Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Cloudflare outage caused by botched blocking of phishing URL
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Cloudflare outage caused by botched blocking of phishing URL

Tony40Tony40 Member
in Outages

An attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour.

The outage occurred yesterday when an employee responded to an abuse report about a phishing URL in Cloudflare's R2 platform. However, instead of blocking the specific endpoint, the employee mistakenly turned off the entire R2 Gateway service.

https://www.bleepingcomputer.com/news/security/cloudflare-outage-caused-by-botched-blocking-of-phishing-url/

Thanked by 2Beniskickbutt loay

Comments

  • TimboJonesTimboJones Member

    It blocked the phishing attack at least.

    Thanked by 11Dazzle shaikhmanal imok Beniskickbutt Blembim Erisa tentor OhJohn emgh oloke manouchehri
  • Kevinf100Kevinf100 Member

    I somehow feel whatever the employee did they shouldn't have access to or should require more than one person to approve.......

    Thanked by 7itoshikimonset hostnoob imok Beniskickbutt Blembim kevinds manouchehri
  • FengfengFengfeng Member

    What should this phishing attack called?
    DoCF attack
    Denial of Cloudflare :)

    Thanked by 2Beniskickbutt gbzret4d
  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @Fengfeng said:
    What should this phishing attack called?
    DoCF attack
    Denial of Cloudflare :)

    PEBCACF

    Francisco

    Thanked by 1Beniskickbutt
  • BlembimBlembim Member

    rc-service r2-gateway restart

    Thanked by 1oloke
  • cainyxuescainyxues Member

    So wait like an employee, like an employeeeeee can turn off the entire R2 gateway service 🫡 bwow bhery ebhicient 😂

  • itachikonohaitachikonoha Member
    edited February 8

    @cainyxues said:
    So wait like an employee, like an employeeeeee can turn off the entire R2 gateway service 🫡 bwow bhery ebhicient 😂

    probably the main guy was on leave and they shared their authentication just to get this small job done which meant same maker checker in reality.

    Thanked by 1cainyxues
  • mrTommrTom Member

    Isn't the main story here that cloudflare actually acted on an abuse report?

    Thanked by 5emaiI cainyxues tentor sanvit zed
  • sillycatsillycat Member

    @mrTom said:
    Isn't the main story here that cloudflare actually acted on an abuse report?

    Cloudflare always acts upon abuse reports. What universe do you live in?

    Thanked by 1cainyxues
  • tentortentor Member, Host Rep

    @sillycat said:

    @mrTom said:
    Isn't the main story here that cloudflare actually acted on an abuse report?

    Cloudflare always acts upon abuse reports. What universe do you live in?

    From my experience DMCA are (or were - my experience is few years outdated) processed much faster then phishing ones (took about one month, which is too much given that domain was suspended in days after report submission)

    Thanked by 1oloke
  • nanankcorneringnanankcornering Member

    @mrTom said: Isn't the main story here that cloudflare actually acted on an abuse report?

    I think they take abuse report seriously if it is "hosted within cloudflare infra"

    Thanked by 1cainyxues
  • OhJohnOhJohn Member
    edited February 8

    Like 10 or more 15 years ago big G did this to the internet by deeming the url regex part "/" as a phishing attack in their safebrowsing api, declaring every single website on the planet as a phishing url.
    (And about every browser uses the safebrowsing api for checks).

    Now safebrowsing is/was sth. organized like a nonprofit and every single website call of the internet was redirected (by browsers and search engines) to their website informing about phishing. Happy sysadmin time :)

Sign In or Register to comment.