You are not logged in.

#1 2024-01-13 10:29 am

s&wchad
Member
Registered: 2022-08-11
Posts: 1

Why are Cloudflare IP's non-reportable?

I was unable to report several scammers who attempted to defraud people running WTB ads on our forum.  They were both using a Cloudflare proxy server and those IP addresses cannot be added to the database here.  Yesterday was the first time I've encountered this.  It happened again this morning. 

I'm curious why Cloudflare customers get a pass.  It seems like an opportunity for scammers/spammers to operate under the cloak of darkness.

Offline

#2 2024-01-13 12:00 pm

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 7,056

Re: Why are Cloudflare IP's non-reportable?

because you dont report the URLs post on your website as the source of spam, you submit the IP address used to post spam, which will never be cloudflare proxies.  now, if they're using the cloudflare WARP VPNs then post the details here so that we can look at removing those IP addresses (if they're non-proxy egress endpoints) from the rules to stop them being submitted.

The rule exists in its current state because too many forums were posting CF ip addresses because they misconfigured their sites when using CF and I got sick of the amount of inaccurate IP addresses being added which required me to then clean up.

CF reports the real IP address in the HTTP header, which was not being submitted as the source of the spam

Offline

#3 2024-01-14 7:42 am

GrapheneOS
Member
Registered: 2023-12-18
Posts: 5

Re: Why are Cloudflare IP's non-reportable?

The issue seems to be that the Cloudflare IP list is out-of-date and includes IP ranges they assigned to their Gateway and Warp services. There's a current list of IP ranges at https://www.cloudflare.com/ips/. They removed the ones they moved to Gateway and Warp. In particular, the 104.28.0.0/14 prefix was removed from the list. We're seeing spammers registering with Cloudflare's VPN service and then often posting from a different IP address.

Offline

#4 2024-01-17 3:16 am

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 7,056

Re: Why are Cloudflare IP's non-reportable?

thanks, I'll check the update scripts to see if they're being updated on a daily basis as the warp IP addresses should not be getting a bypass

Offline

#5 2024-02-05 12:25 pm

Alex Kemp
Moderator
From: Nottingham, England
Registered: 2009-12-02
Posts: 2,422
Website

Re: Why are Cloudflare IP's non-reportable?

I've received a replay from ped (admin) to my PM to him on behalf of this thread:

pedigree wrote:

CF really dont seem to publish lists of "warp connections come from here"

Offline

#6 2024-02-08 1:23 am

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 7,056

Re: Why are Cloudflare IP's non-reportable?

This is the list at the moment

"173.245.48.0/20",
"103.21.244.0/22",
"103.22.200.0/22",
"103.31.4.0/22",
"141.101.64.0/18",
"108.162.192.0/18",
"190.93.240.0/20",
"188.114.96.0/20",
"197.234.240.0/22",
"198.41.128.0/17",
"162.158.0.0/15",
"104.16.0.0/13",
"104.24.0.0/14",
"172.64.0.0/13",
"131.0.72.0/22",
"2400:cb00::/32",
"2606:4700::/32",
"2803:f800::/32",
"2405:b500::/32",
"2405:8100::/32",
"2a06:98c0::/29",
"2c0f:f248::/32"

Offline

#7 2024-02-08 1:44 am

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 7,056

Re: Why are Cloudflare IP's non-reportable?

I hooked up warp on my test box and got it connecting from 141.28.225.1 which isnt in the closest listed subnet of 141.101.64.0/18 (141.101.64.1 - 141.101.127.254)

Still looking

Offline

Board footer

Powered by FluxBB

Close
Close