Account has been Blocked




I seem to have gotten my CloudFlare Account blocked (at least for CloudFlare Pages) and I suspect it has to do with my finding at

So uhm… I guess it’s too late for an “I’m Sorry it was for educational purposes”?

I’ve paused deployments of that runner-repo and also removed the GH perms to build it so it wont start up again.

However, if possible, I’d like to restore build-permission for my blog…

If not, no biggie - it was fun while it lasted! :slight_smile:

Keep up the great service and greet the Engineering team for me


Maybe @cloonan can take a look at your ticket.

1 Like

So should I do the @moreHelp thing or just accept this (and my whole account) as lost?

Hi @f0o, you should definitely not just accept this. Can you share more information either here or in the ticket about the block? How exactly did you notice that you are blocked? Is there any error? Are you able to login? etc.

With this information, we can check what the issue might be or if you indeed are blocked.


Hi @TKlein,

Well at first I noticed that an update I made via GitHub didn’t trigger the Pages.

After looking at it through the dashboard I noticed I hadn’t stopped my cronjob to feed the cloudflare-runner PoC repo every 20 minutes with a job which likely added me to the abuse-list as I was effectively hogging a machine continuously…

When I then finally revoked access to that repo and disabled build (paused deployments) to further abuse the system I also noticed that scheduling new builds would yield a HTTP 400 response with JSON Payload:

  "result": null,
  "success": false,
  "errors": [
      "code": 8000036,
      "message": "Account has been blocked"
  "messages": []

So my assumption is that during the Pages maintenance you guys noticed my cloudflare-runners and put me on the NoFly list - Which to be fair, is more than legit and entirely my own fault for forgetting to turn off builds after the initial PoC passed. (Assumption based on the coincidental timelines)

So that leads me to here now :slight_smile:

On the up side, I moved the domain to a new (personal) account and noticed that it resolved the issue…

Which leads to further ways of abuse unfortunately.

Even though this is effectively a foot-bullet to me I’d suggest blacklisting Page builds per GitHub Integration Token since I was able to circumvent the Block by just using a different CloudFlare account without unlinking/relinking the GH Application. :upside_down_face:


Thanks for the quick reply. The error code is helpful and helps confirm that this is indeed on our end. Thanks a lot for being honest and I’d recommend putting this information into your ticket. I’ll reopen your ticket in a couple of minutes.



This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.