Bout to piss off cloudflare users with my DNS examples, but honest to god, you provide free web hosting, and didn't expect this shit to be abused for phishing?
-
@da_667 Be sure to include that their abuse reporting has an API now, so send early and often. (Only required scope on the API key is Account->Trust & Safety->Edit
-
@da_667 Be sure to include that their abuse reporting has an API now, so send early and often. (Only required scope on the API key is Account->Trust & Safety->Edit
@rx13 duly noted. thanks!
-
Bout to piss off cloudflare users with my DNS examples, but honest to god, you provide free web hosting, and didn't expect this shit to be abused for phishing?
@da_667 Oh yeah… resend dot dev is on clownflare, too. I swear to all the old gods, that service exists solely to provide spammers a comfortable API. (And it’s operated by a legit business that advertises “Be the first to know if your domain is added to a DNSBL such as those offered by Spamhaus with removal requests generated by Resend.”)
-
Bout to piss off cloudflare users with my DNS examples, but honest to god, you provide free web hosting, and didn't expect this shit to be abused for phishing?
Do you think free web hosting is an inherently bad thing?
-
Do you think free web hosting is an inherently bad thing?
@kallisti It's a complicated subject. Free hosting is usually fine, but just like every other free hosting service on the internet, somebody is bound to fuck it up and abuse it. My beef is that cloudflare is kinda lax on handling their abuse claims.
-
@da_667 Be sure to include that their abuse reporting has an API now, so send early and often. (Only required scope on the API key is Account->Trust & Safety->Edit
-
@kallisti It's a complicated subject. Free hosting is usually fine, but just like every other free hosting service on the internet, somebody is bound to fuck it up and abuse it. My beef is that cloudflare is kinda lax on handling their abuse claims.
Fair enough.
I'd add that the "somebody is bound to fuck it up and abuse it" part applies to any piece of software and/or infrastructure, and putting things behind a paywall (i.e. making it inaccessible for people on a budget) should never be the solution.But handling abuse accurately and decisively, is, as you said yourself, the way to go and something to be expected especially from a company that big.
-
email: string
A valid email of the abuse reporter. This field may be released by Cloudflare to third parties such as the Lumen Database (https://lumendatabase.org/).email2: string
Should match the value provided in emailLol
-
Fair enough.
I'd add that the "somebody is bound to fuck it up and abuse it" part applies to any piece of software and/or infrastructure, and putting things behind a paywall (i.e. making it inaccessible for people on a budget) should never be the solution.But handling abuse accurately and decisively, is, as you said yourself, the way to go and something to be expected especially from a company that big.
@kallisti that's my big problem is that they aren't particularly good or fast at handling abuse claims. But like, take pastebin for instance. There was a period of time where it was heavily abused, and in spite of NOT being a gigantic company, they actually move pretty fast to remove malicious pastes. That's the difference. pastebin is free, and they actually care about not being a festering malware host.
-
@kallisti that's my big problem is that they aren't particularly good or fast at handling abuse claims. But like, take pastebin for instance. There was a period of time where it was heavily abused, and in spite of NOT being a gigantic company, they actually move pretty fast to remove malicious pastes. That's the difference. pastebin is free, and they actually care about not being a festering malware host.
@kallisti its still a problem, but they're mindful of it.
-
@nyanbinary @da_667
Yeah, I've spent the last few days creating a Tracecat pipeline that greps logs for phishing domains coming to our platform (attackers don't get to control browsers, so we always get a nice 'referrer' value from where they're sending customers for phishing)Now, it parses the last timeblock of logs filtered to domains that aren't our topN, and does a whois/tls cert check against each one, if the whois reg date is
months, and the cert belongs to cloudflare, they get automated takedown requests -
R relay@relay.infosec.exchange shared this topic
