Also, interesting comment I found on HackerNews (HN):
This post was definitely demoted by HN. It stayed in the first position for less than 5 minutes and, as it quickly gathered upvotes, it jumped straight into 24th and quickly fell off the first page as it got 200 or so more points in less than an hour.
I’m 80% confident HN tried to hide this link. It’s the fastest downhill I’ve noticed on here, and I’ve been lurking and commenting for longer than 10 years.
Cloudflare took down our website after trying to force us to pay 120k$ within 24h
Yikes. That sounds bad.
I’m a SysOps engineer at a fairly large online casino.
Okay all my sympathy is gone. Online casinos deserve to die.
That said, my feelings towards economic vampires aside, the way the events unfolded is concerning to say the least. Cloudflare has been racking up evil-corp points quite rapidly in recent months.
As a person who works in server hosting (not as devops or IT), I’m often privy to customer interactions. I feel like my company does a really good job at damage control - where if we fuck up, some rep gets on the phone and makes things right. We’ve eaten costs on behalf of our customers.
But sometimes, you just gotta tell a customer to go fuck themselves.
And those customers, those biggest complainers are often in online gambling, crypto, adult content, or racist shit.
We get DDos’d a lot from it. But I’m glad the company I work for doesn’t bow down to garbage companies.
I’m honestly not surprised.
I used to hook up with a guy who was 100% convinced that he could game the system. It had something to do with break frequencies from various services and certain time windows for playing. He won sometimes, but he obviously didn’t talk much about his losses. He wasn’t a very happy person, and I think gambling offered an easy release.
That’s my big issue with gambling. It’s a business preying on addicts leaving many in financial ruin, and overall they do nothing for society at large. Here in Sweden it is regulated, but you honestly don’t notice it. There are so many internet casinos vanishing and cropping up on an almost daily basis. If you turn on the radio the adverts are like 40% online casinos, 40% sex toy sites, and 20% various services, like tyre shifting, glass repairs, etc.
If it’s providing games of skill like online poker, it’s actually a very intellectually stimulating game. People have made a ton of instructional videos and many books on the poker variations.
After playing poker professionally I was able to leverage the skills of bankroll management and emotional control to become successful in investing in the stock market.
I held all of my stocks through the entire pandemic to rebound from a loss over multiple years holding tech to a $600,000 profit by buying at the bottom. If I hadn’t played poker I probably wouldn’t be able to stomach looking at a six digit loss in 2021. I only sold my bonds which I used to buy more stocks at a cheaper price (which was the point of the bond allocation)
I used to be in credit risk for a very large stock market company.
Calling the bottom of the market is the same as betting big and getting 21 in blackjack.
Super cool when it happens, but not skill. The number of grown men I had to hear crying because they were dollar cost averaging down to the bottom until they went broke still disturbs me.
I’m happy this worked for you, but it was not skill.
Realistically, this is why you pay for Akamai. You don’t get these shenanigans.
How the fuck were they still on a $250 dollar a month plan when they pumped through $2000 a month worth of traffic? That’s shady on the companiy’s part and Cloudflare shouldn’t have allowed it to happen in the first place.
Each party played their part here and did shitty things. Sounds like the tech equivalent of a crackhead arguing about selling stuff to the pawn shop employee.
The $250/month plan supposedly includes unlimited traffic. If there’s actually a limit where you’re supposed to switch to a more expensive plan with no standardized price, maybe CF should say what the limit is?
They absolutely should have outlined a traffic limit for the $250 a month plan. That’s on Cloudflare for allowing it.
That said, if you make wildly excessive use of that loophole it probably shouldn’t surprise you if they do something like this. They called it “trust and safety” because it allows them to do anything they want under the guide of security.
Really, they didn’t define their service clearly and wanted to fire them as a customer unless they paid up for what they felt they were owed.
If something is marketed as “unlimited”, I don’t think there is such a thing as “wildly excessive use”. This isn’t a competitive eater going to an all-you-can-eat buffet and being mad about getting kicked out. It’s a business using a service in a way that’s seemingly in-line with what they paid for.
