cloudflare hosting a ddos service?

Hi,

     So vbooter.org's dns and web is hosted by cloudflare?

"Using vBooter you can take down home internet connections, websites and game servers such us Minecraft, XBOX Live, PSN and many more."

     dig -t ns vbooter.org

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -t ns vbooter.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62177
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;vbooter.org. IN NS

;; ANSWER SECTION:
vbooter.org. 21599 IN NS rick.ns.cloudflare.com.
vbooter.org. 21599 IN NS amy.ns.cloudflare.com.

  dig -t a www.vbooter.org

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -t a www.vbooter.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34920
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.vbooter.org. IN A

;; ANSWER SECTION:
www.vbooter.org. 299 IN CNAME vbooter.org.
vbooter.org. 299 IN A 104.28.13.7
vbooter.org. 299 IN A 104.28.12.7

     Can anyone from cloudflare answer me why this fits with your business model?

Mike-

CloudFlare will claim they are not hosting the problem. They are just hosting the web page that lets you pay for or points at or otherwise directs you to the problem.

The actual source of packets is some other IP address. Therefore, they can keep hosting the web page. It is not sending the actual [spam|DDoS|hack|etc.], right? So stop asking them to do something about it!

Whether you think that is the proper way to provide service on the Internet is left as an exercise to the reader.

sigh...

Have you tried to contact their Abuse?.

mehmet

Plus, it’s good for business!

-Phil

Back in the day didn't we refer to such hosting as bulletproof hosting?

I used to have a boss that was convinced that MCafee was writing viruses to stay in business....

Regards,

Dovid

This is quite common, almost all of the DDoS-for-hire services are hosted
behind CloudFlare, and a great majority of them take PayPal. Another one
had even managed to secure an EV SSL cert.

   So vbooter.org's dns and web is hosted by cloudflare?
"Using vBooter you can take down home internet connections, websites and game servers such us Minecraft, XBOX Live, PSN and many more."

Buy some time on it to DDoS cloudflare sites.

Have you tried to contact their Abuse?.

For a long time their abuse@ alias was (literally) routed to /dev/null. I'm not
sure whether that's still the case or whether they now ignore reports manually.

Cheers,
  Steve

Not HERE!

NANA-E, sure.

A five minute Google search revealed this, which is just the tip of the
iceberg

booter.xyz
exitus.to
zstress.net
critical-boot.com
instress.club
webstresser.co
anonymousstresser.com
rawdos.com
kronosbooter.com
alphastress.com
synergy.so
str3ssed.me
layer7.pw

There are probably hundreds

Looks like barrier to obtaining an EV SSL certificate is not very high
these days.

There's documentation requirements, but root CAs can't be seen to
discriminate against companies in the developing world. I suppose all you
need is a scanned business license/incorporation documents from your local
municipality in Outer Elbonia, and a few scanned copies of fake ID, and
your $99 payment for the first year.

I should also point out that the page for www.vbooter.org also had a google ad (for me anyways) at the bottom advertising arbor networks!

It seems that cloudflare being an anti-ddos company needs to clean house then, and that if they really are conscious of this, that their 'good guy!' persona has taken a real beating.

Mike-

Justin,

The only problem with that statement is that it's not true: if you did
terminate service to them, the websites would go away. Maybe not today, but
eventually. "Network stresser" owners are notorious for trying to take out
the competition. Cloudflare provides free protection for these services to
stay online. Most other ISPs wouldn't tolerate such shenanigans, whether it
be for facilitating illegal activities or being on the receiving end of
DDoS attacks, and would kick them off.

I read through the blog post, and it was an interesting window into how
Cloudflare operates. If I could be so bold as to raise this issue, however -

Specifically, this part

*Originally, when we would receive reports of phishing or malware we would
terminate the customers immediately. The challenge was that this didn't
actually solve the problem. Since we're just a proxy, not the host, us
terminating the customer doesn't make the harmful content disappear.
Terminating the site effectively just kicked the problem further down the
road, moving it off our network and onto someone else's.*

From that paragraph, what I understand it as is that Cloudflare doesn't

want to terminate customers hosting illegal content / facilitating illegal
activities because if they do, that content will just move elsewhere. It
was an interesting parallel to one of the problems plaguing the internet
today - source address spoofing. More and more hosts are implementing
source address verification, but unfortunately there are still those that
still allow source address spoofing (and those hosts are sometimes used to
launch amplified DDoS attacks). However, reputable hosts don't make the
argument "We won't disallow source address spoofing because if we block it,
the customers will just go elsewhere". Reputable providers block it, and
try to get others to block the problem as well. The difference is that
Cloudflare is lax "because other people are lax, so it's pointless for us
to be strict".

That kind of logic is the same flawed logic that goes with "I shouldn't
vote, because no matter which way I vote my vote is insignificant". Sure,
as a single entity that's true - but if everybody thought that, we'd be in
a real pickle. Some problems are larger than what an individual faces, and
must be addressed by not just a single entity, but all the entities to whom
this problem affects - it is your responsibility to vote, a hosts
responsibility to disable source address verification (and help fight crime
on their network), and I'd argue it's Cloudflare's responsibility to help
stop abuse.

Just my 2C

Folks,

"For a long time their abuse@ alias was (literally) routed to /dev/null. I'm not
sure whether that's still the case or whether they now ignore reports manually."

@Steve It (literally) never was.

Yes, it was. The smiley doesn't make your statement true.

The team I manage processes
reports all day
long. If you have a report to file certainly do so,
https://www.cloudflare.com/abuse

I gave up on doing that in late 2014 after reporting thousands of pieces of spam
advertising websites hosted by Cloudflare, with no action taken, no reply received,
no ticket created, *nothing*. Not in response to mail sent to abuse@cloudflare,
not in response to backchannel reports, not in response to mentions in person to
staff at conferences. (This was mostly people selling lists of credit card numbers
rather than booters, but it's the same sort of issue).

Just to see what had changed, I went back to look at the sites I reported to
Cloudflare in 2014. The couple I spot-checked are still hosted by Cloudflare.

Given that you (Cloudflare, rather than you personally) haven't changed
your policy of never terminating abusive websites you host then continuing to
report them to you seems fairly pointless.

On the topic of booters:

Short version -- As someone already mentioned, CloudFlare continues
not to be a hosting provider.

That's untrue, of course. You terminate the http connection; you're
hosting the website; you're hiding the identity of any other operators
involved; you continue to serve the website even when the backing
server has been terminated. Adding an interstitial for sites hosting
malware is nice and all, but the problematic customers are the ones
that are selling access to those malware compromised machines.

You are taking sole responsibility by your actions, while denying all
responsibility in your public statements.

Our CEO has broadly covered this topic several times.
https://blog.cloudflare.com/thoughts-on-abuse/

Even if we removed our service the website does not go away,it
doesn't solve the problem if we temporarily stop providing DNS to the
domain(s). An often overlooked but extremely important note: there are
some situations where law
enforcement has required that we *not* terminate service to certain
websites. In those situations we are of course not allowed to discuss
specifics.

Cheers,
  Steve