their own systems.  That's their entire point of existing.

They absolutely cannot be expected to remove the original content, as it's entirely someone else's system.  They absolutely should be expected to stop proxying content when notified that it's illegal.  Google can't take down the actual sites listed in their search results (because it's someone else's system), but they are expected to remove links from their own system which point to those systems.  I see no reason why Cloudflare should be treated any differently.

 

Caveats:

  1. You telling them that you don't like something doesn't make it illegal and/or necessary for them to remove it.
  2. Laws are complex.  Even if there is some allegedly illegal content, there are procedures to be followed in dealing with it.
  3. Laws frequently lag behind technology.  Even if something is illegal offline (and should be elsewhere according to common sense), it may not be illegal online due to technicalities in laws.

The anonymity of the internet, its international nature, and the technological cluelessness of our lawmakers all contribute to making legal fights against these sorts of things very difficult.  I'm not in any way qualified to give you legal advice, but I wish you luck in fighting against those who enable spam and other fraud.

You are completely wrong on a legal standpoint and it is worth the time and effort of lawsuit and referral to the FBI which I have already done through a friend who works with Interpol.

 

You are suggesting transactional immunity. They have been made aware of and in a clear way by law enforcement (of which you do not need to see published) If you want to make an excuse for what would constitute a conspiracy to commit fraud and distribute obscene material to minors- I would welcome you make that argument in court.

 

Further you attempt to talk down to me fails on a number of issues, most of which is that i am have been a  computer engineer for more than 25 years and am certified in everything, minus Adobe and Autodesk. and manage some 14,000 computers as I write this.

 

Instead of finding an excuse that is overloading our systems with junk and fraudulent emails only designed to steal from innocent victims, it might be more appreciated if you attempted to find a solution.  Cloudflare is creating a problem, they could choose to control. Apparently their lack of ethics and profit motivation do not give them an incentive to do so. Thta leaves us with other resources that mean that public, civil and criminal pressure can be applied to force them to do what is right.Sorry, in the law, being a middleman does give you freedom from liability. You remind me of Condi Rice saying she had nothing to do with the torture issue- she only delivered orders. I would suggest you read transcriptions of the Nuremberg tails and international law to see how well your argument fits.

Link to comment
Share on other sites

The personal tone of this thread is reaching the point "management" may need to step in and temporarily adjust the posting privileges of members.

Posters to this forum may, are encouraged to, engage in a free exchange of ideas.

That does not include disparaging remarks about the supporters of those ideas.

Link to comment
Share on other sites

From Cloudfare's own TOS published policy:

SECTION 11: INVESTIGATION

CloudFlare reserves the right to investigate you, your business, and/or your owners, officers, directors, managers, and other principals, your sites, and the materials comprising the sites at any time. These investigations will be conducted solely for CloudFlare’s benefit, and not for your benefit or that of any third party. If the investigation reveals any information, act, or omission, which in CloudFlare’s sole opinion, constitutes a violation of any local, state, federal, or foreign law or regulation, this Agreement, or is otherwise deemed harm the Service, CloudFlare may immediately shut down your access to the Service. You agree to waive any cause of action or claim you may have against CloudFlare for such action, including but not limited to any disruption to your website. You acknowledge that CloudFlare may, at its own discretion, reveal the information about your web server to alleged copyright holders or other complaintants who have filed complaints with us.

 

 

 

Link to comment
Share on other sites

On 10/2/2016 at 11:28 AM, Jazzwineman said:

You are completely wrong on a legal standpoint and it is worth the time and effort of lawsuit and referral to the FBI which I have already done through a friend who works with Interpol.

 

You are suggesting transactional immunity. They have been made aware of and in a clear way by law enforcement (of which you do not need to see published) If you want to make an excuse for what would constitute a conspiracy to commit fraud and distribute obscene material to minors- I would welcome you make that argument in court.

 

Further you attempt to talk down to me fails on a number of issues, most of which is that i am have been a  computer engineer for more than 25 years and am certified in everything, minus Adobe and Autodesk. and manage some 14,000 computers as I write this.

 

Instead of finding an excuse that is overloading our systems with junk and fraudulent emails only designed to steal from innocent victims, it might be more appreciated if you attempted to find a solution.  Cloudflare is creating a problem, they could choose to control. Apparently their lack of ethics and profit motivation do not give them an incentive to do so. Thta leaves us with other resources that mean that public, civil and criminal pressure can be applied to force them to do what is right.Sorry, in the law, being a middleman does give you freedom from liability. You remind me of Condi Rice saying she had nothing to do with the torture issue- she only delivered orders. I would suggest you read transcriptions of the Nuremberg tails and international law to see how well your argument fits.