It’s the same definition of “unlimited” that Telcos use: you pay for unlimited but it really is XXgb of data per month, after that they either disconnect you or throttle your traffic at a glacial pace…
And in both cases, that is bullshit. Just because it happens doesn’t mean we should accept it.
HN thread is here and it’s on the front page 7 hours old: https://news.ycombinator.com/item?id=40481808
Many mentions made that a significant part of the issue seemed to be Cloudflare IP addresses getting banned in some countries. They wanted the customer to switch to a bring-your-own-IP plan.
Also, the discussion took place over 1 month, not 24 hours.
I think the HN thread is reasonably informative and nuanced. CF didn’t do great but it was somewhat a fog of war situation.
Multi CDN integration is a thing. And fuck CF. Unlimited means unlimited. Stop trying to lie to your customers and change the rules.
If the IP’s were an issue, then they wouldn’t have offered to make the issue go away with $$$.
I really love cloudflare especially for my hobby projects but in this case they asked for outright Ransome. From this I learnt to keep Nameservers & domain sellers different. I am going to transfer domain away from nameserver.
Not just “this case”, there’s been countless cases like this with CF.
deleted by creator
I didn’t see anyone saying that but the correct response is: in the next billing cycle we’re going to start charging X amount per month for X amount of traffic or we have to bump you to to the next tier.
If things are so dire that the traffic is causing problems the correct response is to throttle certain domain traffic until it gets figured out in some way.
Pay X amount in 24 hours or we remove you entirely is extortion.
Can you read?
deleted by creator
Found the thread on HN. Here’s what (I’m guessing) a mod had to say:
It set off the flamewar detector, got flagged by users, and got downweighted by a mod.
The ‘customer support of last resort’ genre is common and not usually a good fit for HN [1]. If people feel this story is unusually relevant and interesting, I’m not sure I agree—long experience has taught us that one-sided articles like this nearly always leave out critical information—but I also don’t mind yielding in an occasional specific case, so I’ve rolled back the penalties on this thread.
The issue from our point of view is not about story X or company Y—it’s a systemic one: the most popular genres of submission (especially the rage-inducing ones) get massively over-represented by default, so countervailing mechanisms are needed [2] if we’re to have a space for the more intellectually curious stories that the site is meant for.
Jesus. Something shady is happening with cloudflare.
That does not inspire confidence.
The biggest red flag is the up-front payment for a year, gives the indication that they are in actual financial trouble, meaning short in cash right now.
Fucking idiots could have been just increasing the price yearly without any resistance, it’s unlikely a big casino would care about an extra 50-100 per month.
As I said in another comment: The up-front payment is the only thing that makes sense for Cloudflare. You got a customer that’s costing you money each month. They broke ToS. You offer them a deal still to keep the services running. And their CEO/CFO tells you they are looking at other providers like Fastly.
If Cloudflare gave them a monthly contract then the casino would simply pay for a month and switch over their services to a competitor in that time. So Cloudflare loses all the money from the past (where the casino used far too much traffic) and will barely recoup 10k (minus the running cost, so more likely 7k at the high end) for a single month. It’s just not worth it.
So they offer: Stick with us for a full year at least or get fucked. Which is fair.
If you are cloudflare and you suspect they broke ToS you quote which ToS has been broken, you specify which country blocking the customer is trying or has tried to circumvent and you force the customer to either move away or enforce geo-blocking for those countries (or have a separate account for those with your own IPs). There is no reason to cancel the whole account if the blocking is country-specific and there is no way that 10k a month is anyway a sufficient benefit for cloudflare for their IPs to be blocked in a country (affecting potentially hundreds or thousand of customers).
