Textpattern CMS

#1 2017-02-24 08:55:32

Algaris

Member

From: England

Registered: 2006-01-27

Posts: 548

Cloudflare Data Leak

Does anyone here use Cloudflare? If so this article maybe of interest to you.

https://www.wordfence.com/blog/2017/02/cloudflare-data-leak/

#2 2017-02-24 11:47:14

Bloke

Developer

From: Leeds, UK

Registered: 2006-01-29

Posts: 11,394

Website GitHub

Re: Cloudflare Data Leak

Phil Wareham does. I’m not a massive fan of them.

I think our Txp sites run off it too, including the forum. Thanks for raising this.

EDIT: just had an email from Cloudflare claiming our domains were not affected. Hmmmm.

Last edited by Bloke (2017-02-24 12:38:02)

---

The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

#3 2017-02-24 12:28:10

colak

Admin

From: Cyprus

Registered: 2004-11-20

Posts: 9,054

Website GitHub Mastodon Twitter

Re: Cloudflare Data Leak

I really can not understand what it is with cloudflare that people like so much. This is not the first problem they have. I remember a couple of years ago, they suffered some really bad DoS attacks. They are also serving some extremely dubious domains.

I can understand some site-owners wanting their details and those of their server to remain private and cloudflare offers such an option but for sites like the ones most of us are running here, I think that it is just unneeded, complicating the setup more than necessary, not to mention the now very obvious security risks.

---

Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

#4 2017-02-24 14:43:32

philwareham

Core designer

From: Haslemere, Surrey, UK

Registered: 2009-06-11

Posts: 3,564

Website GitHub Mastodon

Re: Cloudflare Data Leak

We didn’t start using Cloudflare for the forum until yesterday – the Cloudflare memory leak was fixed on the 18th Feb. The docs site uses it by necessity since that is the only way to serve GitHub Pages sites on custom domains (i.e. *.textpattern.io) via HTTPS.

Their caching also has real-world speed benefits. I’ve done conclusive testing of sites via speed tools (Google PageSpeed Insights and Pingdom Tools) with Cloudflare caching on and off and the difference is fairly substantial. Both response times and payload delivery are markedly better with the service on.

I’m not apologising for their stance on web anonymity – that’s for lawyers to argue about (maybe hosting companies should be more careful what resides on their servers, first and foremost).