I think there was a misunderstanding here.  A lot of my comments were general information for anyone who happens to read this thread, nothing against you personally.

I am completely agreeing with you that if Cloudflare is proxying material that they have been properly informed violates some law, they need to stop or face the consequences.  However, Cloudflare doesn't have access to the original source of the material.  I've seen this mentioned in the statements they've made when people have accused them of things before (implying there are a decent number of people who don't understand this), and it's completely true.  Just like Google can remove the search results but has no access to the actual website, Cloudflare can remove the proxying functions spreading that website out, but they have no ability to do anything with the original server (since it's someone else's property).  I'm not suggesting transactional immunity, I'm just pointing out that Cloudflare can only change things in their own systems, not in their customers' completely independent systems.  And just to explicitly state it, the original copy still being there is not a valid excuse for Cloudflare to not terminate their proxying service either.

I also wasn't trying to say that you shouldn't attempt a legal fight over this.  I was simply pointing out that there are a lot of things that make these cases very difficult to win.  The CAN-spam Act was passed 13 years ago.  In the first 5 years spam was explicitly illegal, it actually increased 10-fold.  I wish more spam and online fraud would get prosecuted, but we seem to have gotten the short end of the stick here.  Unfortunately, it's much easier to steal resources and abuse others online than it is to track those people down and make them face the consequences.  At least in this case, it's an established business and not some random spammer hiding in a shady country somewhere, so it's a much more solid target.  I genuinely wish you luck in this battle, and hope you succeed in stopping blatantly criminal actions.  I don't personally have the resources for legal fights, so I just stick to helping people on the technical side of things.

Link to comment
Share on other sites

16 hours ago, InvisiBill said:

I think there was a misunderstanding here.  A lot of my comments were general information for anyone who happens to read this thread, nothing against you personally.

I am completely agreeing with you that if Cloudflare is proxying material that they have been properly informed violates some law, they need to stop or face the consequences.  However, Cloudflare doesn't have access to the original source of the material.  I've seen this mentioned in the statements they've made when people have accused them of things before (implying there are a decent number of people who don't understand this), and it's completely true.  Just like Google can remove the search results but has no access to the actual website, Cloudflare can remove the proxying functions spreading that website out, but they have no ability to do anything with the original server (since it's someone else's property).  I'm not suggesting transactional immunity, I'm just pointing out that Cloudflare can only change things in their own systems, not in their customers' completely independent systems.  And just to explicitly state it, the original copy still being there is not a valid excuse for Cloudflare to not terminate their proxying service either.

I also wasn't trying to say that you shouldn't attempt a legal fight over this.  I was simply pointing out that there are a lot of things that make these cases very difficult to win.  The CAN-spam Act was passed 13 years ago.  In the first 5 years spam was explicitly illegal, it actually increased 10-fold.  I wish more spam and online fraud would get prosecuted, but we seem to have gotten the short end of the stick here.  Unfortunately, it's much easier to steal resources and abuse others online than it is to track those people down and make them face the consequences.  At least in this case, it's an established business and not some random spammer hiding in a shady country somewhere, so it's a much more solid target.  I genuinely wish you luck in this battle, and hope you succeed in stopping blatantly criminal actions.  I don't personally have the resources for legal fights, so I just stick to helping people on the technical side of things.

Point is and apparently we agree to this- that Coudfare's excuse for not doing anything about spammers that Cloudfare knowingly allows them to use their system is a phony excuse. While they may not have access to the clients website, they do reserve that right and once made aware that a client is using Cloudfare as a cover for illegal activity, Cloudfare can well cancel them out and they simply refuse to do anything.  Under the broad definitions used by the Justice Dept. they can quickly get  thrown in the conspiracy basket and they should be. Once an example is set, then you will find industry compliance.

Link to comment
Share on other sites

On den 4 oktober 2016 at 3:53 PM, Jazzwineman said:

Point is and apparently we agree to this- that Coudfare's excuse for not doing anything about spammers that Cloudfare knowingly allows them to use their system is a phony excuse. While they may not have access to the clients website, they do reserve that right and once made aware that a client is using Cloudfare as a cover for illegal activity, Cloudfare can well cancel them out and they simply refuse to do anything.  Under the broad definitions used by the Justice Dept. they can quickly get  thrown in the conspiracy basket and they should be. Once an example is set, then you will find industry compliance.

