Cloudlare ip 188.114.96.3 on SSL abuse list

it1301 · August 8, 2024, 8:57am

What is the name of the domain?

multiple domains…

What is the issue you’re encountering

Cloudflare ip listed on SSL abuse list.

What is the current SSL/TLS setting?

Off

What are the steps to reproduce the issue?

If you use any proxy or similar using the SSL abuse list: https://opendbl.net/lists/sslblock.list.
I’m seeing multiple websites blocked by this.

Lili84 · August 9, 2024, 1:48pm

Hi there,

Thank you for reaching out to us.

Cloudflare helps protect sites, and accelerate them. We do not attack sites, and our network can’t be used to generate attack traffic.

There are two circumstances where it might appear that Cloudflare is attacking your site.

You’re a Cloudflare customer for your website(s). Since Cloudflare is a reverse proxy for our customers’ sites, Cloudflare IPs are going to show in your server logs until you install something on your server to restore original visitor IP, such as ngx_http_realip_module for NGINX servers.

Solutions for seeing original visitor IP for Apache, NGINX, and other servers and applications are listed here: https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

You’re getting attacks from Cloudflare’s IPs because they are being spoofed. Cloudflare does not send traffic over anything other than http:// (ports 80 and 443), so getting attacked by UDP requests means you are likely seeing a DNS amplification attack, see this article for more information.

If your situation does not fit any of the circumstances listed above, please provide the information requested below via ticket and we can provide solutions for handling an issue that looks like an attack from us.

Required information to investigate:

source IP(s) you are seeing the traffic from
destination IP(s) on your side
IP packet contents
(if possible) tcpdump output in -vvv -s0 -n format

Helpful resources

Kindly,

it1301 · August 12, 2024, 8:30am

I understand the above, the problem wasn’t us getting attacked.
Just wanted to communicatie that the cloudflare front-end proxy ip was listed on the abuse list which caused Fortiproxy/Fortinet to block it.
Didn’t see any other contact info unless you have a business account to inform you. (Is there another way to contact in case of a similar problem?)
But I see it isn’t listed anymore in the abuse list, so should be ok.

system · August 14, 2024, 8:30am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Access to Cloudflare IP on SSLBL (Suricata) DNS & Network	2	32	August 5, 2024
Cloudflare IP Address Listed in Spamhaus SBL Blocklist DNS & Network	2	2595	June 20, 2021
Cloudflare DNS being abused to attack other servers DNS & Network	8	55	December 14, 2024
Cloudflare IP blacklisted on dnsbl.spfbl DNS & Network	1	1521	August 9, 2022
URGENT: Cloudflare Server is Blacklisted Security	6	3212	June 29, 2019