I run a website called https://blox.land which has over 6M+ registered users, we’ve been a paying Cloudflare customer since its inception in 2018 and it’s served us great over those years.
For the past month, we’ve received multiple false phishing reports from Bolster.AI with the following memo: “This phishing page is imitating the following legitimate brand: Roblox”. This report is completely false because we are not imitating the ROBLOX brand (we specifically say “We’re not affiliated in any way with the Roblox Corporation or any of its trademarks”) and we never ask for any passwords or personal information.
We’ve had our site reinstated by Cloudflare Trust & Safety. However a few days later, the same report was sent and took down our site yet again. CF Trust & Safety reinstated the site and this cycle of being reported and getting appealed has been happening for weeks (reports happen at random times, I’ve had calls at 1AM where the site went down because of reports)
When I ask Trust & Safety to block future reports or at least have some type of manual review process before the site gets immediately taken down, I get no response. I’ve received no response from Bolster.AI and they’ve been continuing to abuse Clouflare to take down my website.
I’m not sure who to contact regarding this since I still haven’t had any permanent solution to this issue. I’m currently paying $200 / Mo and was going to upgrade to Enterprise because of the level of traffic my site’s been receiving, but if this keeps happening I’ll have no choice but to leave Cloudflare since this has been costing me a lot of money in damages.
If anyone has connections with a Cloudflare employee that can help, that would be greatly appreciated. Thank you!
You have my sympathy. That’s a rough situation. I see nothing that makes me think that site is part of the Roblox brand. It’s clearly not them. It makes me wonder how the big games my kids love to play have websites that aren’t constantly taken down.
But, I’m telling you…T&S is like the Star Chamber of Cloudflare. Nobody I’ve met in the Community seems to know who any of them are. I can only hope that a sympathetic exec on Twitter might respond.
There must be clearly something like a DMCA Appproach for such a thing
where somebody first complan about a website.
After this the Owner has a specific Time to Reply to the Request.
If the Owner decline the Takedown then the Person who seeks
to takedown the Webpage need to have to go to a Court.
This automatic takedown is absolute bullshit !
Cloudflare need do better becouse this is clearly TYRANNY.
I would recoommend you to document everythig
and hire a good lawyer and go after all of them even international.
I myself get from time to time Fake Reviews on TRUSTPILOT that have nothing to
do with my Website.
I complainend about this as i know and have evidence 100%
that this are fake reviews about my webpage.
Got reply from this Jokes at TrustPilot that if i Complain
again about their Fake Reviews
they will take my right about complaining again about their fake reviews
published on their Webpage.
The way things Develop is you need to shut down their Website
on a Country Level.
Get a Court Order and take down their website for busines damage
in Europe or elsewhere.
Thanks for your response seoworks, I completely agree this should be treated in a DMCA-like manner and shouldn’t automatically take down the site (especially if it’s been appealed multiple times).
At this point, I’m definitely considering getting a lawyer to write a demand letter to Bolster.AI since my site has been dealing with multiple DDOS attacks and lost users when this happens (currently my site is still flagged as phishing, the direct IP is exposed).
I just hope that someone at Cloudflare acknowledges this and fixes the issue. This is a Cloudflare exclusive problem and AWS has never taken my site down despite Bolster “forwarding it to hosting”. The most frustrating part of this is that I’m not a free client at Cloudflare, I’ve been paying for some time and it’s very disrespectful when my tickets are ignored when asking about how to solve the underlying issue causing this.
I understand your frustration, we had something similar happen to us with namecheap, they were more greedy and stole the domain under the presumption that the domain was phising.
Turns out it was using images from a game that closed down over a decade ago and a big set of fraudulent reports were enough to steal a domain that had thousands of unique gaming visitors per day.
I think that this is a problem for all medium-sized-small companies that deal with big corps.
Discus and probably all other social media websites, just use the report and abuse buttons as a voting system to delete content. Free customer service, zero labor expenses, moderation, no need to pay humans to review content. But someone with four IP addresses and four different cookies can basically take down content for 24 hours with no repercussion. I’m shocked that cloudflare would adopt a no human review voting system for their abuse Department, even though even on theire free plan the customer service reps do give customer specific answers for technical support ticket.