Cloudflare took down our website after trying to force us to pay $120000 within 24h

Tramort , 1 month ago

Jesus. Something shady is happening with cloudflare.

That does not inspire confidence.

slaacaa , 1 month ago (edited 1 month ago)

The biggest red flag is the up-front payment for a year, gives the indication that they are in actual financial trouble, meaning short in cash right now.

Fucking idiots could have been just increasing the price yearly without any resistance, it’s unlikely a big casino would care about an extra 50-100 per month.

Tramort , 1 month ago

Exactly my thoughts

foggy , 1 month ago

I'm pretty heavily invested in cloudflare. This news is definitely making me reconsider that investment.

What I can say, is their stock is looking very healthy. There are a lot of people buying a lot of stock for them and the prospect over the next 3 to 5 months looks very promising. The only way they wouldn't have cash on hand as if they're spending a ridiculous amount of cash on some project that I'm not aware of, and I feel like I would be aware of it.

This is very peculiar. Definitely warrants further investigation.

raspberriesareyummy , 1 month ago

The only way they wouldn’t have cash on hand as if they’re spending a ridiculous amount of cash on some project that I’m not aware of, and I feel like I would be aware of it.

Maybe someone dipshit in marketing heavily invested in LLMs, since that's the current hype among dipshits?

kbotc , 1 month ago

Cloudflare is publicly traded. They had $1.6 billion in cash or equivalents in December. Maybe they want to grease up the quarter to show better growth against the market, but that is a fuckload of cash.

raspberriesareyummy , 1 month ago

or maybe it's just a lower level manager who wants to polish up their revenue numbers to ask for a raise / promotion :) capitalists are ugly little critters like that.

Vlyn , 1 month ago

As I said in another comment: The up-front payment is the only thing that makes sense for Cloudflare. You got a customer that's costing you money each month. They broke ToS. You offer them a deal still to keep the services running. And their CEO/CFO tells you they are looking at other providers like Fastly.

If Cloudflare gave them a monthly contract then the casino would simply pay for a month and switch over their services to a competitor in that time. So Cloudflare loses all the money from the past (where the casino used far too much traffic) and will barely recoup 10k (minus the running cost, so more likely 7k at the high end) for a single month. It's just not worth it.

So they offer: Stick with us for a full year at least or get fucked. Which is fair.

qaz , 1 month ago

I don't think I particularly agree with this take, but it's an interesting perspective.

Nefara , 1 month ago

This scenario would mean major negligence on their part, as they had been with Cloudflare for years. When it was clear their services were costing more than the business plan paid for, that's when they should have been contacted with clear numbers and a sheepish admission that "unlimited" doesn't actually mean unlimited. It certainly seems shady to me that they attempted to make it about a TOS violation, that there's no public information about enterprise level and pricing, and that the second they said they were talking to a competitor they had their data purged. It sounds like a failed attempt at extortion to me.

brbposting , 1 month ago

Read to me as:

Look, for a ToS-breaking [and/or] legally questionable site, we need a LOT to make it worth our while given we could be named as co-defendants someday - and obviously we’re not saying [cough] you’re a sketchy business we don’t want, because if we said that then we shouldn’t take bribes and should cancel you no matter what, so please read in between the lines.

sudneo , 1 month ago

If you are cloudflare and you suspect they broke ToS you quote which ToS has been broken, you specify which country blocking the customer is trying or has tried to circumvent and you force the customer to either move away or enforce geo-blocking for those countries (or have a separate account for those with your own IPs). There is no reason to cancel the whole account if the blocking is country-specific and there is no way that 10k a month is anyway a sufficient benefit for cloudflare for their IPs to be blocked in a country (affecting potentially hundreds or thousand of customers).

Test_Tickles , 1 month ago (edited 1 month ago)

It's because CF could see that moving to another provider would not be too difficult for them. If they went month to month then they would be gone after one month. So CF decided to go with extortion instead. Either pay for $120k, or CF will set fire to your business.

Goodie , 1 month ago

I think it's far more likely there's some sales goal and or performance indicator at play here.