Cloudflare gets paid big sums of money from the spammers for their illegal activity and as long as they don't get any law enforcement on them they will let spammer continue do his things. You can write to

Link to comment
Share on other sites

5 hours ago, klappa said:

Cloudflare gets paid big sums of money from the spammers for their illegal activity and as long as they don't get any law enforcement on them they will let spammer continue do his things. You can write to

well now, we finally get to the truth and my point is made. They are in a conspiracy and in fact a paid conspiracy in which they profit from. That provides both more from a civil and criminal liability. One or an entity cannot act as an agent for illegal activity and not be caught in the same net.

Link to comment
Share on other sites

  • 1 month later...
  • 4 months later...
Quote

Cloudflare also has an added appeal to sites such as the Daily Stormer. It turns over to the hate sites the personal information of people who criticize their content. For instance, when a reader figures out that Cloudflare is the Internet company serving sites like the Daily Stormer, he or she sometimes write to the company to protest. Cloudflare, per its policy, then relays the name and email address of the person complaining to the hate site, often to the surprise and regret of the person complaining.

This has led to campaigns of harassment against those writing in to protest the offensive material. People have been threatened and harassed.

ProPublica reached out to a handful of people targeted by the Daily Stormer after they or someone close to them complained to Cloudflare about the site's content. All but three declined to talk on the record, citing fear of further harassment or a desire to not relive it. Most said they had no idea their report would be passed on, though Cloudflare does state on the reporting form it they "will notify the site owner."

"I wasn't aware that my information would be sent on. I suppose I, naively, had an expectation of privacy," said Jennifer Dalton, who had complained that the Daily Stormer was asking its readers to harass Twitter users after the election.

Andrew Anglin, the owner of the Daily Stormer, has been candid about how he feels about people reporting his site for its content.

"We need to make it clear to all of these people that there are consequences for messing with us," Anglin wrote in one online post. "We are not a bunch of babies to be kicked around. We will take revenge. And we will do it now."

 

http://www.sfchronicle.com/business/article/How-San-Francisco-s-Cloudflare-helps-serve-up-11122855.php?google_editors_picks=true

Link to comment
Share on other sites

  • 2 months later...
On 10/2/2016 at 8:32 AM, InvisiBill said:

No it doesn't.  You can find the tracking URL of past reports by viewing the report in your history and clicking the "Parse" link at the top.

 

No, we can't.  We need the tracking URL.

Hey guys . . .

When I am targeting a specific spammer, I copy all the text from "Here is your. . . " and save with reference. 

Actually it's real easy, just drag the last reference, then shift/click at "Here is your" and you select it all, then drag and drop into a text editor.  (I use BBEdit) 

Not only does it keep that in a searchable form, if you use the Cloudflare reporting page, https://www.cloudflare.com/abuse/form   They then accept it as "legal" .... I've done about 60 or so in the past several weeks.  

If there's anyone else out there interested in going after Cloudflare, please let me know.

:-)

Link to comment
Share on other sites

On 7/6/2017 at 10:54 AM, showker said:

Hey guys . . .

 If there's anyone else out there interested in going after Cloudflare, please let me know.

:-)

How can one "go after" cloudlfare? Being about as technically incompetent as one may be, the best I finally did was learn how to go into my cpanel and block the ip range of worst spam...I would much prefer having cloudlare just stop the emails. I filed two reports with them, they closed them out as they "do not have responsibility' for what does through them.... I also started reporting on abuseipb, but guess who hosts the site? I started getting errors when I tried to log into abuseipb. This is the little text blurb across the top of the page when it returns the error:

 

This page (https://www.abuseipdb.com/) is currently offline. However, because the site uses Cloudflare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Always Online™ is powered by Cloudflare | Hide this Alert

520 error.jpg

Link to comment
Share on other sites

It has been noted before that sometimes the ISP is more focused on the bottom-line that on being a good member of the internet community.

In those cases your solution maybe an only recourse.  Reporting them to SC does help those that use the SCBL.

Link to comment
Share on other sites

  • 3 weeks later...

One thing Cloudflare does for sure by passing on Spamcop reports -- validates your email address so the spammer can resell it with confidence.

I wish Spamcop could save us the trouble of hand-editing every report to take out all the tracking stuff the spammers use -- putting our name and email into the spam; unique strings of digits; etcetera.

Some extra special processing of the reports going to Cloudflare would be welcome.

I'm sure Spamcop can figure out how Cloudflare is tracking its spam, with all the samples you're passing through.

Just look for matches on the home email of the complaining user, and for similar random strings.  And nuke them.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...