Tag: Cloudflare

  • Faulty Configuration File Disrupts Internet, Not Cloudflare Attack

    Faulty Configuration File Disrupts Internet, Not Cloudflare Attack

    Key Takeaways

    1. On Tuesday, many websites and services, including major ones like PayPal and ChatGPT, experienced disruptions due to a Cloudflare error 500 from 11:30 to 14:30 UTC.

    2. Cloudflare acts as a middleman for websites, caching data and providing security against attacks, which makes it a crucial service for many online platforms.

    3. The outage was caused by a configuration error related to a permissions change in Cloudflare’s database system, leading to excessive error codes.

    4. Initial theories suggested an external attack, but the root cause was traced back to Cloudflare’s own network and an oversized feature file in their bot management system.

    5. The incident underscores the internet’s vulnerability, highlighting the significant impact a single mistake at a key service provider can have on numerous websites and services.

    On Tuesday, many internet users encountered the well-known Cloudflare error 500 while browsing. From 11:30 to 14:30 UTC, a huge number of websites and services became unavailable. Notable names like Ikea, PayPal, ChatGPT, X (formerly Twitter), and others were among those affected. Even Notebookcheck was not spared.

    Major Players and Their Impact

    When considering major players in the online space, names like Amazon, Google, Microsoft, and Meta (Facebook) often come to mind first. When issues arise within these companies, it can lead to widespread internet disruptions. Cloudflare, which primarily focuses on shielding websites from attacks and enhancing their speed, tends to get overlooked. Many online platforms rely on Cloudflare’s services to improve loading times and keep their servers safe.

    How Cloudflare Works

    Cloudflare plays a significant role by caching data from sites and acting as a middleman between clients and servers, making connections smoother. Furthermore, it filters out harmful requests and helps manage sudden spikes in traffic. It is particularly recognized for its defenses against DDoS attacks. For many site owners, the ability to optimize loading times by caching pages across a global network of servers is crucial. A large number of websites count on Cloudflare to lighten the load on their own servers while also reducing waiting times for visitors.

    On that Tuesday, a major problem impacted Cloudflare’s network, rendering many customer websites and services unreachable. In a blog entry, Matthew Prince, Cloudflare’s CEO, recounted the incidents leading to the largest outage Cloudflare had experienced since 2019.

    The Root of the Outage

    At approximately 11:30 UTC, an unusually high volume of error 5xx codes began to emerge due to a configuration error. The error numbers fluctuated dramatically until 13:00 UTC, which initially led Cloudflare to suspect an external attack. This theory was bolstered by the fact that Cloudflare’s own status page became unreachable at that time. Eventually, the error rates returned to normal low levels within their network. Initial conversations in internal chats even speculated about the possibility of a botnet causing the disruption.

    The actual issue was traced back to Cloudflare’s own network. A permissions change in a database system resulted in multiple errors. This change had been made around 11:05 UTC. Consequently, the size of a feature file in the bot management system was artificially increased, nearly doubling its initial size. However, Cloudflare has a fixed size for this file, which is also kept in memory. The oversized files exceeded the allocated memory, leading to a system crash. Since the feature file updates every five minutes and not all Cloudflare clusters operated on the new settings, it meant that users could experience either a fully functional or a broken file at any given moment. This explains the varying error rates. By about 13:37, Cloudflare’s incident response team identified that the adjustments to the bot management system were the cause of the outage. An hour later, they successfully fixed the problem.

    Implications of the Outage

    The fallout from the Cloudflare outage clearly highlights the precarious reliance of the internet on a few key players. Just one configuration mistake at a critical junction was enough to make countless websites and services inaccessible. This raises concerns about how vulnerable the internet, as we know it, really is.

