Cloudflare notifies users that it will shut down their site if they do not pay 18 million yen within 24 hours, then actually deletes all settings

A user who had been subscribing to Cloudflare's $200-per-month Business plan for years suddenly reported that Cloudflare had demanded that he pay $120,000 within 24 hours to upgrade to the Enterprise plan or else Cloudflare would delete his domain. The user then reported that their contract had actually been terminated and all of their settings had been deleted.

Cloudflare took down our website after trying to force us to pay 120k$ within 24h

https://robindev.substack.com/p/cloudflare-took-down-our-website

Robin Dev, who posted the blog, is a systems operations engineer at a large online casino with over 4 million monthly active users. The casino site in question has been using Cloudflare's Business plan since 2018, and has been using Cloudflare as a CDN to cache static content and as protection against DDoS attacks.

On Friday, April 19, 2024, Dev received the following email from Cloudflare:

There is a critical issue with your Cloudflare account configuration that may affect our network.

Please contact us as this is an emergency and it is very important that we discuss the situation to resolve it as quickly as possible.

Can I call you at 11am GMT on Monday?

The email was sent by a business development representative, but the sales team showed up to the meeting and asked if Dev would like to consider the Enterprise plan, without reporting any 'significant issues.' Dev was confused, but politely declined.

Two weeks later, on May 3, 2024, Cloudflare sent another email.

During our routine monitoring activities, we have received information that your account has been engaged in domain rotation activity, i.e. activity to circumvent or evade blocks placed on you by third parties, so we are keeping a close eye on your account and domains.

Use of Cloudflare services for this purpose is strictly prohibited. Please provide us with information within 48 hours regarding what your account and domains are being used for.

Failure to respond to this notice or any other action may result in the termination of your account.

The site in question is a casino site that uses multiple domains to comply with different regulatory requirements in different countries. However, since more than 95% of traffic comes from the main domain, which has not changed since the site was established, Dev said, 'If the use of multiple domains is a problem, we will be happy to deal with it by removing the subdomains from Cloudflare.'

In fact, Dev shared information about the site's domain with Cloudflare and asked Cloudflare for more information about the problem and to clarify who should be involved from the casino site's side, but Cloudflare only responded with the date of the conference call.

Dev was scheduled to meet with the 'Trust and Safety' team on May 7, 2024, but it was the sales team that showed up on the day. The sales team only said, 'We can offer you a great contract for $10,000 (about 1.57 million yen) per month with many great features,' but there was no word on the problems with the terms of use or how to resolve them. The sales team asked to sign the contract within 24 hours and asked for a payment of $120,000 (about 18 million yen) as an advance payment for one year of the annual contract.

After the conference call, the sales team sent Dev the following email: 'We're asking for $10,000 a month (approximately 1.57 million yen) with all the features of the Enterprise plan,' Dev said, 'I understand that they want to BYOIP to avoid responsibility for the domain, but we don't need any other features,' and escalated the issue to the casino site's CEO and CTO to see if a contract with other terms would be possible, but Cloudflare did not offer any other options.

On a conference call on May 16, 2024, the CEO of the casino site told Cloudflare's sales team that he was in negotiations with a competing service, and a few hours later, Cloudflare deleted all domains related to the casino site. All settings made with Cloudflare, including DNS records, cache settings, rate limits, and whitelists, were deleted.

After receiving no reply after immediately sending an inquiry email to Cloudflare, the casino site's system team migrated the main site to Fastly. The migration was completed in a few hours, but the DNS entry change took anywhere from one to 48 hours, and the impact was significant.

In response to the inquiry email, Cloudflare sent an email saying, 'The 'Trust and Safety' team will be in charge, so you will receive a reply from the 'Trust and Safety' team,' but as of May 26, 2024, it appears that there has been no reply yet.

On Hacker News, a news site for engineers, a user familiar with the issue posted his analysis . According to the post, 'Some countries and regions regulate gambling sites on their own, and IP addresses hosting gambling sites may be blocked by some providers. Such blocks affect the reputation score of the IP address, and providers such as Cloudflare that handle traffic from multiple users may affect other users.' For this reason, Cloudflare had to ask casino sites to use BYOIP, a feature that allows them to use their own IP addresses.

The post calls Cloudflare's communication a 'stunning failure,' saying that the company should have told customers exactly what the problem was, saying, 'If you don't use BYOIP on the Enterprise plan, we'll ban you. We're happy to discuss price,' rather than, 'We think you'll really like the Enterprise plan.'