Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Cloudflare - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Cloudflare

2»

Comments

  • lbftlbft Member

    @flam316 said: Why does the speed of your connection and your laptop matter in this situation? Captchas don't care what kind of hardware you have or what network you have.

    From a quick Google it looks like it was Cloudflare's "I'm under attack" mode, where it does some sort of JS proof-of-work thing before letting you in.

    Thanked by 1flam316
  • flam316flam316 Member

    @lbft said: From a quick Google it looks like it was Cloudflare's "I'm under attack" mode, where it does some sort of JS proof-of-work thing before letting you in.

    Yep, and that 5 seconds delay is intentional. That's supposed to happen.

  • @flam316 said: Yep, and that 5 seconds delay is intentional. That's supposed to happen.

    Meh, it's not very smart if you ask me... like I said, most visitors will have said "screw this" and left long before those 5 seconds are up unless they've got an overwhelmingly good reason to wait.

  • @beard said: CF is crap, skiddies think they can hide their warez sites behind it

    Skiddies do. Not think. They do. Look at that guy who used S'E' to get through WHMCS, he released everything through his site, hidden behind a CF front.

  • ...and then he failed to remove the direct record which allowed people to circumvent Cloudflare. Btw Lulzsec was also hidden behind them and the protection never got removed.

  • flam316flam316 Member

    @DimeCadmium said: Meh, it's not very smart if you ask me... like I said, most visitors will have said "screw this" and left long before those 5 seconds are up unless they've got an overwhelmingly good reason to wait.

    The owner of the site turned on "Attack Mode", which means that they are experiencing a large DDoS attack and can't handle the load by themselves. If CF didn't do this, their site would be down, and downtime is not good. CF keeps their site up, but visitors might have to wait 5 seconds for it to load. It's better than not having the site up at all. Pretty smart if you ask me.

  • Awmusic12635Awmusic12635 Member, Host Rep

    @flam316 I also believe its a one time load as well

  • joepie91joepie91 Member, Patron Provider

    @DimeCadmium said: I really dislike it... took a good 5 or 10 seconds to get past it, by which time most visitors would be gone. (This is on a fairly high-end gaming laptop, mind you, and a 20/2Mbps pipe)

    The proof-of-work page you saw only happens when a site is explicitly put into "I'm under attack mode". It's not standard. Normally you would just get a CAPTCHA if you happened to be on a blacklisted IP in the first place, and judging from my usage of it it almost never has false positives. The closest thing to a 'false positive' is people using TOR having to enter a CAPTCHA.

    @lbft said: It got compromised in the first place through CloudFlare though, so it's far from perfect.

    How does that work?

  • jarjar Patron Provider, Top Host, Veteran

    No matter where I place my website, without a CDN it is still only being loaded from one location. There will still be people loading my site from the other end of the world, and latency will be a problem. Obviously, putting a CDN in front of with a crap origin server with a crap connection won't do much good because dynamic content/html is usually loaded from origin.

    Good point. I suppose I would be concerned if cloud flare cut your load time in half, not necessarily that of a visitor on the other side of the globe.

  • flam316flam316 Member

    @jarland said: Good point. I suppose I would be concerned if cloud flare cut your load time in half, not necessarily that of a visitor on the other side of the globe.

    Well, some of my sites are in KC, some are in Miami and some are in Denver. CloudFlare has a PoP in Newark (NJ), which I'm 40 or so miles away from. They also serve your content from literally thousands of SSDs, which I don't have on any of the servers my sites are on. Also, I use their minify and asychronous JS loader (RocketLoader) features, so yes, it still loads about twice as fast for me even though my origin servers are in the US.

  • lbftlbft Member
    edited May 2012

    @joepie91 said: How does that work?

    The site was behind Cloudflare, but whatever requests were used to compromise it got through. It was (as far as I could figure out/guess) a bog standard exploit used to inject spam links in every .php file it could find. Nothing special but a pain in the backside to clean up.

    Ultimately it was my fault for not looking after it well enough but it would've been nice if CF had caught the initial exploit. Still, I'll be leaving it behind CF anyway because spam is enough of an issue and they're doing a good job of catching that.

  • joepie91joepie91 Member, Patron Provider

    @lbft said: The site was behind Cloudflare, but whatever requests were used to compromise it got through. It was (as far as I could figure out/guess) a bog standard exploit used to inject spam links in every .php file it could find. Nothing special but a pain in the backside to clean up.

