I’m really mixed on this. Anti bot stuff is increasingly a pain point for security research. Working in this space, I have to work against these systems.
Threat actors use Cloudflare and other services to gate their payloads. That’s a problem for our customers who are trying to find/detect things like brand impersonation and credential phish. Cloudflare has been completely unhelpful. They just don’t care.
Seconding this. Evading detection has become a real cake-walk since threat actors are able to sign up for a free Cloudflare account and then put their phishing site on their 2-hours old domain behind a level of protection backed by a $20B company. Funny that you almost never see phishing on Akamai ;)
Disclaimer: We operate in this space so we obviously have an interest in being able to detect these threats going forward.
Excuse my bias, as I work for IPinfo. Rolling your own bot detection service is something you should explore if you want near-absolute coverage.
We intentionally do not provide an IP reputation service as many sophisticated bots mimic the "good reputational" aspect of IP addresses. Usage of residential connections or essentially being vetted by CDN/cloud services makes making bot detection ambiguous.
That is why we provide accurate IP metadata information. Whenever you detect patterns of bot-like behavior, look up the metadata such as privacy service usage, ASN, or assigned company, and then start blocking them via the firewall.
They could police their content. Or if they don’t want to, they could meaningfully partner with the security industry - create a “security bots” program, respond to takedown requests in days not months, etc.
I suppose that Cloudflare scanning payloads for known malware could potentially be effective if they could make the performance work.
Closed partnerships programs are a bit concerning though. Once they’re up and running there’s an enormous economic incentive for CF to squeeze members with fees that capture the economic upside.
Threat actors use Cloudflare and other services to gate their payloads. That’s a problem for our customers who are trying to find/detect things like brand impersonation and credential phish. Cloudflare has been completely unhelpful. They just don’t care.