Cloudflare: Pay Me 120k Or We Shut You Down 

If I heard "pay us 120k in 24 hours or your business shuts down" then I'd be on a call with legal first thing.

"Unlimited" traffic until they decide you've used too much.

Its crazy how they made me feel bad for an online casino

That one guy in the comments: "Leave the multi-billion dollar company alone!!"

If they were doing something against TOS, then the solution shouldn't be, pay us more, instead it should be immediate ban (for everybody abusing the TOS) or listing which parts of TOS are violated and deadline to fix those issues.

I can totally confirm this is their behaviour from my own personal experience. It's scary bad that they get away with it tbh.

There is no excuse for this level of sales team extortion attempts and outright deleting stuff. If gambling is against the TOS, you don't try to extort more money but tell them that they have two weeks to find another provider.

I believe it 100%. We have been in similar situation with our former domain/mail/web hosting provider. They got sold, then they changed pricing without announcements, after a while they blocked our account (again with no prior announcements) and demanded from us to cough up the money. DO NOT LET YOUR HOSTING PROVIDER BE YOUR DOMAIN REGISTRAR! Diversify!

Racketeering is just the merging of “Trust and Safety” with “Sales”

Pretty wild that business ethics are so bad in the US that people are seriously accept "be ready to shift your hole company in 24hrs" as a normal solution.

I would bet (haha) that such a behavior is illegal in many jurisdictions. Claiming violations of the TOS and making problems going away by paying more and then terminating a service they paid for when they refused… it’s so obvious whats going on.

If I received that email I would assume it was a scam. Nebulous about what the actual problem is, call to urgency, do this now or else.

This appears to be a breach of contract on cloudflare’s behalf. Also, with the business plan which includes SLA uptime insurance, it seems that cloudflare would actually owe this client a lot of money for the damages caused by their reckless actions, independent of the breach of contract which would include significant damages. So they’re going to have to show the client breaking their terms of service using the wrong plan for their business, the legal basis of which seems shaky, and could set precedent for business practices like this. Consumer protection type matters. Short notice + financial damages + inconsistent application of terms is usually a recipe for a smack down.

Vendor lock-in is the devil. Can't trust anyone, it's just too easy to "lock-in and extort" as a business plan. Always have a fallback plan to spring into action at a moment's notice.

If they lose 10 customers but successfully convert 1 to enterprise they are still coming out ahead. Hell, if they lose 20:1 they are still ahead at those prices.

Oracle sales techniques. I'd not be surprised if a new sales guy coming from that school.

FTC should be getting in on this, the fake "unlimited" on the business plan is straight up false advertising. In general the cloud services market, specifically IaaS where it's purely commoditized compute/storage/networking, is full of anti-competitive behavior. Would love to see some trust busting soon

I don’t get how the immediate response to being on a call with sales isn’t ’I’m sorry, we have our technician experts on this call. If you want to discuss sales, that’s a different team.’

If I received an email like that I would initially assume it was a phishing attempt

They're called "Clownflare" for a reason. Btw, if someones response is x times bigger than yours, you can throw their response away. It's now personal.

So who is worse, the online gambling bandits or the cloud provider bandits?

If the downtime was retaliation because they were talking to Fastly I would hope that opens CF up to liability.

Trust and Safety sounds like homelander saying Thoughts and prayers.

Imagine seeing a job offer titled "Cloudflare: Trust and Safety Specialist Level II"

we tried to contact their sales dept back in October to get a quote. After seeing this, I'm actually happy they didn't reply :D

I'm actually going to avoid cloudfare because of this. "And for that reason ...... I'm out."

This gives me a business idea: make a company where every department is actually the sales team. The customers will be sold the privilege to sold more things by the sales team under a different name. What could possibly go erong?

CloudFlare Sales team operating from New Delhi... All in all, this is monumentally idiotic. I hate companies that act like this with a violently burning, searing, solar death ray of passion.

People need to avoid cloudflare if they can anyway, having so many websites use one company as effectively a middleman for network access is a huge threat to security of common internet users

It was real simple. You run a casino and redirect repeatedly. You must BRING YOUR OWN IP , or you will have to use enterprise services compatible with using your own IP. We do not provide your offering on our IPs and Enterprise is needed to use your own. The sales team is definitely human and disconnected at the same time. Wait till the reverse is true.

I’ve learned working in health care administration that you just hang up when companies lie to you. If you were expecting trust and safety and it was sales, call over.

Cloudflare fumbling the bag hard lately

Wow okay, I'll be careful with Cloudflare in the future. They seem like shady business people.