Trainguyrom , 1 month ago

The biggest red flag is the up-front payment for a year

Another comment pointed out this was probably to prevent them from signing up for a month then using that month to bounce to another provider

HowManyNimons , 1 month ago

CloudFlare don't need to subsidise an online casino with millions of subscribers, at everyone else's expense. Sure CF are a bunch of gigglefucks but this time I think they made a good decision.

catloaf , 1 month ago

Now they're getting $0 and bad press, so no I don't think they did.

HowManyNimons , 1 month ago

$0 is better than having a customer whose costs exceed their revenue; it looks like the bad press is being managed; and also fuck online casinos very much.

FederatedSaint , 1 month ago

Just because you don't like online casinos, doesn't mean cloudflare didn't completely fuck this up. They could have negotiated reasonable terms to increase their revenue on this account instead of going the route of stonewalling and extortion.

So not only did they lose this customer, but this bad press will ensure a lot of others never sign up with them, potentially costing them millions in foregone sales.

Yeah this was a massive boondoggle..

tedu , 1 month ago

Are these millions of potential customers in the room with us?

FederatedSaint , 1 month ago

If they're charging $120,000 per client, it only takes 17 potential lost customers to constitute "millions." It's realistic that at least 17 companies might be put-off with the way this was handled.

IsThisAnAI , 1 month ago

On lemmy and substack. The damage will be minimal and forgotten.

Tramort , 1 month ago

I read the post and it doesn't sound abusive at all

Plus: cloudflare kept putting them in touch with the sales department. Not legal. Not technical support

It's just shit customer service, even if the customer is making a ton of money compared to your fees. Should a casino pay more for other services, too, just because they" don't need a subsidy"?

foggy , 1 month ago

As strange as this may sound... if you're having serious technical problems, it's the sales team you want to talk to.

Sales people have way more pull at tech companies than the engineering teams do. If your sales rep sounds an alarm, people listen. When tech support sounds an alarm, nobody bats an eye.

In this particular situation, they should be reaching out to cloudflare's legal team. But, with their own legal team.

roguetrick , 1 month ago

Good luck with the lawsuit for breach of contract when you broke the contract. I'm sure the judge will be amused.

xxd , 1 month ago (edited 1 month ago)

Unless the casino is doing something illegal, it's really not their decision to make. If they don't want to subsidize them, all they'd have to do is be transparent and fair in their pricing.
They way CF handled it instead just seems unprofessional and deceitful.

Tramort , 1 month ago

Exactly right.

If they are somehow losing money routing traffic then their pricing is fundamentally wrong, which is just as big of a black eye for cloudflare.

TheEntity , 1 month ago

Subsidise how? They were using their existing plan as intended and even willing ditch the grey-area parts. If CF cannot afford to offer their plans as they are, they should change the offered plans, not hunt for easy prey.

HowManyNimons , 1 month ago

Clearly CF were losing money on this account, so their other customers were subsidising.

Ah fuck it, I'm clearly at the bottom of a dog pile here, and I don't want to be friends with any of you, nor am I going to start thinking that an online casino deserves anything but contempt, so I'll be off.

FederatedSaint , 1 month ago

No no, you're really not far off. Few, if any people here are advocating for CF to continue to provide the same services for the same price. It seems clear to most (including the author) that a price increase was justified. The problem we're all having is how they went about it, agnostic of the client.

(I don't care who the client was and don't care one way or the other about online casinos.)

raspberriesareyummy , 1 month ago

It's not the decision to ask more money, it's how they made it and in violation of their own terms of service, also extortion, so yes they are dipshits.

Vlyn , 1 month ago (edited 1 month ago)

Is there? The casino is on a cheap $250 a month plan they don't belong on and they broke ToS with the domains. While also costing Cloudflare money each month (as the casino admits themselves, their traffic alone is worth up to $2000 a month).

It's absolutely in the right of Cloudflare to drop a customer that's bothersome. Casinos usually are (regulations, going around country restrictions), them costing them money on top is a massive issue.

120k a year is a big slap of course, but it's probably the amount Cloudflare would want to keep them on as a customer. If they leave, so be it.

