The Rigged Game of 'Build Your Own DDOS Protection'

Whenever you see a controversy website being “cancelled” by its Anti-DDOS service provider. There will see many comments on social media, cheering on the company for censorship.

Those commentators will give several defenses for the censorship. Some will claim that it is only censorship when the government does it, or that they are free to refuse service to anyone.

They will point out that a webmaster can technically build their own DDOS protection. Well, without even going into the fact that internet transit is $50k per month per Tbps.

Yet. That cost is not the biggest issue.

CloudFlare and DDOS-Guard and Illegal content

You would think for services that will censor controversial websites. CloudFlare and DDOS-Guard would not be hosting illegal content?

Yes, they are.

If you look up a list of DDOS-for-Hire Websites and reverse look up the IPs the booters use. You see that CloudFlare and DDOS-Guard protect almost all of them.

Here are 10 examples (Selected at random from an online list):

  • anonboot[.]com - Cloudflare
  • booter[.]is - Cloudflare
  • lightstress[.]in - DDOS-Guard (Suspended by domain register)
  • nightmarestresser[.]com - DDOS-Guard
  • niteteam[.]io - Cloudflare
  • relevantstress[.]com - Cloudflare
  • silentstress[.]wtf - Cloudflare
  • str3ssed[.]co - Cloudflare
  • stressthem[.]to - Genius Guard
  • webstress[.]net - Cloudflare

Out of those 10, 7 are being hosted by CloudFlare. Yes, hosted as CloudFlare are also providing CDN caching to those DDOS-for-Hire websites. Rather than only providing an Anti-DDOS Proxy to their back-end.

Too many, it will not be surprising that CloudFlare hosts so-many DDOS-for-Hire websites. This has been directly reported to CloudFlare many times. Who claim to at least pass the complaint on to the “hosting provider”.

Not even going into the fact that a CDN is a type of hosting provider. The whole “we passed the complaint on”, ignores the realities of this situation.

The “off-shore” web hosts willing to booters struggle to find data centres to host in. “off-shore” data centres won’t have the bandwidth to defend themselves from large attacks.

Without such providers as CloudFlare and DDOS-Guard being willing to host these illegal websites. Each of the booters would DDOS each other off the internet.

By protecting those websites, these scumbags can keep an industry online. An industry that generates a demand for anti-DDOS service which corporations like CloudFlare and DDOS-Guard profit from.

Corporations who knowly profit from breaking the law. Corporations whose owners will not face prison time as their services are too useful for their host countries.

CloudFlare is a US company who now gets free access to European citizens’ information. Information that US 3-letter agencies can demand at anytime without the permission from the europan country. DDOS-Guard is the same, but giving Russia that information.

These companies are not operating in a “free market”. These companies are allowed to generate additional income through illegal practices. If you started your own CloudFlare-type service and allowed illegal booters. You would get arrested and your business assets and domain names would get sized.

That is not even going into government contracts. Or going into the increase costs of having to buy more transit because CloudFlare allowed booters to get rich.