I use Cloudflare as my DNS. I'm a little worried I'm to be billed for the Enterprise home plan. 😂

I am infertile from eating scented candles. The

Looks like they bulls-eyed customers who have more money to pay and went after it. Shady AF though.

I moved our company site to AWS. We are a large book related site and got a similar email. We stalled for a few days and moved. They kept contacting us for a few weeks after.

abusereply alias to sales

and this is why IaC is a must; we have all of our config in a repo and even if a new service does not match one-to-one for config we still have all the critical bits

So I think the thing that puts cloud flare into the wrong is the emails. The simple version of the story is cloudflare said you violated our tos so pay us more or else. They never said that the tos was different for enterprise. Nothing they said was ever clear or honest. What was the tos violation? What was the problem for their network?

Sounds strange. Story mentions nothing about the legal team being involved, when such cases should clearly be on their table first since even the contract termination should have its clauses. On the other hand, if your business is heavily depending on their technology, paying 120k for a year and then investing in migration is a viable option.

There are only 10 hard problems in Web Development: Cache vendor invalidation and off by 1 errors.

the did the same to us, without warning they removed 12 casino's and demanded 5k euro per month + fees first they removed the sites and lied about it then they tried to convience us

Well it's decades old corporate upselling technique. Some 15 years ago when I was already quitting the webdesign and programming scene, my hosting company tried to pull this off on me. I took my business as well as some 40 clients away from them. They weren't the first, they weren't the last. If all those emails had landed into some not tech-savvy decision maker, he might have just gone for the upgraded plan.

it feels like they missed an email or three. If there really was no contact there is possibly some lawyer options. Definitely worth the first try at reading the contract that likely says "we own you"

This is like robbing a drug dealer, they saw that it's a casino, so they told them pay up or gtfo, this was obvious.

In Croatia, police has "Trust and Safety" written on their cars.

Maybe someone should just sue them for shutting the service down.

This sounds like what we used to call "Ex pricing". Cloudflare wants to break up with them but is willing let them hang around for an absurd price. They're likely looking at a net gain if the casino's $250 plan disappears and a sweet margin if you stay. If the client is actually a net loss now, then passing them to a competitor is a bonus in the long run. As long as there are legit alternatives, they're not going to get hit with monopoly investigations. It's a crap approach but they likely don't care as long as it's a net gain.

"Unlimited" is never actually unlimited. It's a sales gimmick and a way to avoid transparency with policy/pricing/etc. "Unlimited" should be a red flag. If someone is being opaque/dishonest with you in your early interactions with them, they will probably cause you problems in the future.

"I Just want more programming" I love this quote

wonder what's on cloudflare side, they should have someone write about this incident so we get a fair account of what actually happened.

they did the same thing to my friend who owns a big real estate business. CF is just lame

with sales tactics like these you can have successful business - rent an FBI agent or lawyer specialize in racketeering as silent listener and we can take care for the rest of it

This is why you don't put all your eggs in the same basket ... particularly keep a tight handle on your DNS registration and hosting. If someone screws you and you still have access to your domain registrar and DNS server, you can move somewhere else.

Classic single point of failure. Having one distributor or one supplier with a monopoly leaves your company vulnerable to this sort of extortion if you don't internally control them. It says a lot when the distributor's next service tier is 40x in price.

I bet the sales team is ddossing their own customers to sell their advanced ddos protection.

when I saw "Business Development Representative" in that first email signature, i had a good idea where this was going

This literally just made me look at alternatives, at the moment using about 3-4tb a month of traffic of static content caching, thankfully I only have a ns pointer so prob will just add a failover in the next few days, glad I come across this :D

That's what you get for mistaking a spyware company for a hosting company.

Can't wait for them to opensource another one of their internal tools to placate the public outrage. Last time, it was Pingora, I wonder what it would be this time. I personally hope it's their billing tool this time. That would be juicy, and yes, I will forgive you cloudflare once again if you do this.

As a (hopefully) future software engineer, this sort of stuff makes me scared more than the "AI is going to replace our jobs" thing. It's really wild to me that things like that happen, but I guess it's just how it is

Being born in Brazil, I'm no stranger to corruption, but I think modern day corporate America would be the envy even for the dirtiest Brazilian politician, so insane how much money Big Tech rakes in and totally legal (definitely not morally correct though)

This is why you build your own servers and store, manage and host your own data.

This is why I'm wary of trusting gatekeepers to my website. It's bad enough I'm subject to my ISP and Domain name holder, but those can't be helped. Still, I don't see proper benefit to adding even more gatekeepers.

That's *exactly* why I'm so strongly advocating against outsourcing anything software or network related. Imagine your entire network infrastructure is saved somewhere "in the cloud" and whoever owns it decides to jack up their prices by like 300 % overnight. What are you gonna do? Obviously you'll pay up, cause they're literally holding your entire infrastructure hostage. Like, even if you want to migrate, that would take a long time, so you'd have to at least pay the increased price until you are ready to migrate. Like, don't get me wrong, doing things inhouse can definitely be a huge or sometimes almost impossible task, you'll need a lot of money and time, and probably also quite a few new employees to get the neccessary knowhow and education inside your company. And even then there's a decent risk that things might get delayed or just not really work out that well, or some other things happen. But at least it prevents anyone else from holding your company hostage and being able to demand pretty much whatever they want in order to allow your business continued operation. Of course if a company does everything by themselves, they'll then also have full responsibility for anything going wrong, but they'll have absolute control over what's happening with their systems too and no other company/corporation would be able to hold them for ransom/extortion. The ones that aren't shit are just not shit *yet* but I fully trust them to get there eventually. You *can* of course use external hosts as intermediaries, like, you start something, you need tons of infrastructure immediately, you go to some external host to set it all up, but the moment you sign the contract with them you should immediately start the process of bringing everything to inhouse solutions. That way you'll be able to use others' services for the duration when you don't really have any other option while you'll also be able to spend a bit more time on your own stuff and be a little more calm about the whole thing. Missed some deadline? That's cool, just stay external for a year longer and maybe by then everything will be ready to cancel the contract with them. But yeah, overall, seems like the only thing that distinguishes cloudflare from actual scammers is that they're not trying to install anydesk on their victims' pcs. XD And then the stupid "possible TOS violation" so it's against TOS to consider switching to one of their competitors? Damn, that's some YT-tier bs, just using alleged "TOS violations" to delete peoples accounts for no good reason.

what I learned from this is to document/terraform everything if possible so you aren't dependent on a specific business. Not sure if that makes sense bc I haven't learned terraform yet

What I heard was, "we had a situation that was too good be true and then we were shocked and unprepared when it came to an end." If you are running a heavily regulated business like a pornography site, gambling site, or some site that deals with sales of firearms, which could potentially be problematic for a hosting service like CloudFlare, be better prepared and be an early and often communicator with your hosting provider. The author's surprise suggest business naivety and this was poor business planning on the part of the Casino. The overall message should be that if you are running a business that may be problematic to your hosting provider, be better prepared-- don't wait for them to flag you. Let me also add CloudFlare handled this situation, especially the communication, poorly. I would not choose them as a hosting provider.

Sounds like countries are banning Cloudflare's IPs because of nature of this business, CF wants to move them on dedicated IPs. Might be wrong.

It's like a literal protection racket. Insane.

I would love to see this done to an Australian company. this tactic goes against a crazy amount of consumer protection laws that protect even B2B sales and would be EASILY a company and government law suit waiting to happen. Yes, Australian consumer law protects individuals and businesses as the law only stipulates a "consumer" of a product or service. It won't help the initial losses but damn, those law suits can be an unfathomable amount of money, particularly involving gambling and gaming companies.

I think CF is hurting financially and driving sales hard - the unlimited traffic on the business plan for example is pretty crazy IMO - I would set some sort of limits to encourage people to think about scaling up to an enterprise plan when the time comes. IF they actually did purge the customer records without any cause that is insane, but I'm having trouble taking the story at face value. There is NO WAY a casino operator does not understand how regulation applied to their industry would affect shared IPs. I think this blog post is missing a lot of context for the purposes of making CF look worse. There is very likely a bunch of shitiness on both sides of this story.

Sounds like they had a runin with their Deception & Assault team.

5:42 you are right you cant know the future but with enough data you can create possibility that something happen for any outcome putting your bet or choice into much better position

I can confirm from emails sent to me that their sales people became much more aggressive after their IPO. I've been thinking of expanding my use cases with them outside of DDOS protection and caching but with stories like these, I'm sure I'll get the even more aggressive emails after I'm sufficiently locked in. The loss of the CDN I can deal with; losing the cheap DDOS protection, not so much.

Extortion with cloud provider? No way, that doesn't happen ever. Right? I hope more people will realize that if you make your whole business around service from other company, your business can get often legally wiped overnight. 4mln users in online casino that is a synonym to "money printer" and they paid 250$ per month... let this sink in for a moment. "250$ a month" It is their own damn fault for not taking care of this as business grew. Who are we trying to fool here?

This is totally logical - because of the nature of the customer (gambling), the customer is a high maintenance customer. It probably costs cloudflare more than it pays, which in turn means that its services are subsidized by other customers. The problem is not with the cloudflare, but with the all of us, it is with our silent acceptance that we allowed giants like cloudflare to grow so large, that if you get rejected by a few - you are essentially out of business. Just like in a totalitarian country where govt owns your *ss - in western world, corporations owns your *ass. And it is not immediately obvious to me if either one of them is better than the other.

That whole firing thing, I've read somewhere that the person they fired was _still onboarding_ so she _couldn't_ have made a sale in those three months, even if she tried to.

I hope they documented this well. They should look into litigation over this.

We only have one part of the story. I wouldn’t necessarily trust the words of shady online gambling operator without hearing other side too

I get that big corporations are evil, but it sounds a bit unbelievable, I mean unless you owe them money, they shouldn't have any reason to ask 120k upfront or they''ll shut down all domains.

It would be great to create a picture where two homeless men speak to each other about reasons of their situation. First one is saying: "AWS, EC2...You?" and then the other one says "Cloudflare in Enterprise"

"traffic is is unlimited on cloudflare" "you need to pay $120k/yr for 80gb/mo" It's like they outsourced their sales team to India and forgot to brief them on their marketing

I like how no one seems to like online casinos and knows them to be filth, but also so many people seem angry that the government regulates it. So you hate it, but you hate it more that someone does something about it? What?

if frequently swapping your domains is a critical piece of your business, it's going to attract negative attention no matter where you park the domains. that's a huge red flag for a cloud provider. if I'm cloudflare, any customer rotating domains with a certain frequency is suspect. that specific activity is linked to SO MUCH BAD SHIT on the internet. if I catch you doing that on my platform, I'm going to be very heavy handed with how I handle things, because 99% of the time you're going to be doing something illegal. my guess is cloudflare offers that capability on enterprise plan because they can have a stronger contract with more legal protection. the type of contract that they don't require for everyday "consumer" level users. as a customer if breaking your provider's TOS is a core part of your business, you can't be **that** surprised if they randomly shut you down when you don't take the offer

Who's a reasonable alternative to Cloudflare though? I've only used CF and AWS stuff before and both starting to seem like evil corps.

The big thing to me is the bait-y emails that just lead to sales calls. That should not be something any company tolerates from a business partner. It's just plain lying.

Didnt like Cloudflare before this Vid dont like it after

I have worked in cloud support and there have been countless times, businesses don't read terms of service and think that they can use the infra however they like. All multi- tenants services will have terms and conditions to protect their business, but those rules also upset many customers. Many of the times these rules are there to protect other tenants. It is duty of the cloud support to handle these issues well and communicate clearly. Support should provide empathy and clarity, not use rude words like ASAP etc with hard tones. Stil, Cloudflare handled it poorly. This is a very big downside of running your business on any platform. Even youtube can block channels for violating ToS.

An automatic response to "pay us 120k in 24 hours or your business shuts down" should be "get ready to be sued and made this issue public in 24 hours". Might as well just connect a bot to send it for you the second they send you that shiit.

A purge action sounds more like a Cache Purge, it's not like they would have been able to see the audit log on CF, if they were actually locked out, something really smells with that article, I'm sure the sales dept was pushy (and too much), but the technical aspects just don't add up (We are on an enterprise plan as well from day one though).

I hope they don't extort my 2 MAU business.

cloudflare is ransomware

There NEEDS to be a law that when a company bans or kicks you for TOS violations they have to spell out how and when they were violated.

Does Cloudflare serve as a domain registrar now also? I'm confused on the extent of their power in all of this. From what I recall, the DNS can just be switched away from cloudflare to the regular website and everything should be ok? It would load slower than a CDN, but it seems like there is an easy fix to the first situation.

They were obviously illegally allowing people from countries where online gambling is restricted to access their site via mirrors and cloudflare caught on an tried to extort them or make their own risk worth it. Pretty sleezy to be acting innocent when its obvious as hell they are knowingly breaking the law at the expense of addicts. Sucked in. Interesting that cloudflare was basically willing to help them do it for a price also.

Good coverage and stupid author makes business weave a narrative of how they are a victim while their business plan is hoping people go bankrupt so they get rich.

If I was the manager of that company I would have thought that it was phishing, asking out of nowhere for 120k vs 1.6k

One of the comments on the article explains this well. Any shared online service would have been forced to take action when a customer tries to circumvent government blocks and impacts other customers on the shared platform.

Shit. I’m moving everything away from cloudflare. Can’t have infra with such a greedy unreliable company.