I've seen it several times before at companies I worked at. They cheaped out and went with a tiny service plan to coast by. Or even broke ToS because it would be cheaper. That usually got stopped by plans getting dropped (GitLab Bronze for example), cheap plans getting limited, or the sales team sending a 'friendly' message that we're abusing their plan and how we're going to fix it. If you don't play along at that point you're going to get the hammer dropped on you.

It also wasn't 24h as the title says, the first communication happened in April. At that point they should have started to scramble, either upgrading to a bigger tier immediately or switching providers. And it's totally normal to go to the sales team when you break the ToS of your plan or you abuse a smaller plan. They're going to discuss terms, it's not a technical issue.

Edit: And I should also say, the whole "paying for a whole year is extortion" is bullshit too. Their CFO or CEO told Cloudflare they are looking at switching providers (as they looked at Fastly). So of fucking course Cloudflare is going to demand a full year upfront. Otherwise the casino could pay for a single month and during that month they switch away to another provider. So Cloudflare would still be thousands in the red with that ex-customer after they used so much traffic the last few years.

Cryophilia , 1 month ago

The first communications were intentionally misleading though. CF wasn't trying to solve a problem, they were trying to sell a service. If CF had just led with "upgrade or we nuke your site" then that's scummy, but fair. Leading these guys on about technical problems and "trust & safety" bullshit was not fair at all.

Randelung , 1 month ago

And understandably you wouldn't switch plans if all you're talking to is sales without context.

sugar_in_your_tea , 1 month ago

Is that the first communication though? I would really like to hear Cloudflare's side of the story.

Vlyn , 1 month ago

There were 3 issues at once, so "trust & safety" is definitely part of it.

1. Too much traffic use, this is purely a billing issue and CF probably wouldn't even care (they haven't for years) despite losing money
2. Violating ToS with the domains, a minor infraction probably, but enough to cancel the contract
3. This is the big one: CF uses one pool of IPs for all customers, the IP of a gambling site (like a casino) will get banned by ISPs of various countries (Gambling being illegal, strictly regulated and so on). This is the trust & safety issue, CF is actively hurting by keeping this customer. The enterprise plan they want to push them to has ByoIP (Bring your own IP), which would probably have been one condition of keeping them on. CF could have communicated better (if we got the full story here..), but for $250 a month they'd much rather kick the customer off their service

Cryophilia , 1 month ago

So maybe fucking say that?

tiramichu , 1 month ago

That Cloudflare were justifiably unhappy with the situation and wanted to take action is fine.

What's not fine is how they approached that problem.

In my opinion, the right thing for Cloudflare to do would have been to have an open and honest conversation and set clear expectations and dates.

Example:

"We have recently conducted a review of your account and found your usage pattern far exceeds the expected levels for your plan. This usage is not sustainable for us, and to continue to provide you with service we must move you to plan x at a cost of y.

If no agreement is reached by [date x] your service will be suspended on [date y]."

Clear deadlines and clear expectations. Doesn't that sound a lot better than giving someone the run-around, and then childishly pulling the plug when a competitor's name is mentioned?

gorgori , 1 month ago

That would have been a mature thing to do.

realbadat , 1 month ago

Considering the perspective of the poster, the misleading title, etc - are you actually sure they didn't?

QuaternionsRock , 1 month ago

Until Cloudflare responds to the post, it is IMO most beneficial to assume that the OP is being truthful and forthright. Doing so puts pressure on Cloudflare to either clarify or rectify the situation, whereas treating Cloudflare as though they are above suspicion accomplishes nothing.

After all, OP is very much the little guy here.

realbadat , 1 month ago (edited 1 month ago)

Eh, I have a couple of issues with that. For one, I doubt CF would even respond to this. I could easily see them using this very writeup to sue, with all the admissions in it.

The bigger part though, is calling an online casino, whose own IT team (the writer) admitted they were knowingly abusing the plan they were on, the "little guy".

Are they small in comparison to Cloudflare? Absolutely, those schmucks have way too much control of the internet. Calling an online casino, whose own staff lied in the title, the little guy though... Doesn't sit right with me.

