Why Am I Being Redirected – And What Is Cloudflare?

Bennett Prescott

Just This Guy, You Know?
Staff member
Jan 10, 2011
10,858
39
48
39
Wallingford, CT
www.bennettprescott.com
Some users report seeing a page like this one while attempting to access SoundForums.net:

Screen Shot 2012-03-27 at 5.20.30 PM.jpg

Don't worry, this is not a reflection on you, do not adjust your set, there is nothing wrong with your computer or browser.

We use a service called CloudFlare, which does a few things for us. It acts as a very high speed DNS service, anti-spam service, caching service, and global content delivery service. Essentially, CloudFlare saves us a ton of bandwidth and processing by keeping large static items (like the image above) stored around the globe. When your computer asks for a page from SoundForums.net, we serve the text and layout bits of the page, and instead of having to serve kilo- or mega-bytes of images we just link to Cloudflare's copy, which is served from a computer close to you. If part or all of SoundForums.net is down, Cloudflare also keeps a cache of the page as it was just a few minutes before and will serve you that until the site comes back up. It can do all these things because, as our DNS server, it sits between our site and you.

The part that has you wondering what's going on, however, is the spam blocking service. Cloudflare keeps a constantly updated database of blacklisted IP addresses. It maintains this database through its normal operation - because Cloudflare is looking at requests going to so many sites, it can pick out anomalies like botnets and malicious users. These blacklists save us a lot of processing as well because, as Cloudflare sits between our server and you, malicious requests never even get to our server and it doesn't have to spend time serving them. This is fantastic, but obviously not perfect.

Every once in a while Cloudflare is wrong... or perhaps there is someone else on your network, sharing your IP address, spamming personally or perhaps unknowingly due to an infected computer. Perhaps you access Soundforums.net through a cable or DSL modem, and your IP address recently changed to one that was used a little while ago by someone spamming or with an infected computer.

No matter what is going on, all you need to do is verify that you are (probably) human by answering the CAPTCHA. Then Cloudflare will allow your IP address access to the forums and everything will be fine.
 
Re: Why Am I Being Redirected – And What Is Cloudflare?

If concerned about your IP, you can just do a google search of your raw IP and see if it shows up as flagged by a black list.

In my hand-to-hand combat with hackers I find some that I identify are black listed already but most are not, so the black list filter reduces but doesn't eliminate all threats. Reducing them is a good thing though.

if cloudflare dynamically looks for bad behavior from non-black listed IPs and throws a few hurdles in their path, it is a minimal annoyance to valid users, and perhaps enough to discourage spammers/hackers who try to make it up on volume and won't invest a lot of time on a low profile target.

There is a recognizable signature and footprints from a lot of bad web behavior, so the smarter and larger cloudflare gets, the better it could work. While if too effective they would become the focus of an arms race to exploit and overcome their filters.

JR
 
Re: Why Am I Being Redirected – And What Is Cloudflare?

If concerned about your IP, you can just do a google search of your raw IP and see if it shows up as flagged by a black list.

In my hand-to-hand combat with hackers I find some that I identify are black listed already but most are not, so the black list filter reduces but doesn't eliminate all threats. Reducing them is a good thing though.

if cloudflare dynamically looks for bad behavior from non-black listed IPs and throws a few hurdles in their path, it is a minimal annoyance to valid users, and perhaps enough to discourage spammers/hackers who try to make it up on volume and won't invest a lot of time on a low profile target.

There is a recognizable signature and footprints from a lot of bad web behavior, so the smarter and larger cloudflare gets, the better it could work. While if too effective they would become the focus of an arms race to exploit and overcome their filters.

JR

Cloudflare is in the top five of all internet domains in terms of the amount of data they serve, and they track millions of urls for patterns related to spam activity. Hacker/spammers are rarely people, but simply bots, albeit clever ones.

You should use Cloudflare, it will help your site.
 
Re: Why Am I Being Redirected – And What Is Cloudflare?

Cloudflare is in the top five of all internet domains in terms of the amount of data they serve, and they track millions of urls for patterns related to spam activity. Hacker/spammers are rarely people, but simply bots, albeit clever ones.

You should use Cloudflare, it will help your site.

I will not publicly discuss my CC security efforts.

As cloudflare gets to inspect a larger slice of web traffic they can better identify patterns of bad behavior to ID bad actors and block them before they are black listed.

I still want to invent a way to send electricity out over the internet so I can reach out and touch the IPs I trap. How many volt/amps would it take to kill a bot?

I have considered supporting a user forum for my product, so I am interested in strategies like Cloudflare to help manage spammers. I get a number of email offers from (I assume) spammers, to use their services to spam (?) others? Somebody must be paying these pukes...

The internet is already taxed, by these malicious freeloaders and thieves (data bases under constant attack). IMO webhosts are complicit but probably look the other way for a few bucks.

JR
 
Re: Why Am I Being Redirected – And What Is Cloudflare?

JR, we use four (oversimplified) factors for security and spam reduction.

  1. The machine is firewalled so only two ports are open to incoming connections.
  2. We use two-factor authentication with a rolling PIN for login over SSH, etc.
  3. Cloudflare intercepts all our DNS and only connects requests it likes.
  4. At the forum level, we connect to the Akismet and StopForumSpam servers to vet every new registration, also check every user's first few posts

Between those factors we only really end up having to deal with a small amount of blog spam, since the spam checker doesn't check first posts there, and the occasional bit of forum spam from services smart enough to just hire real people to do their dirty work. Considering we serve almost 2 million pages a month, I'd say it works pretty well!
 
Re: Why Am I Being Redirected – And What Is Cloudflare?

For the record I was not being critical or sarcastic...

I find PCI DSS compliance a major PIA. Anything that helps thwart the bad actors is a good thing.

JR