New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Fast Flux and Double Flux with backend controllers would solve this problem, but its illegal by itself already.
Only way to make it legal is to rent the servers by yourself via crypto, but that's beyond to point already.
Hardly anyone uses either Fast Flux or Double Flux anymore. Cloudflare is simply a better solution as it hides your upstream regardless. (Or even DDoS-Guard if you have the money necessary for that...)
Criminals do not really use Cloudflare sadly, if they did, the world would be a better place, since you can get info from cloudflare and shut the operation down.
The idea of fast flux is to make sure that nobody is able to decipher the routing or where the nameservers are hosted even, let alone the backend server location. Only way to kill it is to seize the domain.
The reason why its not being offered, is because anyone capable of setting such a maze up, would not care to sell it to general public since bots are expensive and hard to come by nowadays, plus its slow as any content would be routed via countless of compromised residential connections.
Lol, they certainly do. Cloudflare hosts everything from terrorist sites to CP to phishing. Moreover, when they finally take it down, it's usually 3 months after it has become relevant.
Wait until you discover that the servers you shut down are merely proxies, and new ones will be set up within hours...
That is literally impossible. You will always be able to find that through historical DNS records.
I can't think of a single site that was shut down solely because their domains were seized.
We certainly need expert advice now to solve this argument.
@William @MannDude @jar @Francisco
Am I completely wrong claiming, that Cloudflare operated sites are far more easy to solve for the law enforcement.
What about the above claims by this dude? Other than the proxy comment, I consider the rest bullshit.
Someone never operated frontend nginx proxies. K, got it.
Cloudflare would rather tell the complainer who the back end host is than take any action, on average. Then for the most part they wipe their hands clean. Always room for nuance but really the best way to get CF to shut someone down is to have enough people repeat that the website behind the proxy is run by white supremacists.
No idea, not my area. I do listen to the Darknet Diaries podcast as it's all pretty interesting, it seems like a lot of dudes get popped because of their own ego and desire to brag about their riches or whatever is they're doing.
But to loop back to the Cloudflare comment, they'll literally provide service to absolutely anyone.
In the case of copyright infringement they tell you who the backend is. They then also forward the complaint to the host. This might require they verify that you're the actual owner of the copyright.
As for CP/malware/botnets/etc, I don't know if they disclose the backend host to the complainer. They do forward the complaint to the backend host though.
Francisco
https://intodns.com/stormfront.org <- StormFront, literal Neo Nazis. Behind Cloudflare
https://intodns.com/godhatesfags.com <- Westboro Baptist Church. Yes, that's their official website and domain. Behind Cloudflare.
@Francisco, @MannDude, how common is this in your expertise?
Asking you not because I plan to host anything near that area, just because you
operate so many Tor nodes, how much trouble do you get into as a host, if you have
the time to write about it of course.
In response to all the reports I have sent to Cloudflare, they replied back with the host and abuse email. They also stated that they have forwarded your report to the hosting provider and encouraged you to report it as well.
Ah that's interesting
I mean, there isn't that many ways for TOR stuff to leak into the clearnet. We host some TOR2WEB's but it's actually pretty rare we see someone use it to distro CSAM/malware. It's pretty dumb and also very easy for the tor2web's to blacklist the secret service anyway.
Francisco
I've had to ask a few Tor operators to abide by our strict exit policy to prevent abuse reports from piling up, but we host a lot less Tor Exits than Fran: https://metrics.torproject.org/rs.html#search/as:210630 VS https://metrics.torproject.org/rs.html#search/as:53667
I think the US government is quite aware of what Tor is, at least I've never had anyone stateside complain. Some random agency out of Qatar recently was upset over some comments left on a website from a Tor IP, but the customer had a landing page on their exit's IP so I directed them to it since it had a good explanation of what Tor was and how it's not us or them leaving comments about their national museum or whatever it was that they were reporting. Never heard back from them.
Fran can probably touch base on the Tor aspect more.
Honestly, it hasn't really been a hassle. A decade ago it may have been sketchy to host Tor exits, but I think most people are quite aware of what it is now. Even the EFF is pushing Universities and Colleges to host Tor Exits on campus. It's sort of a mainstream and commonly used tool that the stigma surrounding it is vanishing, thanks to orgs like the EFF, Brave (eh), etc.
From a provider's POV, so long as you require common abuse reports to be blocked via the exit policy and request that a static landing page exist on the IP that explains it's a Tor Exit, you should be fine. I may take it a step further and request rDNS entries for Tor IPs to be contain some message like "this-is-a-tor-exit" or some variation just to further make it clear, at a glance, that it's a Tor exit.
Most database websites like breached and raid where using cloudflare, breached switched to ddos-guard in the end but only for two months before they got seized afaik (i can be wrong about the two months but it wasn't long).
onniforums is on CF (they kinda claim they are the successor to breached I think)
hackforums is still on CF (idk how illegal they are)
nulled is on CF (no idea why they have 3 IPS, normally its 2 I think)
cracked.io also on CF
Last 3 have been on CF for a really long time.
https://www.malwarebytes.com/blog/news/2023/08/cloudflare-tunnel-increasingly-abused-by-cybercriminals (funny timing)
But there are also a lot of forums that just use proxies from OVH for example, mostly the Russian forums like exploit.in and xss.is. I don't have much knowledge about CP because I don't know any domain that hosts it but I've heard a lot in the last 3 years about CF hosting everything from Terrorism to CP and doing nothing about it.
When I ran an exit for 6 months I got around 4 complains and they where all SSH bruteforce complains from a no-reply email, disabled port 22 exit and never heard from them again.
Sounds about right. Mostly automated from people's fail2ban or similar setup, not manually reviewed before being sent.
business accounts have 3 IPs, 2 dedicated one and one shared.
even I've 3 IPs from CF
Can someone post obligatory tinyweasel photo? So tiny!
Did you mean common ports? Not sure how you can block reports, since they can come from a reputable place when someone tried to bruteforce stuff or do some SQL injection and other stuff.
I meant ports, you are correct.
So long as commonly abused ports are blocked Tor Exit hosting is pretty tame.
Bulletproof but not police-proof?
Police in those raids never shoot. They just pool the plug. So, "plug pool proof host" should be the correct term.
Pompompurin switched to DDoS-Guard after the FBI had served a search warrant to Cloudflare for records of one of his other domains, if I remember correctly. That happened approximately 9 months ago. Time really does fly...
Ah true, I remember something like that. Yeah 9 months is way to long for me to remember something like that.