    Source:
    Link

    Faulty Configuration File Disrupts Internet, Not Cloudflare Attack

     

    Tags: , ,
  • Cloudflare Blocks Unpaid AI Web Scrapers from Accessing Data

    Cloudflare Blocks Unpaid AI Web Scrapers from Accessing Data

    Key Takeaways

    1. Cloudflare’s CEO Matthew Prince announced that all AI web crawler bots will be blocked by default to protect content creators.
    2. The online search environment is increasingly dominated by AI chatbots, making it harder for content creators to gain traffic and recognition for their work.
    3. AI crawlers are extracting data without compensating original content creators, leading to a sense of unfairness in the web ecosystem.
    4. Cloudflare plans to launch a marketplace to connect content creators with AI companies, focusing on content quality and knowledge enhancement.
    5. Recent disruptions caused by aggressive AI crawlers have led platforms like SourceHut to block major cloud service providers due to excessive traffic.

    Declaring “Content Independence Day,” Cloudflare’s CEO Matthew Prince shared significant updates to the company’s web service system. From now on, all AI web crawler bots will be blocked by default.

    In a blog entry, Prince explained how the current online search environment is dominated by AI chatbots, like Google’s Gemini and OpenAI’s ChatGPT. While these tools provide value, they also extract data from the internet without any consequences, neglecting to reward the original content creators.

    Challenges for Content Creators

    Prince pointed out that recent modifications in Google Search have made it ten times “more difficult for a content creator to get the same volume of traffic” as they did a decade ago.

    He stated, “Instead of being a fair trade, the web is being stripmined by AI crawlers, with content creators seeing almost no traffic and thus almost no value.”

    Prince expressed that the content being scraped serves as “the fuel that powers AI engines,” and it is only just that the original creators receive compensation for their work.

    New Marketplace Initiative

    Cloudflare also unveiled plans for a new marketplace designed to connect creators with AI companies. This marketplace will evaluate available content not just based on the traffic it brings in but also “on how much it furthers knowledge.” Prince is optimistic that this will help AI engines improve swiftly, potentially ushering in a new golden age of high-quality content creation.

    He acknowledged that he doesn’t have all the solutions right now, but the company is collaborating with “leading computer scientists and economists to find them.”

    Recent Issues with AI Crawlers

    Recently, SourceHut, a platform for hosting open-source Git repositories, reported disruptions caused by “aggressive LLM crawlers.” They have blocked multiple cloud service providers, including Google Cloud and Microsoft Azure, due to the overwhelming traffic coming from their networks.

    In January, DoubleVerify, a web analytics platform, noted an 86% rise in General Invalid Traffic (GIVT) from AI scrapers and other automated tools compared to 2024.

    Despite previous commitments, OpenAI’s GPTbot has also discovered methods to ignore or bypass a site’s robots.txt file entirely, leading to an enormous increase in traffic for domain owners and potentially high costs.

    Source:
    Link

    Tags: ,
  • Cloudflare, PrivadoVPN, and Others Removed from Indian App Stores

    Cloudflare, PrivadoVPN, and Others Removed from Indian App Stores

    The Indian government has taken steps to remove various VPN applications from its app stores. Notable services impacted by these actions include Cloudflare, PrivadoVPN, and Hide.me.

    Document Review and Requests

    TechCrunch looked into the documents released by the ministry and found a notice from Google to Lumen, a database from Harvard that keeps track of government removal requests. A developer shared with the publication a message from Apple, which referenced a request from the Indian Cyber Crime Coordination Center for the app’s removal based on a violation of local laws.

    New Regulations for VPN Providers

    In 2022, India introduced new regulations that mandated VPN companies to keep user data for a period of five years. This data includes IP addresses, names, email addresses, verified phone numbers, and physical addresses. Furthermore, these providers must supply information to the government when it is requested.

    Impact on VPN Companies

    As a result of these new rules, many VPN services like NordVPN, Surfshark, and ExpressVPN decided to close their local servers in India. Additionally, a group of cybersecurity experts urged for public discourse regarding the new regulations through an open letter to India’s Computer Emergency Response Team.

    Previous App Bans

    In 2020, India also prohibited 59 Chinese applications. Among those still banned are TikTok, UC Browser, WeChat, and ES File Explorer, which remain inaccessible in the country.

    Source: Link

    Tags: