Ask HN: Cloudflare incorrectly banned me – can anyone help?
Hello HN,
The TLDR; 10 days ago I was banned from Cloudflare allegedly for "phishing". I have never phished, nor used Cloudflare to proxy illegal content.
I am a long time HN user but I created a throwaway account to avoid being linked to my employer.
10 days ago I got an email saying my account was suspended for "phishing". I contacted Cloudflare support immediately and within 60 seconds I got a reply saying my account was permanently banned with no further information. I think this was an automated response. I followed up explaining my account had never been used for "phishing" and it hosted a number of small businesses and would they reinstate it. I never got a reply.
My downfall must been related to Cloudflare Workers. I used it to create some apps including proxies that modified mainstream news websites. They acted as uBlock + Stylish for locked down computers where I could not install browser extensions. I did not share these with anyone, but I did not secure them with HTTP auth. I didn't think anyone could guess the xyz.abc.workers.dev URLs to access the proxies but automated software must have detected them and flagged them as phishing sites.
I was too clever for my own good, but I was not malicious, I did not abuse the Cloudflare platform and I never phished. I just created an application for my own personal use. I do not think any Clouldflare engineer looking at my Worker code would think it was malicious in any way. My account had current billing details and I was a paying customer in the past.
Lessons learnt: Don't be clever and security is ALWAYS important.
I would like to continue using Cloudflare. I worry I will be banned from their other services. If I was blocked at an IP level, it would be far more devastating than being permanently blocked by Google.
If anyone can help me, even just to clear my name, I would very grateful to you.
> My downfall must been related to Cloudflare Workers. I used it to create some apps including proxies that modified mainstream news websites. They acted as uBlock + Stylish for locked down computers where I could not install browser extensions. I did not share these with anyone, but I did not secure them with HTTP auth. I didn't think anyone could guess the xyz.abc.workers.dev URLs to access the proxies but automated software must have detected them and flagged them as phishing sites
Strange, Cloudflare has an official worker template to do just that (sans modifications): https://developers.cloudflare.com/workers/templates/pages/bu... Sounds like officially endorsed use case to me.
In fact I was thinking about doing the same the other day, but haven't gotten around to it...
Same thing happened to me. Paying account and when I asked what rule I had violated I was directed to the paragraph that said something along the lines of "CloudFlare reserves the right to terminate an account for any reason." It's been a real pain but I'm happy to pay for KeyCDN now.
I pinged our Trust & Safety team to take another look.
OP - I suggest adding some info to your profile or post here so they can identify you? Not sure if you can do that without revealing yourself to everyone else...
He's the CEO, I doubt there is anyone in company who doesn't know him.
vonseel is referring to the poster.
Yup. What’s domain in question?
I did not delete any of the Workers because I thought that would potentially make me look guilty to CF support. This Worker domain is in my account:
https://ip2.surprise.workers.dev/
The proxy's are also at *.surprise.workers.dev.
I ran out of text characters for the post. I am 99% sure none of the sites were compromised / hosting malware and 100% sure they were not hosting illegal or objectionable content.
Hi eastdokota, nobody got in touch with me. Could you follow up with the team? Again thank you.
All sorted :) Thank you.
Hello, I am from Cloudflare Trust and Safety. Can you please provide us with the domain name in question ?
Thank you friend. My workers domains are at *.surprise.workers.dev
I did not delete any code or make any changes to avoid looking guilty when CF support took a look at it.
I do plan on deleting the proxies. I am done being clever. I do have some useful workers that I would like to keep.
Thank you. Our team will look into this and get back to you.
Hi sonstry, sadly nobody got in touch with me.
All sorted :) Thank you.
Thank you so much! If I breached the ToC, I unreservedly apologize, but no ill intent was intended.
Are you concerned about the lack of recourse through official channels?
Going forward, what changes will you make so that people don't have to make Hackernews posts to get support?
To be clear -- the website owner can always reply to the email they receive from our Trust & Safety team. That goes directly to our team. This individual could also do that if they had further questions for the team.
Hackernews isn't a necessary route, and quite frankly no changes need to be made to existing policies. The individual could directly reach out team via a reply to the email they received. It seems in this case the person just didn't like the reply they received. That's quite different.
So if they didn't like the reply they received, why have they now been reinstated after posting publicly on hn?
Sounds like if nothing is wrong with the policy, then the company is applying the policy inconsistently.
Exactly.
Too often these email replies are automated and nobody looks at them. Even more so they briefly look and just say sorry still banned.
Only when it's raised publicly does somebody ACTUALLY look.
Was considering moving some domains to CF registrar as have used CF for DNS for myself and clients and love it. But so get terrified that while I would never do anything intentionally to get banned/suspended that if someday was wrongly suspended that there isn’t a clear path to reach a real person to get the issue resolved. I imagine there are an unbelievable number of bad actors and so CF and other providers have to balance that. But for people to feel comfortable using very popular services like CF there needs to be a clear path for people to prove there case and get issues resolved quickly without having to always resort to trending on HN. And hopefully the process would always involve emailing the person first with steps on how to resolve the issue. I have faith CF will be able to improve in this area as they seem to have a brilliant set of people working there.
I highly doubt it will get better as they grow. I think it will get worst actually as it does with most larger organizations.
Even with an enterprise support contract the idea of calling is completely discouraged to the point it's hidden behind menus of finding a customized code to call support. Their e-mail support is a pain also because there are different techs responding with different ideas to solve a question. They don't have chat support which is annoying as well in this day and age. If you want things done, their account management team gets it done fast when on boarding.
Although the product is really good and has some limitations which are annoying but if you can deal without support this is a great product. Also their post postmortems are amazing.
>Lessons learnt: Don't be clever and security is ALWAYS important.
What kind of lesson is that, we wouldn't have the internet as we know if people just followed the rules. If anything this signals that cloudflare is yet another huge company that can just shit on you with little recourse.
Hello again HN, this was kindly all resolved by Cloudflare. Thank you to eastdakota and sonstry for looking into this for me.
The automated contact emails are hilarious. Basically just there to help you scratch an itch to try things.