This scenario would mean major negligence on their part, as they had been with Cloudflare for years. When it was clear their services were costing more than the business plan paid for, that’s when they should have been contacted with clear numbers and a sheepish admission that “unlimited” doesn’t actually mean unlimited. It certainly seems shady to me that they attempted to make it about a TOS violation, that there’s no public information about enterprise level and pricing, and that the second they said they were talking to a competitor they had their data purged. It sounds like a failed attempt at extortion to me.
CloudFlare don’t need to subsidise an online casino with millions of subscribers, at everyone else’s expense. Sure CF are a bunch of gigglefucks but this time I think they made a good decision.
Unless the casino is doing something illegal, it’s really not their decision to make. If they don’t want to subsidize them, all they’d have to do is be transparent and fair in their pricing. They way CF handled it instead just seems unprofessional and deceitful.
Is there? The casino is on a cheap $250 a month plan they don’t belong on and they broke ToS with the domains. While also costing Cloudflare money each month (as the casino admits themselves, their traffic alone is worth up to $2000 a month).
It’s absolutely in the right of Cloudflare to drop a customer that’s bothersome. Casinos usually are (regulations, going around country restrictions), them costing them money on top is a massive issue.
120k a year is a big slap of course, but it’s probably the amount Cloudflare would want to keep them on as a customer. If they leave, so be it.
I’ve seen it several times before at companies I worked at. They cheaped out and went with a tiny service plan to coast by. Or even broke ToS because it would be cheaper. That usually got stopped by plans getting dropped (GitLab Bronze for example), cheap plans getting limited, or the sales team sending a ‘friendly’ message that we’re abusing their plan and how we’re going to fix it. If you don’t play along at that point you’re going to get the hammer dropped on you.
It also wasn’t 24h as the title says, the first communication happened in April. At that point they should have started to scramble, either upgrading to a bigger tier immediately or switching providers. And it’s totally normal to go to the sales team when you break the ToS of your plan or you abuse a smaller plan. They’re going to discuss terms, it’s not a technical issue.
Edit: And I should also say, the whole “paying for a whole year is extortion” is bullshit too. Their CFO or CEO told Cloudflare they are looking at switching providers (as they looked at Fastly). So of fucking course Cloudflare is going to demand a full year upfront. Otherwise the casino could pay for a single month and during that month they switch away to another provider. So Cloudflare would still be thousands in the red with that ex-customer after they used so much traffic the last few years.
That Cloudflare were justifiably unhappy with the situation and wanted to take action is fine.
What’s not fine is how they approached that problem.
In my opinion, the right thing for Cloudflare to do would have been to have an open and honest conversation and set clear expectations and dates.
Example:
"We have recently conducted a review of your account and found your usage pattern far exceeds the expected levels for your plan. This usage is not sustainable for us, and to continue to provide you with service we must move you to plan x at a cost of y.
If no agreement is reached by [date x] your service will be suspended on [date y]."
Clear deadlines and clear expectations. Doesn’t that sound a lot better than giving someone the run-around, and then childishly pulling the plug when a competitor’s name is mentioned?
Considering the perspective of the poster, the misleading title, etc - are you actually sure they didn’t?
Until Cloudflare responds to the post, it is IMO most beneficial to assume that the OP is being truthful and forthright. Doing so puts pressure on Cloudflare to either clarify or rectify the situation, whereas treating Cloudflare as though they are above suspicion accomplishes nothing.
After all, OP is very much the little guy here.
The first communications were intentionally misleading though. CF wasn’t trying to solve a problem, they were trying to sell a service. If CF had just led with “upgrade or we nuke your site” then that’s scummy, but fair. Leading these guys on about technical problems and “trust & safety” bullshit was not fair at all.
Also, interesting comment I found on HN:
What is HN?
Pro tip: Don’t waste your time over there.
It’s incredibly selective about which topics it’s good for. Want insight into advanced mathematics or new programming languages and people there have amazing insight. But they bring the same level of confidence to the discussion when talking about topics they’ve no idea about.
That just sounds like the Internet in a nutshell for various topics.
The irony here, is this is the kind of vague and obtuse fuckery online casinos and sportsbooks pull with their customers all the time.