Archived link

Research into websites that are openly advertising services to a cybercriminal audience, such as bulletproof hosting, reveals that many of these domains are supported by Cloudflare’s services, the NGO Spamhaus says.

For years, Spamhaus has observed abusive activity facilitated by Cloudflare’s various services. Cybercriminals have been exploiting these legitimate services to mask activities and enhance their malicious operations, a tactic referred to as living off trusted services (LOTS).

With 1201 unresolved Spamhaus Blocklist (SBL) listings, it is clear that the state of affairs at Cloudflare’s Connectivity Cloud looks less than optimal from an abuse-handling perspective, Spamhaus writes on its website. 10.05% of all domains listed on Spamhaus’s Domain Blocklist (DBL), which indicates signs of spam or malicious activity, are on Cloudflare nameservers . Spamhaus routinely observes miscreants moving their domains, which are already listed in the DBL, to Cloudflare to disguise the backend of their operation, be it spamvertized domains, phishing, or worse.

  • garrett@infosec.pub
    link
    fedilink
    English
    arrow-up
    3
    ·
    3 months ago

    People who don’t work in fraud or abuse don’t understand how miserable Cloudflare is to work with. They have a single email box I can send to for identifying if I host a website that takes them days to respond to, no automation by the year of our lord 2024.