“We're deeply concerned about Cloudflare's abuse management and prevention policies,” says the threat-tracking non-profit organization Spamhaus Project. The watchdog warns that cybercriminals are exploiting Cloudflare to conceal their malicious activities, and abuse reports remain unresolved.
Spamhaus maintains a blocklist of IP addresses that have been observed in adversarial activities, such as sending spam, hosting malicious content, and others.
The watchdog says that 10% of its unresolved blocklist entries contain domains from Cloudflare, which is “less than optimal from an abuse-handling perspective.”
Cloudflare is a major company offering content delivery and security protection solutions, such as anti-DDoS (distributed denial of service attacks).
“As of today, Cloudflare is associated with 1201 unresolved Spamhaus blocklist listings,” Spamhaus said in a statement. “Its attitude to abuse management and prevention proves a point of contention, and we urge Cloudflare to review its anti-abuse policies.”
Allegedly, cybercriminals have been exploiting legitimate Cloudflare services for years to conceal their malicious activities, making it harder for network defenders to detect them.
We're deeply concerned about the abuse management and prevention policies of @Cloudflare, a leading content delivery network. For years, cybercriminals have been exploiting Cloudflare's services to conceal their malicious activities, posing a significant threat to internet… pic.twitter.com/177hXh7Kvs
undefined Spamhaus (@spamhaus) July 30, 2024
The watchdog shared some ads for loose hosting services running on Cloudflare’s infrastructure that are extremely tolerant of illegal or malicious activities by their customers. Those services are known as “bulletproof hosting,” which is resistant to takedown requests or legal actions.
Threat actors also allegedly abuse Cloudflare when offering DDoS-for-hire services, illicit marketplaces for credit cards and other private information, “and worse.”
“For a certain domain registrar, every single domain Spamhaus has observed appearing on Cloudflare’s nameservers thus far is associated with phishing – a campaign continuing for months on end,” Spamhaus said in a statement.
Spamhaus criticizes Cloudflare's anti-abuse policy, which, “to make life easy,” forwards abuse reports to website operators and hosting providers rather than addressing them directly. Spamhaus believes that Cloudflare should stop providing its services to abusive actors.
“Cloudflare effectively masks the true location of the backend where services are being hosted while passing on any complaints about abuse to the abused or abusive services,” the watchdog said.
The recommended solution is to suspend DNS (domain name system), reverse proxy, and CDN (content delivery network) services to abusers. This way the malicious content would no longer be accessible through the Cloudflare network
“Please reach out to the team, we are more than willing to work together to resolve this issue,” Spamhaus tweeted on X.
Cloudflare is sometimes considered to be the backbone of the internet. It serves an average of 57 million HTTP requests per second and delivers data from 320 cities in over 120 countries worldwide.
Cloudflare, in an emailed statement to Ars Technica, defended its longstanding policy to flag malicious activities for hosting providers, website owners, and law enforcement. Cloudflare said that “terminating users will only remove security services for websites while not removing the content.” The company only takes action against the content hosted on its infrastructure.
Your email address will not be published. Required fields are markedmarked