Is the goal of cloudflare to bankrupt me?

Since the support center (no answer in two days) and the abuse center (no answer for hour) since to not give a ■■■■ about my case, let’s ask here, perhaps somebody will be able to explain me what game Cloudflare is playing with my nerves

Situation : 2 days ago, one of my customer call me in panic : his website is flagged as “phishing”. I rush to my dashboard to realise that, yes, the website is marked as " Your domain has been suspected of phishing or malware"
First issue, the url of the “phishing page” is “yourdomain.tld/” : ??? 100% of the pages are phishing ones ???

Since the concerned website is protected by different security solutions, and since a scan do not show any suspicious files, I investigate deeper, and here’s the starting of the “joke”

  • ALL MY DOMAINS, dozens of them, located on differents servers, are flagged “phishing”
  • on ALL domains dashboard, the “Page URL” is the same, “yourdomain.tld/
  • on ALL domains dashboard, clicking on the “request review button” launch the same error : “Internal error processing the URL. This error has been logged. (Code: 1004)”
  • The more crazy thing : one of the domain flagged is suspended on the server (so it’s absolutly not possible that it deliver a phishing page), another one do not even exist : the domain registration was not renewed months ago (nearly one year), the domain is available for registration, I forgot to remove its entry, but even so, it is marked as “phishing” : WTF ???

A little bit in panic, I search everywhere, and realise another crazy thing : ALL THE DOMAINS are marked, on the log page of the dashboard, as “created” the day before, a day when I did not even connect to the dashboard, which is quite interesting when you know that certains of those domains where created on Cloudflare 4 or 5 years ago…

I open a ticket in emergency, Yesterday at 13:46, now it’s 18:42 the next day, not even an answer from Cloudflare…

I continue to search and find, IN THE SPAM FOLDER of my mailbox, a cloudflare abuse message asking me that my account was suspended, without any information given, only telling me to “contact Cloudflare’s Trust & Safety team to discuss this action.” OK, I answer the mail saturday, at 13:46, asking for more information

at 3 AM, the trust and safety team answer me this :

These zones were interstitialed after we received various reports about multiple websites in your account being compromised and serving phishing pages. You would need to clean the infections on the server for each of those websites, explain to us the steps taken and let us know what you will do to prevent this from happening in the future, in order for us to re-instate your account.

Waaow, that will help me a lot to find the issue… I will realise, hours later, that another mail was sent about the exact issue, but, once again, it fall on the spam folder, so I took some hours to read it.

The issue : one, ONE, of my domain was compromised, one domain that I host for a friend even if I was more than suspicious about his developper (and I was right about it). But even so : suspending the whole account, and marking ALL THE DOZENS OF DOMAINS as compromised, lauching panick for every customers, because of ONE PAGE in ONE DOMAIN ???

OK, there’s a issue, let’s solve it : domain removed, from server and cloudflare, with 3 others where the websites were developped by the same idiot unable to maintain a website, Cloudflare notified about the actions done, and all the strange issues on all others accounts, even those where domain do not even exist.

That was 6 hours ago, I’m still waiting for my account to be reactivated, in fact I’m still waiting to have an answer, even if I clearly told that my business is in risk if those fake alerts are not removed ASAP. So here’s the question : do you really want to bankrupt me ???

And now, Hasan from Cloudflare Trust & Safety, nearly insult me as an answer, probably hoping his agressivity will make all the issues list below being forgotten…

Hi @simon_benchimol,

I’m afraid that the community has no visibility into this, the only people who do are Trust & Safety. You will have to follow up by email with them. We cannot assist here.