Is cloudflare really safe or selling our data?

here is what happened . i am a programmer and one of my customers which is using Cloudflare currently received different kind of attacks and when we changed dns we received syn flood again on that ip how ever that server was a reverse proxy it self then we come to conclusion to change dns on fly with api and what happend was shocking we order new server and run api on that server alone nothing more and when we requests api call to change dns and activate under attack mode . a single ip for that purpose. the next day we receive syn flood on that ip . it seems like that some on Cloudflare are selling our info.l

Yeeeeah no, that’s not happening.

Overall the problem seems to be that your setup is flawed by design, consider reviewing it before jumping into hasty conclusions.

7 Likes

I think you dont understand . after our dns ips leaking multiple times . we facing even our ip which we only use to call Cloudflare api is also going under syn flood attack. how some can find this ip agaist milions of ip in one day ?

I think you dont understand . after our dns ips leaking multiple times . we facing even our ip which we only use to call Cloudflare api is also going under syn flood attack. how some can find this ip agaist milions of ip in one day ?

Scanning the entire IPv4 address space on 443 takes about 12 hours of one isn’t optimizing too much.

Did you lock down that IP to only accept connections from Cloudflare’s before moving your infrastructure to it?

Using Cloudflare tunnels (which is free) one can connect an origin without exposing an internal IP.

But for the sake of argument let’s assume Cloudflare is selling information about origin IP addresses. What does that marketplace look like? Do I look up a site using Cloudflare and then visit a website to bid or is it a fixed price?

5 Likes

i dont know what is happening. as i said i use one ip one server only to connect Cloudflare api . nothing else all incoming ports blocked only outgoing but the attacker find the ip i use to call Cloudflare apis . i think if come to this result that attacker has access to my Cloudflare log it is true .

There are tons of malicious bots, scanning the whole internet every day. Cloudflare does not guarantee to give you full protection. It depends on how you configured the server.

But you may use Cloudflare Tunnel, as per advice by @cscharff, for that one server that you are referring to.

2 Likes

Do you have “DNS ONLY” set? If so, then Cloudflare does NOT proxy the records (thus, exposing their IP address)!

my problem is not that it proxied . the problem is that even the server which we only use for calling Cloudflare api receiving syn flood attacks . that seems attacker has access to our api call logs . and this happened when we block all inbound traffic of server so only outgoing traffic . but attacker find our ip within a day . this is why we thinking some one are helping attacker from Cloudflare.

when the attacker can find our server which we only use to call Cloudflare api you think he can not find the ip which we are using to tunnel . suppose you install a new operating system then you block all inbound traffic and only allow outgoing traffic. and after that you use your own script which is only calling Cloudflare api and the attacker find it within a day . specially that ip . don’t you thinks he has access to Cloudflare data ? by the way we protect our accounts with two step verification so it is imposible for him to hack our account.

we have our data in multiple different datacenters . and our problem is not that he finds our web server. our problem is that he find the server which we only use to call Cloudflare api . suppose that we rent a didcated server for 150 $ and block all inbound traffic . but attacker can find that ip how does it even possible if he had not access to Cloudflare .

I’m not sure what you want me to say.

The choices you’ve presented are Cloudflare is jeopardizing a billion dollar a year business model to sell information about the origin IP addresses of its customers to attackers or you have a complex application with a security issue somewhere.

I don’t know anything about your application, domain or security practices. But you likely have a problem somewhere. I did a app sec audit for a customer who had an ancillary system constantly being attacked, turned out it was one called to send emails and lo and behold all the attacker had to do was call a password reset (or other function which resulted in an email being sent) to find out the new IP address.

Have you rotated all of your API keys, audited logins to the Cloudflare dashboard and enforced 2FA to your hosting provider and to any account where you are communicating about or storing the address?

Have you ordered a penetration test or audit of the code and infrastructure to look for problems?

Your original question is not productive: If you believe Cloudflare is selling your data you should move providers. Otherwise there is a long list of things your InfoSec team should be investigating.

4 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.