| ▲ | btilly an hour ago | |
Hanlon's Razor applies here. "Never attribute to malice that which is adequately explained by stupidity." Pretty much anyone can get onto the free tier for Cloudflare. The fact that someone is, doesn't mean that there is a business relationship with Cloudflare. There isn't. In order to make this business model work, Cloudflare does essentially no due diligence. Getting onto the free tier before you need it, is cheap. And then if you really need them, you have every reason to start paying. Ideally you'd hope that they would allow third party takedowns. But the ability to do third party takedowns provides a target for the exact attackers that their business is trying to protect against. They wouldn't have a business if they made that a viable target! But the result of these business decisions, made for their main customer acquisition flow, makes them a tempting place to host malicious content, as well as good. Black hats make a sport out of taking each other out. And so have every reason to use Cloudflare. Still doesn't indicate a relationship between Cloudflare and the bad actors who are taking advantage of the setup. | ||
| ▲ | duskwuff an hour ago | parent | next [-] | |
> Ideally you'd hope that they would allow third party takedowns. But the ability to do third party takedowns provides a target for the exact attackers that their business is trying to protect against. I don't think that argument holds water. There's a world of difference between knocking a site offline with a DDoS and making a legal request which results in a hosting provider shutting it down. | ||
| ▲ | necovek 42 minutes ago | parent | prev [-] | |
What you are saying is that Canonical should have first updated the DNS to point at the attacker's web site IP (hosted by Cloudflare) for a few hours to let Cloudflare eat 3.5Tbps for a bit? :) | ||