    Ultimately it was my fault for not looking after it well enough but it would've been nice if CF had caught the initial exploit. Still, I'll be leaving it behind CF anyway because spam is enough of an issue.

    Were you using the free plan?

  • The butthurt in this thread is amazing. Good, good, let it spread throughout you more :)

    If it really was crap, sites as large as 4chan wouldn't have adopted it, silly kids.

    Thanked by 1bijan588
  • @Wintereise said: The butthurt in this thread is amazing. Good, good, let it spread throughout you more :)

    If it really was crap, sites as large as 4chan wouldn't have adopted it, silly kids.

    Then why was 4chan down for weeks at a time with CF

  • And if that really was true, they'd not be still using it ヽ( >∀<)ノ AHAHA AHAHA AHAHAHAHA

  • jarjar Patron Provider, Top Host, Veteran
    edited May 2012

    I'm not sure "butthurt" is the right word to describe comparing experiences on an often misused and misunderstood CDN, but ok. I see a lot of people thinking it'll speed up their website, locally, for no real reason. It's only of benefit if it benefits you, not something to use in all cases as some like to think.

  • Awmusic12635Awmusic12635 Member, Host Rep

    As for the stats which was commented earlier in this thread, Cloudflare just posted a new entry on their blog relating to page views: http://blog.cloudflare.com/update-more-page-view-counting-refinement

  • lbftlbft Member

    @joepie91 said: Were you using the free plan?

    Yeah, so no advanced security/WAF, and I probably didn't even have the security settings on High (I incorrectly assumed mod_security on the server + free CloudFlare + up-to-date Wordpress was good enough to keep the crap at bay, but I forgot about the theme...)

    Still, the compromise likely came from a compromised server/botnet - the sort of thing you'd hope would be given a challenge page whether or not the advanced stuff picked up on the specific attack.

  • joepie91joepie91 Member, Patron Provider

    @lbft said: Yeah, so no advanced security/WAF, and I probably didn't even have the security settings on High (I incorrectly assumed mod_security on the server + free CloudFlare + up-to-date Wordpress was good enough to keep the crap at bay, but I forgot about the theme...)

    Then I can't really see how Cloudflare had anything to do with it, and how it makes them 'far from perfect'... if you assume they provide a feature that is clearly said to not be provided, I think the 'fault' is not with Cloudflare.

    @lbft said: Still, the compromise likely came from a compromised server/botnet - the sort of thing you'd hope would be given a challenge page whether or not the advanced stuff picked up on the specific attack.

    I doubt it came from a botnet. Typically servers are compromised from a shell on a hacked legitimate server, and these shells are not really used for any other things, so it's unlikely they are on any kind of blacklist until the moment it's already too late. I don't think you can expect anything like Cloudflare, Project Honeypot, Drone blacklists, etc, to block these IPs.

  • lbftlbft Member

    @joepie91 said: Then I can't really see how Cloudflare had anything to do with it, and how it makes them 'far from perfect'... if you assume they provide a feature that is clearly said to not be provided, I think the 'fault' is not with Cloudflare.

    They quite clearly advertise security as a feature, including:

    Browser integrity
    Automatically performs a browser integrity check for all requests to your website by evaluating the HTTP headers for threat signatures. If a threat signature is found, the request will be denied.

    I don't think I was being unreasonable in my assumption that it would be likely to block what was, as best I could determine a month later without any logs, a two-year-old common Wordpress theme exploit. That it didn't suggests that, at the very least, the free service that pretty much every LET reader is going to go for is not as effective as the marketing copy suggests it is (something that is obvious in hindsight).

    But whatever, I already said that it was ultimately my screw up, and that I'm very happy with how they've cut the amount of comment spam and other crap that hits my sites.

  • raindog308raindog308 Administrator, Veteran

    Gee, a service promising a completely free, unlimited bandwidth CDN and people have lots of issues with it.

    What. A. Shock.

  • Awmusic12635Awmusic12635 Member, Host Rep

    @rainsog308 If I remember correctly they get their bandwidth very cheap. I think at one time they said to defend against a 1gbps ddos would only cost them a few dollars, bandwidth wise that is

Sign In or Register to comment.