The Wikipedia article says Cloudflare has been used to host hate speech, websites with illegal content and forums connected to all sorts of illegal activities. And I see them being used by a lot of decent webservices but shady ones as well.

So my question, can Cloudflare be used for something alike “bulletproof hosting”? Does anyone know if they collaborate with law enforcement or care once someone sends a mail to the abuse contact? Or if there’s a way to find information about a Cloudflare protected server for the public?

Hypothetical question, I’m just curious and I thought maybe someone here has first-hand experience with getting their account terminated or reporting content or doing piracy via them or whatever…

  • Typewar@infosec.pub
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 month ago

    Cloudflare takes a neutral response in general but are not resistant to law enforcement demands.

    What you can do is to create a cloudflare account on Tor, buy a privacy-focused VPN that supports port forwarding, connect your server to the VPN and point the DNS record to the VPN ip address. And then create a port rewrite rule in cloudflare settings (because port forwarding supported VPNs rarely support lower than 1024 ports). Atleast in this case, law enforcement notices won’t be forwarded to your ISP… still not bulletproof, but good enough for most stuff if you have concerns.