For security reasons we separate ourselves from Cloudflare

Unfortunately we have to end the partnership with Cloudflare for security reasons! We have tried several times to point the technical developers to these problems over 3 months with many mails and harvested as a last statement get (automatic translated):

The only problem is partial setups that we have never claimed to be safe. Partial setups allow hosting partners like you to easily integrate our service by Cloudflare the traffic for sub-domains (!) via CNAME, which allows your customers to use our CDN and the associated benefits such as improved loading times and reduced traffic.

This means, in reverse, that the promise that the Plesk plug-in for Cloudflare is claimed does not provide any security, unlike what is promised in the description of the plugin! On the contrary, hosters live very dangerously when they use this plugin!

The so-called “server-shield” that sounds from the name as if it were attacking, turns out to be extremely dangerous in attacks by hackers who Cloudflare the attacks on the server, and thus exactly the opposite!

Quote of the security Vorgaukelung:

This extension protects your websites against online threats (such as hacking, spamming, botnets, DDoS attacks) while making them load lightning fast.

Why this is so:

All hacking attacks on the alias domain www.MeineDomain.de e.g. are not filtered by Cloudflare by default! To do this, Cloudflare offers the customer better options when registering or switching on the use of the Cloudflare nameservers, but then only very limited and who then really needs the secure protection, cost extra!

However, the security features that the servers provide without to use Cloudflare are partially leveraged and on the origin servers! When an attack is detected, they cannot block the attack, and Cloudflare also does not block these attacks by default! And with the use of the Cloudflare Plesk plug-in, the security will not been higher, but completly off!

So if an attack is made by one or more IPs of a hacker, they are passed through Cloudflare and then done via the IPs of Cloudflare! Cloudflare saved pages and files between! However, the requests are made with additional parameters, e.g.

https://www.angegriffeDomain.de? cmd = drop% 20database & time = 1111

and then

https://www.angegriffeDomain.de? cmd = drop% 20database & time = 1112

All requests are sent to the origin server!

In addition, you can then integrate the Apache mod_cloudflare plugin, then the IPs of the hacker is logged on the server and tries for example from the security technology to block, however, these blockings are useless, since the requests are made via the IPs of Cloudflare and only the original IP of the hacker are logged!

We could only block the IP of Cloudflare in such off an attack, but all customers who are on the same server would suddenly no longer be served, because then they would also be blocked for these customers and domains of normal traffic! So far Cloudflare was before “white listed”, which has turned out to be absolutely dangerous in the propagation of the attacks!

Hackers can reverse scan to cf. Domains and get the original IP of the server. Hackers can use the IP of a server to identify all domains that have the cf. Domain entry and point to this server and use this very purposefully to attack from many hacker IPs via Cloudflare various domains of the same server, until it can straddle and the requests no longer answer! But even if the attacks are done without the evaluation of the reverse domain/IP, an aggressive attack from many IPs to a domain that performs the requests via Cloudflare would be extremely incriminating the server!

In normal operation without the use of the CDNs of Cloudflare,  the hackings are blocked directly by the IP  of the hackers immediately and the server is not pulled down!

We had this problem more times with some domains and on our own we were able to prevent this through targeted settings in Cloudflare!

For customer domains, as a partner of Cloudflare, we do not have these possibilities, which otherwise customers of the domains themselves have, only

A) Unfortunately, customers do not have the understanding to be able to adjust this optimally at Cloudflare because they are customers and no technicians, so as we as service providers

and

B) If the request is for a customer to grant us the appropriate access, it may take serveral days that customers does this (any are fast – others need long time – normal why they are customers)

And in the meantime all other customers would have to suffer, that the server are attacked on other domains!

We as partners are not allowed to set these settings for customers! They were not prepared to grant this in the future! Why do we need a partnership if it only brings benefits (making money) for Cloudflare and gives us the risk of hackings we cant stop? Nothing!

So far we have had to do the following in some cases:

In order to stop the attacks that Cloudflare once reuten, we had to manually disable Cloudflare via the API for the involved domain and reset the DNS settings to standard to the origin server directly, and then the attacks were still running approx. 30-60 Minutes, until then this was completely implemented in the DNS zones and also Cloudflare no longer retrieve or Could send requests!

From the side, the Cloudflare Plesk plugin is more likely to be classified as dangerous and not to be understood as an improvement in security!

Leave a Reply

Your email address will not be published. Required fields are marked *