Replied in thread
@axxuy #CloudFlare is a #RogueISP and there is no legitimate reason to use them!
#RogueISP
3 posts1 participant0 posts today
Replied in thread
@neurovagrant @generalx @da_667 well, good luck trying to get #ClownFlare to yeet clients: They are a #RogueISP!
https://infosec.space/@kkarhan/114871497555365696
- They only fired #KiwiFarms once they got police knock on their door for the #CSAM said site hosts.
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@neurovagrant@masto.deoan.org @da_667@infosec.exchange @generalx@freeradical.zone that's because #Mastodon #Developers [refuse to implement proper means](http://github.com/mastodon/mastodon/issues/28605) (rgardless if user- or admin-side) to use blocklist feeds.
- Feel free to report [malicious domains](https://github.com/greyhat-academy/lists.d/blob/main/drop.domains.block.list.tsv) and [ActivityPub instances](https://github.com/greyhat-academy/lists.d/blob/main/activitypub.domains.block.list.tsv)…
Granted, #Cloudflare is a #RogueISP!
https://infosec.space/@kkarhan/114871478311781185
Replied in thread
@neurovagrant @da_667 @generalx that's because #Mastodon #Developers refuse to implement proper means (rgardless if user- or admin-side) to use blocklist feeds.
- Feel free to report malicious domains and ActivityPub instances…
Granted, #Cloudflare is a #RogueISP!
https://infosec.space/@kkarhan/114871478311781185
GitHubBlocklist Feed Support · Issue #28605 · mastodon/mastodon
Replied in thread
@neurovagrant Well, #ClownFlare is a #RogueISP and there is no legitimate reason to use #CloudFlare for anything!
Replied in thread
@indigoviolet I hope #CloudFlare stays down!
Replied in thread
@ptrc @SharpLimefox yes!
#DownWithCloudflare, because #ClownFlare is a #RogueISP!
@makerbymistake Who is responsible for adding #ClownFlare to @rpilocator 's website?
- Cuz that #RogueISP has no legitimate reason to be involved in any legit site.
rpilocatorFind Raspberry Pi computers in stock - rpilocatorFind Raspberry Pi computers in stock - rpilocator
Replied in thread
@pasi except #CloudFlare is a #RogueISP and you could get #DDoS-Protection from any other #Webhoster that didn't host #Terrorism like #Daesh and #KiwiFarms, only firing the latter when bigger clients said: "It's US or THEM!" and started cancelling #ClownFlare!
Replied in thread
@ricmac no it's not!
#CloudFlare is a #RogueISP and all they do is expand their #RentSeeking #RacketteringScheme.
- #ClownFlare are a #RogueISP after all...
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@netresec@infosec.exchange because #CloudFlare is a #RogueISP who routinely hosts and supports #Cybercrime and #Terrorism actors, including #Deash and #KiwiFarms for the latter.
- #Doxxing reports *and* refusing to acknowledge that they can in fact *yeet clients* off their network is their routine #ModiOperandi.
Only once clients threatened to fire #ClownFlare did they fire KiwiFarms!
https://en.wikipedia.org/wiki/Cloudflare#Kiwi_Farms
Replied in thread
@passwordsarehard4 @arstechnica I know #CloudFlare and their business of being a #RogueISP way more than I like to.
- They are at best knowingly and willingly hosting #CyberCrime and #Terrorism and most likely a fan of their own #RacketeeringScheme!
Not to mention they managed to get way too big and not yet shutdown as a criminal enterprise.
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@netresec@infosec.exchange because #CloudFlare is a #RogueISP who routinely hosts and supports #Cybercrime and #Terrorism actors, including #Deash and #KiwiFarms for the latter.
- #Doxxing reports *and* refusing to acknowledge that they can in fact *yeet clients* off their network is their routine #ModiOperandi.
Only once clients threatened to fire #ClownFlare did they fire KiwiFarms!
https://en.wikipedia.org/wiki/Cloudflare#Kiwi_Farms
Replied in thread
@verge Nah, it just wants to #RentSeek.
#CloudFlare is a #RogueISP and #ClownFlare will allow #crawlers that pay them, cuz #NetNeutrality is a phrase to them when it comes to #Money !
MastodonArs Technica (@arstechnica@mastodon.social)Attached: 1 image
Pay up or stop scraping: Cloudflare program charges bots for each crawl
Cloudflare now beta testing pay-per-crawl feature to stop endless AI scraping.
https://arstechnica.com/tech-policy/2025/07/pay-up-or-stop-scraping-cloudflare-program-charges-bots-for-each-crawl/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
Replied in thread
@arstechnica #CloudFlare is a #RogueISP and thus cannot be trusted.
- If #ClownFlare actually cared, they'd simply block the offending IP address ranges!
Replied in thread
@alda @netresec that only applies for #Copyright violations, not #ToS violations and criminal acts!
- #CloudFlare deliberately cooses to d0x people who complain, even if the violation is not debateable (unlike a #DMCA takedown request)!
It's their tactic to act as #shield towards #Cybercrime and regular #OrganizedCrime, and they should be regarded like #StarkIndustries and #RBN as #RogueISP…
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@alda@topspicy.social @netresec@infosec.exchange nah, that's a lie.
#Gandi.net also fired #KiwiFarms for hosting #CSAM and they didn't d0x those that tipped them off...
https://infosec.space/@kkarhan/114743233834160376
Replied in thread
@GrapheneOS @fluffery @maumau @BryanGreyson @fairphone @BrodieOnLinux yeah, and that is a big problem!
Not to mention #ValueRemiving #Rentseekers & #RogueISP|s like #ClownFlare & their business models should not exist do begin with.
- Simply because #CloudFlare hosts the very same #CyberCriminals' infrastructure, making them a two-headed #scam of not #RacoeteeringScheme if we don't categorize them as #RogueISP!
Replied in thread
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@netresec@infosec.exchange because #CloudFlare is a #RogueISP who routinely hosts and supports #Cybercrime and #Terrorism actors, including #Deash and #KiwiFarms for the latter.
- #Doxxing reports *and* refusing to acknowledge that they can in fact *yeet clients* off their network is their routine #ModiOperandi.
Only once clients threatened to fire #ClownFlare did they fire KiwiFarms!
https://en.wikipedia.org/wiki/Cloudflare#Kiwi_Farms
Replied in thread
@netresec @kolya that is intentinal because #CloudFlare is a #RogueISP.
- Just like #NameCheap and #GoDaddy they ignore messages sent to their abuse contacts.
Maybe send a #fax to their Munich Office from an Internet Cafe?
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@netresec@infosec.exchange because #CloudFlare is a #RogueISP who routinely hosts and supports #Cybercrime and #Terrorism actors, including #Deash and #KiwiFarms for the latter.
- #Doxxing reports *and* refusing to acknowledge that they can in fact *yeet clients* off their network is their routine #ModiOperandi.
Only once clients threatened to fire #ClownFlare did they fire KiwiFarms!
https://en.wikipedia.org/wiki/Cloudflare#Kiwi_Farms
Replied in thread
@netresec because #CloudFlare is a #RogueISP who routinely hosts and supports #Cybercrime and #Terrorism actors, including #Deash and #KiwiFarms for the latter.
- #Doxxing reports and refusing to acknowledge that they can in fact yeet clients off their network is their routine #ModiOperandi.
Only once clients threatened to fire #ClownFlare did they fire KiwiFarms!
en.wikipedia.orgCloudflare - Wikipedia
Replied in thread
@scottjenson using a #RogueISP like #ClownFlare is a problem, because they are just bad.
- Might just go with Russian "#DDoSguard" instead of #CloudFlare...
Replied in thread
@percepticon or rather for being a known "#RogueISP" who acts as "#BulletproofHoster" catering to #Cybercrime specifically by flat-out ignoring any #AbuseReports and refusing to cancel customers that abuse their infrastructure for facilitating #CrimeAsAService (#CaaS)...
Replied in thread
@varbin @f4grx @nixCraft @torproject Well, you can dynamically block them based off packet rate & amount of requests and rate-limit them as well as limit them in terms of transfer rate.
- Also #DDoS-Protection is something any decent #datacenter & #hoster offers (don't use value-removing middlemen like #CloudFlare as they are a #RogueISP who ain't even goox at their job!)
Not to mention you rarely see DDoS attacks from residential IPs and ISPs are quick to disconnect offending hosts upon reporting them, so worst-case one blocks a /24 for 24 hours.
- This doesn't even account for the fact that #Skiddie-Tools like #LOIC are easily dstinguishable and filter for.
Again: if this is a real problem, any decent datacenter / hoster / upstream will gladly pick up the phone or reply to your support request via mail.
- After all, they too don't like it when someone hammers their infrastructure, so they have a vested interest in #Blackholing bad traffic at the #IX level.
#DECIX even officially recommends that as a means to handle large-scale DDoS attacks and keep everyone else online.
- To me a "#Layer7" solution like #Anubis comes way too late as it already incurs billable traffic at many hosters and datacenters and we don't want to cough up money because of someone else trying to #blackmail us (which is the #1 reason for DDoS'ers to do so!)…