Cloudflare and other CDNs need to stop shielding carding sites and cybercrime rings
Hey guys. I want to vent about something that’s been bothering me for a while regarding major infrastructure providers, specifically Cloudflare.
I get why CDNs exist to speed things up and stop DDoS attacks, but the industry is completely ignoring the fact that these services are actively shielding blatant cybercrime operations. If you look at carding websites like patrickstash and dozens of other CVV and dump shops, a shocking number of them are sitting comfortably behind Cloudflare’s proxy servers.
It’s incredibly frustrating from a security standpoint. The whole point of the proxy is to hide the origin server's real IP address. That means security researchers, threat intel people, and victims trying to track down where these illicit sites are physically hosted just hit a brick wall. You can't even send an abuse report to the actual hosting provider because you can't see who they are.
Whenever people bring this up, the companies just pull the excuse that they are merely internet infrastructure. They claim they just route traffic and that kicking a site off their proxy doesn't actually delete it from the internet. But let's be real here. Running a highly illegal, high-profile carding shop without enterprise DDoS protection is pretty much impossible today. By providing this shield, they are directly keeping these sites online and operational.
Trying to report a blatant carding forum to their abuse department is basically a joke. They just forward the complaint to the hidden hosting provider who is probably bulletproof and doesn't care anyway and then wash their hands of it. Unless there is a massive PR disaster or a direct court order, the proxy protection stays on.
I know people worry about tech companies acting as the internet police and deciding what is or isn't allowed online. But there has to be a line when a site exists solely for financial fraud and selling stolen credit cards. It’s crazy that the cybersecurity community accepts that tracking down threat actors means having to bypass a legitimate US company's security products first.
Curious what you all think about this. I just don't buy that this is the unavoidable cost of doing business on the internet.