No, I'm not going to side with them, or with CF. I'm going to make my assumptions off what I know (two terrible companies, one of which has a liar writing an article where they pretend to not have admittted to their own lies about the subject), and I'm going to assume this:

• Terrible casino used a plan they know they shouldn't have been on.
• Terrible casino would have known what their traffic looked like for a long time.
• Awful CF noticed, and said "Hey guys, wrong plan, talk to sales."
• Terrible casino threatened to just leave awfuo CF.
• Awful CF demands a year up front to ensure their costs are covered for previous abuse of the TOS.
• Awful CF figures "screw it, they are stringing us along, just cut them off so we don't spend more money. TOS violation makes it easy."
• Idiot IT from terrible online casino writes an article (stupidly) in which they admit to TOS violations, and pretends not to know about their own traffic from a resource they are relying on.

Seems pretty obvious to me. Barring further details, my assumptions are based on what I know, and I am perfectly happy sticking to that.

You do you.

Vlyn , 1 month ago

From the additional info I read, it sounds more like the traffic wasn't the main issue.

Gambling is forbidden in a lot of countries or heavily regulated. Cloudflare uses a common IP pool for all customers, so a casino customer would possibly get their IPs blacklisted (by various ISPs). The Enterprise tier of Cloudflare has "Bring your own IP (ByoIP)", which they probably wanted to force onto this problematic customer to protect their business.

So it's actually a problem, not just them paying not enough (which is another reason to get rid of them as fast as possible).

batucada , 1 month ago

0F,

catalog3115 , 1 month ago

I really love cloudflare especially for my hobby projects but in this case they asked for outright Ransome. From this I learnt to keep Nameservers & domain sellers different. I am going to transfer domain away from nameserver.

drdabbles , 1 month ago

Not just "this case", there's been countless cases like this with CF.

sugar_in_your_tea , 1 month ago

Could you provide a couple?

drdabbles , 1 month ago

You can google for cloudflare issues ranging from providing hosting for actual nazi sites to extorting customers by threatening the exact scenario se saw in this blog post. Feel free to google "cloudflare account suspended" to see many posts about people having not just DDoS mitigation disabled, but everything related to an account deleted and disabled. Many of those people had the audacity to, get this, rely on DDoS protection! The nerve, right?

sugar_in_your_tea , 1 month ago

So no sources then?

If I have to dig, I'm most likely only getting one side of the story. This article pointed out that the customer broke the TOS and knew they were getting way better of a deal than they should've. I'm not so confident a random post online from angry customers is going to be so forthright.

That's why I'm asking. If you've seen some particularly interesting stories, it would certainly be easier for you to find them them me. I'm not looking for butthurt customers who got caught breaking the rules, I'm looking for legitimate cases of CF bullying rules-following customers into paying more.

drdabbles , 1 month ago

I told you how to find them so you wouldn't have to bitch about my cherry picking. I can't help if you'd rather bury your head in the sand, and it makes no difference to me what you believe.

todd_bonzalez , 1 month ago

Regarding the HN shenanigans, their algorithm does some weird things.

If a new post gets too many upvotes and not enough comments, it gets demoted very quickly.

If any of the activity appears manufactured, it basically delists the post.

Very exploitable, but also prevents popular articles that don't stimulate conversation from sticking around on page 1 for too long, and makes botting upvotes do more harm than good.

suction , 1 month ago

HN is a libertarian hellhole full of divorced incel energy

someguy3 , 1 month ago

Also, interesting comment I found on HN:

What is HN?

catloaf , 1 month ago

Hacker News: https://news.ycombinator.com/

tengkuizdihar , 1 month ago

Hackernews

drdabbles , 1 month ago

Pro tip: Don't waste your time over there.

br3d , 1 month ago

It's incredibly selective about which topics it's good for. Want insight into advanced mathematics or new programming languages and people there have amazing insight. But they bring the same level of confidence to the discussion when talking about topics they've no idea about.

CeeBee , 1 month ago

That just sounds like the Internet in a nutshell for various topics.

mox , 1 month ago

they bring the same level of confidence to the discussion when talking about topics they’ve no idea about.

Generally, I've found the discussion quality across these sites to be something like this:

HN > Lemmy > Reddit > 4chan

But yes, I have seen examples of incorrect confidence and bad-faith arguments on all of them. I don't think it can be escaped in a public forum of humans. :)

wirehead , 1 month ago

It's the Pravda of the VC-centric tech scene and has been for a very very long time.

(I am referencing the Soviet Union implementation thereof, for clarity)

It's never going to bite the hand that feeds it, where people will voting-ring or the owners will just force-edit it to prevent that from happening. Outside of that, sometimes it might say something useful. The problem is that today's problems are not because of a lack of advanced mathematics understanding or new programming languages.

drdabbles , 1 month ago

It’s the Pravda of the VC-centric tech scene and has been for a very very long time.

At least someone else gets it.

Alphane_Moon , 1 month ago

It’s the Pravda of the VC-centric tech scene and has been for a very very long time.

A very interesting description. I only occasionally read HN via links from other sources, but I wouldn't be surprised if there is a lot of truth to your characterization.

drdabbles , 1 month ago

I'd suggest they're just as wrong about programming languages and maths as any other topic.

starman OP , 1 month ago

Sorry for confusion, I edited the post to make it clear

pop , 1 month ago

Hackernews, unironically named to appeal tech circles, but run by venture capital fund y-combinator, mainly to promote companies they invest in.

As such it's mostly used by techbros (MBA types) and tech companies to show-off, start drama, push their PR, damage control, and occasionally post news.

It's like linkedin, in reddit format. It's all about your connections.

draughtcyclist , 1 month ago

Realistically, this is why you pay for Akamai. You don't get these shenanigans.

How the fuck were they still on a $250 dollar a month plan when they pumped through $2000 a month worth of traffic? That's shady on the companiy's part and Cloudflare shouldn't have allowed it to happen in the first place.

Each party played their part here and did shitty things. Sounds like the tech equivalent of a crackhead arguing about selling stuff to the pawn shop employee.

ryven , 1 month ago

The $250/month plan supposedly includes unlimited traffic. If there's actually a limit where you're supposed to switch to a more expensive plan with no standardized price, maybe CF should say what the limit is?

draughtcyclist , 1 month ago

They absolutely should have outlined a traffic limit for the $250 a month plan. That's on Cloudflare for allowing it.

That said, if you make wildly excessive use of that loophole it probably shouldn't surprise you if they do something like this. They called it "trust and safety" because it allows them to do anything they want under the guide of security.

Really, they didn't define their service clearly and wanted to fire them as a customer unless they paid up for what they felt they were owed.

TheTetrapod , 1 month ago

If something is marketed as "unlimited", I don't think there is such a thing as "wildly excessive use". This isn't a competitive eater going to an all-you-can-eat buffet and being mad about getting kicked out. It's a business using a service in a way that's seemingly in-line with what they paid for.

JeffKerman1999 , 1 month ago

It's the same definition of "unlimited" that Telcos use: you pay for unlimited but it really is XXgb of data per month, after that they either disconnect you or throttle your traffic at a glacial pace...

lazynooblet , 1 month ago

And in both cases, that is bullshit. Just because it happens doesn't mean we should accept it.

Gullible , 1 month ago

A man walks into whorehouse at half past seven, inquires about prices, and learns that it’s 250 per night, per person for the room. “Everything they consent to is available to the customer” says the proprietor. Gladly he pays and climbs up the steps with his hand clasped tenderly, finally landing upon a plain pink cushion, whereupon he proceeds to fuck the absolute shit out of his companion for six full hours. The brothel quakes in rhythm with their dual shrieks of ecstasy for the full duration.

As he begins dressing himself across from the nearly comatose prostitute, the proprietor returns, requesting two hundred and ninety dollars for the extended stay and sixty for the damage to her employee. It was at that moment that the man realized that the madame was a 70 foot tall crustacean from the Paleozoic era. He yells “goddamn Loch Ness monster, I ain’t giving you no three fifty!”

AVincentInSpace , 1 month ago

...huh?

mightyfoolish , 1 month ago

South Park reference. Probably the funniest episode in the whole show outside of "Hare Club for Men".

Vlyn , 1 month ago

"Unlimited" doesn't exist in this universe. It's always "Unlimited under fair use".

If you pay for your water park ticket and they offer unlimited free drinking water fountains, you can't pay for your ticket, call up Nestlé and bring in the water trucks.

