Spamhaus blocks CloudFlare's IP ranges
Spamhaus says about CloudFlare:
"Hosting service refuses to shut off abusers. Spam & cybercrime
'reverse proxies' stay up after being reported. Cybercrime world
now knows of this 'bulletproof hosting' and is rushing here."
Spamhaus is an
international nonprofit organization founded in 1998. On July 11, 2012
they added nearly the entire CloudFlare range of IP addresses to their
SBL (Spamhaus Block List). These
three entries are labeled "escalation" and include 37,000 addresses.
(CloudFlare's own complete list of their IP ranges contained 44,500 IP
addresses in July, 2012. Assuming that some of these were for future expansion and
presently unused, this meant that Spamhaus had essentially added all
of cloudflare.com to their SBL.)
This doesn't mean that the domains are unavailable. All it means is that
you are less likely to find a CloudFlare-affiliated domain embedded in
spam or phishing emails. And if your email address is based on a domain
that is protected by CloudFlare, your system administrator might discover
that outgoing emails are blocked by upstream providers who use Spamhaus
blacklists. There is nothing your sysadmin can do about this except to
turn off CloudFlare's service, causing your domain to resolve to a
non-CloudFlare IP address.
Matthew Browning Prince, born on 1974-11-13, is the CEO and co-founder of CloudFlare.
Thanks to a rich dad,
he attended the University of Chicago Law School ('00) and Harvard
Business School ('09). Prince taught Internet law and was a specialist
in anti-spam laws and phishing investigations. It's a mystery why he
joined the Dark Side.
CloudFlare has not yet borrowed Google's "don't be evil"
motto. Perhaps this is because his company was wantonly libertarian and
aggressively overhyped right out of the starting gate, so that pretending
to embrace probity could prove embarrassing. His
on abuse are pathetic for someone who should know better.
See also (Oct 2013):
using CloudFlare for SSL
In fact, sysadmins everywhere will feel safer if they block all of
If you are running Linux, you can enter nullroutes for CloudFlare
without trying to figure out iptables. We use it on our server because
CloudFlare-affiliated cybercriminals have a history of DDoSing us. One
of them is named Ryan Cleary and he is in jail now in the UK. He won't
get out anytime soon he pleaded guilty and has also been indicted
by a U.S. grand jury. Poor Ryan would feel better if Mr. Prince visited
him in jail and offered a little bit of immoral support.
220.127.116.11/22 (18.104.22.168 - 22.214.171.124)
126.96.36.199/22 (188.8.131.52 - 184.108.40.206)
220.127.116.11/22 (18.104.22.168 - 22.214.171.124)
126.96.36.199/12 (188.8.131.52 - 184.108.40.206)
220.127.116.11/18 (18.104.22.168 - 22.214.171.124)
126.96.36.199/22 (188.8.131.52 - 184.108.40.206)
220.127.116.11/18 (18.104.22.168 - 22.214.171.124)
126.96.36.199/15 (188.8.131.52 - 184.108.40.206)
220.127.116.11/13 (18.104.22.168 - 22.214.171.124)
126.96.36.199/20 (188.8.131.52 - 184.108.40.206)
220.127.116.11/20 (18.104.22.168 - 22.214.171.124)
126.96.36.199/20 (188.8.131.52 - 184.108.40.206)
220.127.116.11/22 (18.104.22.168 - 22.214.171.124)
126.96.36.199/17 (188.8.131.52 - 184.108.40.206)
220.127.116.11/21 (18.104.22.168 - 22.214.171.124)
These commands will block access to CloudFlare domains for all
traffic to and from your Linux box. Normally a domain that uses
CloudFlare won't be coming into your box with their CloudFlare IP
address. But with all those cybercriminals using CloudFlare, you
never know what trickery is afoot. After these blocks, any attempt
to access your box from cloudflare.com will time out. Best of all,
anyone sharing your box won't be able to get to CloudFlare to read
Mr. Prince's excuses. To remove these blocks, just change "add" to
"del" and run the script again, or you can reboot.
/sbin/route add -net 126.96.36.199 netmask 255.255.252.0 reject
/sbin/route add -net 188.8.131.52 netmask 255.255.252.0 reject
/sbin/route add -net 184.108.40.206 netmask 255.255.252.0 reject
/sbin/route add -net 220.127.116.11 netmask 255.240.0.0 reject
/sbin/route add -net 18.104.22.168 netmask 255.255.192.0 reject
/sbin/route add -net 22.214.171.124 netmask 255.255.252.0 reject
/sbin/route add -net 126.96.36.199 netmask 255.255.192.0 reject
/sbin/route add -net 188.8.131.52 netmask 255.254.0.0 reject
/sbin/route add -net 184.108.40.206 netmask 255.248.0.0 reject
/sbin/route add -net 220.127.116.11 netmask 255.255.240.0 reject
/sbin/route add -net 18.104.22.168 netmask 255.255.240.0 reject
/sbin/route add -net 22.214.171.124 netmask 255.255.240.0 reject
/sbin/route add -net 126.96.36.199 netmask 255.255.252.0 reject
/sbin/route add -net 188.8.131.52 netmask 255.255.128.0 reject
/sbin/route add -net 184.108.40.206 netmask 255.255.248.0 reject
Snake oil for harried webmasters
In 2009, New
York Times reported that according to a two-year study, Google
accounts for six percent of all Internet traffic worldwide. One year later
CloudFlare launched. By early 2012, according to Matthew Prince in
on any given day 25 percent of the Internet's visitors pass through
CloudFlare. Does this mean that CloudFlare handles four times more traffic
than Google? They obviously know what they're doing. You cannot go wrong!
Matthew Prince made a similar statement on July 18, 2012: "We do
more traffic than Amazon, Wikipedia, Twitter, Zynga, AOL, Apple, Bing,
eBay, PayPal and Instagram combined," chief executive Matthew Prince told
"We're about half of a Facebook, and this month we'll surpass Yahoo in
terms of pageviews and unique visitors."
Curiously, Mr. Prince changed his tune in August
2013: "Today, approximately four percent of web requests
flow through our network." Is CloudFlare slowing down? Not at all. The
previous June he told
Economist that he is adding 5,000 customers per day.
If CloudFlare adds 5,000 per day over the course of a year, how
does its share of Internet traffic go from 25 percent to 4 percent? Who is
more guilty of spreading bullshit high-tech CEOs, or fanboy
publications that print anything they say?