Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The article says they knocked him offline only briefly, but I'm actually having trouble loading krebsonsecurity.com right now.


Its up now. Tops story is about the lizard squad. This is an interesting tidbit:

>These two services, like most booters, are hidden behind CloudFlare

Wow, is cloudflare so poorly run they have no idea they're hosting/caching/accelerating Lizard Squad tools? CF plays up itself as this strong security minded service, but it looks like they're in bed with the blackhats.

I was on the fence with them, but now I think I'm just going to roll my own mod_security/mod_evasive proxy and call it a day. If they dont care about or can't detect these types of clients, then I don't want to do business with them.


LulzSec also used Cloudflare back in the day. CF made a statement after that became public and said they take a neutral stance regarding who decides to use their service and that they don't proactively regulate the sites that do. As they shouldn't.


Cloudflare takes the right approach of being content neutral.


Also, if you're selling a DDoS-protection service, it's good business to not work too hard shutting down DDoSers.


AKA racketeering.


Really nice website you got here...be a shame if anything happened to it...


It seems completely reasonable to include terms preventing this type of behavior on their service.


Except it wouldn't stop there. If CF blocks bot services, then they should of course block places selling drugs. Drugs kill people unlike botnets. And actually, sites promoting drugs are equivalent to sites promoting suicide. So block both of those. And come to think of it, botnets only exist because of hackers, so we should probably get those blocked, too.

It's unfortunate there's any limit on hosting. LE can still go subpoena CF and use judicial channels like always. CF should stay in the anti DDoS business and just annoy everyone with their captchas instead of implementing law and morality.

Child porn seems to be the exception, as it's easier to look at "stopping" such things getting near our visibility, instead of worrying about the actual incidence of the problem. (See Craigslist where AGs preferred to shut down a system they had access to, since that's visible, preferring to force "adult" users to buy and sell in uncontrolled markets.)


Agreed. They are infrastructure.


No, CloudFlare intentionally lets this happen. They won't terminate a site's service for "merely" selling DDoS services. See https://news.ycombinator.com/item?id=7967615 for some old discussion on this, including input from CloudFlare's CEO.


Until cloudflare are contacted by police then I see no reason to drop a client.


Indeed, this might be useful to law enforcement - it means that there's at least a bit of info about our criminals in possession of a US-based company that won't have to be chased for months to comply with a warrant/subpoena.


So what? Would you rather they do what Microsoft did and take out 40,000 sites at once?


It looks like it's unstable. I can connect to it occasionally but most of the time Firefox is saying the connection was reset.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: