
Ask HN: Cloudflare incorrectly banned me – can anyone help? - throwaway72220
Hello HN,<p>The TLDR; 10 days ago I was banned from Cloudflare allegedly for &quot;phishing&quot;. I have never phished, nor used Cloudflare to proxy illegal content.<p>I am a long time HN user but I created a throwaway account to avoid being linked to my employer.<p>10 days ago I got an email saying my account was suspended for &quot;phishing&quot;. I contacted Cloudflare support immediately and within 60 seconds I got a reply saying my account was permanently banned with no further information. I think this was an automated response. I followed up explaining my account had never been used for &quot;phishing&quot; and it hosted a number of small businesses and would they reinstate it. I never got a reply.<p>My downfall must been related to Cloudflare Workers. I used it to create some apps including proxies that modified mainstream news websites. They acted as uBlock + Stylish for locked down computers where I could not install browser extensions. I did not share these with anyone, but I did not secure them with HTTP auth. I didn&#x27;t think anyone could guess the xyz.abc.workers.dev URLs to access the proxies but automated software must have detected them and flagged them as phishing sites.<p>I was too clever for my own good, but I was not malicious, I did not abuse the Cloudflare platform and I never phished. I just created an application for my own personal use. I do not think any Clouldflare engineer looking at my Worker code would think it was malicious in any way. My account had current billing details and I was a paying customer in the past.<p>Lessons learnt: Don&#x27;t be clever and security is ALWAYS important.<p>I would like to continue using Cloudflare. I worry I will be banned from their other services. If I was blocked at an IP level, it would be far more devastating than being permanently blocked by Google.<p>If anyone can help me, even just to clear my name, I would very grateful to you.
======
oefrha
> My downfall must been related to Cloudflare Workers. I used it to create
> some apps including proxies that modified mainstream news websites. They
> acted as uBlock + Stylish for locked down computers where I could not
> install browser extensions. I did not share these with anyone, but I did not
> secure them with HTTP auth. I didn't think anyone could guess the
> xyz.abc.workers.dev URLs to access the proxies but automated software must
> have detected them and flagged them as phishing sites

Strange, Cloudflare has an official worker template to do just that (sans
modifications):
[https://developers.cloudflare.com/workers/templates/pages/bu...](https://developers.cloudflare.com/workers/templates/pages/bulk_origin_proxies/)
Sounds like officially endorsed use case to me.

In fact I was thinking about doing the same the other day, but haven't gotten
around to it...

------
maxk42
Same thing happened to me. Paying account and when I asked what rule I had
violated I was directed to the paragraph that said something along the lines
of "CloudFlare reserves the right to terminate an account for any reason."
It's been a real pain but I'm happy to pay for KeyCDN now.

------
eastdakota
I pinged our Trust & Safety team to take another look.

~~~
vonseel
OP - I suggest adding some info to your profile or post here so they can
identify you? Not sure if you can do that without revealing yourself to
everyone else...

~~~
eastdakota
Yup. What’s domain in question?

~~~
throwaway72220
I did not delete any of the Workers because I thought that would potentially
make me look guilty to CF support. This Worker domain is in my account:

[https://ip2.surprise.workers.dev/](https://ip2.surprise.workers.dev/)

The proxy's are also at *.surprise.workers.dev.

------
sergiotapia
>Lessons learnt: Don't be clever and security is ALWAYS important.

What kind of lesson is that, we wouldn't have the internet as we know if
people just followed the rules. If anything this signals that cloudflare is
yet another huge company that can just shit on you with little recourse.

------
throwaway72220
Hello again HN, this was kindly all resolved by Cloudflare. Thank you to
eastdakota and sonstry for looking into this for me.

------
MattGaiser
The automated contact emails are hilarious. Basically just there to help you
scratch an itch to try things.