Besides the IP poisoning from the casino, ToS violations and so on, just using this much traffic would probably be enough cause for a cancellation (or a forced plan upgrade).

neuracnu , 1 month ago

I worked for Akamai for 7 years.

This is why, if your CDN infra is core to the operation of your business, you make your systems accommodate multi-CDN integration. Cutting one CDN off shouldn't be significantly difficult, and it comes in handy during contract negotiations. All the major players work this way.

rekabis , 1 month ago

Yet more evidence that CloudFlare is inherently damaging and hostile to the Internet.

fine_sandy_bottom , 1 month ago

It's fine to not like CloudFlare but this isn't really "evidence" of any kind. It's a one-sided rant on sub stack.

Aux , 1 month ago

Seriously? The article author admits they're doing illegal shit and break CF TOS and CF is inherently damaging? You ok, mate?

TheDarksteel94 , 1 month ago

I'd be interested to see if / how Cloudflare will respond to this. Because at this point I'm not 100 percent sure who is in the right.

dependencyinjection , 1 month ago

Yeah I have no sympathy for a casino and as a software developer I would never work for one, but in the other corner you have a company with too much power.

TheDarksteel94 , 1 month ago

Even if it wasn't a casino, they could either be bullshitting or just be plainly incompetent. Like, idk them personally, but I wouldn't rule it out lol

QuantumSpecter , 1 month ago

Lemmy points counter at 666 as I read this post. Is this a sign?

catalog3115 , 1 month ago

Does this mean hackernews & cloudflare are colluding together?

tedu , 1 month ago

A simpler explanation is that users are tired of everybody with a customer support issue running to daddy HN and making a big fuss trying to get their way.

moonpiedumplings , 1 month ago

After Twitter went to shit, where else do customers have to go for customer support like this?

Admittedly, I didn't read the article, but I have seen plenty of other cases woth cloudfare or other big providers where people have only been able to set things right by kicking up a fuss on social media --- like that recent one with amazon aws.

twei , 1 month ago

I didn't read the article

Don't worry, neither did anyone else in this thread

Bryanbat , 1 month ago

I gained so much money from my investment. All thanks to EXPERT ELOISE WILBERT ON INSTAGRAM.. who thought me how make huge profits from my deposit and I gain from 100$ to 600$.. Thank you EXPERT ELOISE WILBERT ON INSTAGRAM contact her now to also get such good luck 📝👍

the_crotch , 1 month ago

Repoint your DNS, send everything to legal, delete Facebook hit the gym

secretlyaddictedtolinux , 1 month ago

this is disgusting and knowing this, i will never pay cloudflare for anything nor recommend them to anyone ever

Jakesvito , 1 month ago

I have been on a wining streak since I started following Veronica Tolan on Facebook, My portfolio has increased greatly in weeks. He is truly a stock/crypto genius. WhatsApp her directly; +44 7465283150

Agent641 , 1 month ago

Veronica's pronouns are he/her?

Jakesvito , 1 month ago

Thank you for the correction! I appreciate it and will make sure to use the correct pronouns for Veronica from now on. You're right, using 'he' or 'her' pronouns is important. Now, back to the investment idea... I believe reaching out to Veronica could be a great opportunity for growth and collaboration. Their expertise and insights could be invaluable in helping our investment thrive.

Jakesvito , 1 month ago

It's a she ( her)

solrize , 1 month ago (edited 1 month ago)

HN thread is here and it's on the front page 7 hours old: https://news.ycombinator.com/item?id=40481808

Many mentions made that a significant part of the issue seemed to be Cloudflare IP addresses getting banned in some countries. They wanted the customer to switch to a bring-your-own-IP plan.

Also, the discussion took place over 1 month, not 24 hours.

I think the HN thread is reasonably informative and nuanced. CF didn't do great but it was somewhat a fog of war situation.

goferking0 , 1 month ago

Yeah this substac just reads as we abused cloudflare then were surprised they didn't take us saying no well.

raspberriesareyummy , 1 month ago

1. what is HN? Edit: never mind, answered below: hacker news (ycombinator)
2. daaamn... I hated cloudflare before for their shitty and non-adblocker-compatible (often not working at all) "I am not a bot" checks, but fuck me are those EVIL motherfuckers....