Cloudflare makes it easy for anyone to CRIPPLE your site

#1

It seems ANYONE can setup a cloudflare account for ANY site and apply ANY old tools they want. Probably that includes tools that supress or limit your site in different ways. Whats to stop a competitor or any malevolent from using cloudflare as a easy form of vandalism to cripple a site? Someone has done this to my site, who know what negative or positive tools they have applied? And it seems cloudflare don’t really care. They only offer a COP OUT lame excuse of a time consuming workaround, which is beyond my skillset.

Any random can monkey with your site - how stupid is that? Wake up cloudflare!

My advice to cloudflare would be to change your system so that you guarantee that only the site owner can get a cloudflare account. Meanwhile I would also ask you to delete my website from your system.

0 Likes

#2

Um no. But if you try to describe (nicely) what’s really happening, we’d be more than happy to help you diagnose and resolve whatever the situations is.

4 Likes

#3

I can’t make it any clearer what is Cloudflare going to do?

Mail](https://go.microsoft.com/fwlink/?LinkId=550986) for Windows 10

0 Likes

#4

You are almost begging for feedback on your site, then when you get it censorship applies

Mail](https://go.microsoft.com/fwlink/?LinkId=550986) for Windows 10

0 Likes

#5

I’m not clear how someone can use Cloudflare to cripple ANY site. So they can cripple Slashdot by setting up a Cloudflare account?

Or do you mean someone can cripple my site that’s already on Cloudflare?

What workaround did they suggest for this?

3 Likes

#6

I am not sure what you are trying to say but it would be a good idea to calm down and explain yourself.

To address your issue, no, that is not possible. It is true, you can add whatever domain you want but as long as you do not change that domain’s nameservers the domain will not be routed to Cloudflare or even be active on Cloudflare. You simply will have an inactive domain configured in your account.

2 Likes

#7

True… you have to have the name servers setup! i know because i made this effort to find my site registered.

0 Likes

#8

But without access to modify your nameservers at your register, it’s not much different than writing your domain on a piece of paper.

2 Likes

#9

Yes, by someone who had the authority to change the nameservers at the registrar. I’m sorry that your zone was registered by either you (and you forgot) or someone you trusted the delegation to, but unless you contact Cloudflare using the email address associated with the account we can’t disclose information about the account. That’s not censorship, that’s prudent security protocols. The support team provided information on how you could register the domain using your own credentials, at no point did a monkey (random or otherwise) do anything to your domain.

4 Likes

#10

The latter would be really cool though. :monkey:

2 Likes

#12

You do have to have the domain registrar give your ns servers to cloudland first

0 Likes

#13

So site x can’t use cloudflare network without repointing dns servers for site x ?

2 Likes

#14

Correct. Under your account at the your Domain Register, where you direct the nameservers etc, is where your traffic goes. If all you had to do is create a web server and name the domain Microsoft.com or Google.com etc. or simple point a CDN to it, the internet would be a mess. It’s why it’s so important to protect all those account with 2 factor and strong passwords.

0 Likes

#15

I can’t speak to site X. In the case of your domain however, the nameservers were pointed at Cloudflare from March of 2017 through January of this year. https://securitytrails.com/domain/your.domain/history/ns

2 Likes

#16

Ok got it, I’m gonna solve this mystery eventually

1 Like

#17

Thanks for your feedback, problem solved and I learned a few things along the way

2 Likes

#18

Now would be a good time to create new and unique passwords for each email, Registrar, Cloudflare, your Web-hosting accounts, enable 2-factor authentication and never recycle passwords. This is the best way to avoid future problems. Check here too https://haveibeenpwned.com/

3 Likes

#19

Yeah that’s a nice service. :+1:t3:

1 Like

closed #20

This topic was automatically closed after 30 days. New replies are no longer allowed.

0 Likes