1162
Cloudflare took down our website after trying to force us to pay $120000 within 24h
(robindev.substack.com)
This is a most excellent place for technology news and articles.
Is there? The casino is on a cheap $250 a month plan they don't belong on and they broke ToS with the domains. While also costing Cloudflare money each month (as the casino admits themselves, their traffic alone is worth up to $2000 a month).
It's absolutely in the right of Cloudflare to drop a customer that's bothersome. Casinos usually are (regulations, going around country restrictions), them costing them money on top is a massive issue.
120k a year is a big slap of course, but it's probably the amount Cloudflare would want to keep them on as a customer. If they leave, so be it.
I've seen it several times before at companies I worked at. They cheaped out and went with a tiny service plan to coast by. Or even broke ToS because it would be cheaper. That usually got stopped by plans getting dropped (GitLab Bronze for example), cheap plans getting limited, or the sales team sending a 'friendly' message that we're abusing their plan and how we're going to fix it. If you don't play along at that point you're going to get the hammer dropped on you.
It also wasn't 24h as the title says, the first communication happened in April. At that point they should have started to scramble, either upgrading to a bigger tier immediately or switching providers. And it's totally normal to go to the sales team when you break the ToS of your plan or you abuse a smaller plan. They're going to discuss terms, it's not a technical issue.
Edit: And I should also say, the whole "paying for a whole year is extortion" is bullshit too. Their CFO or CEO told Cloudflare they are looking at switching providers (as they looked at Fastly). So of fucking course Cloudflare is going to demand a full year upfront. Otherwise the casino could pay for a single month and during that month they switch away to another provider. So Cloudflare would still be thousands in the red with that ex-customer after they used so much traffic the last few years.
That Cloudflare were justifiably unhappy with the situation and wanted to take action is fine.
What's not fine is how they approached that problem.
In my opinion, the right thing for Cloudflare to do would have been to have an open and honest conversation and set clear expectations and dates.
Example:
"We have recently conducted a review of your account and found your usage pattern far exceeds the expected levels for your plan. This usage is not sustainable for us, and to continue to provide you with service we must move you to plan x at a cost of y.
If no agreement is reached by [date x] your service will be suspended on [date y]."
Clear deadlines and clear expectations. Doesn't that sound a lot better than giving someone the run-around, and then childishly pulling the plug when a competitor's name is mentioned?
Considering the perspective of the poster, the misleading title, etc - are you actually sure they didn't?
Until Cloudflare responds to the post, it is IMO most beneficial to assume that the OP is being truthful and forthright. Doing so puts pressure on Cloudflare to either clarify or rectify the situation, whereas treating Cloudflare as though they are above suspicion accomplishes nothing.
After all, OP is very much the little guy here.
Eh, I have a couple of issues with that. For one, I doubt CF would even respond to this. I could easily see them using this very writeup to sue, with all the admissions in it.
The bigger part though, is calling an online casino, whose own IT team (the writer) admitted they were knowingly abusing the plan they were on, the "little guy".
Are they small in comparison to Cloudflare? Absolutely, those schmucks have way too much control of the internet. Calling an online casino, whose own staff lied in the title, the little guy though... Doesn't sit right with me.
No, I'm not going to side with them, or with CF. I'm going to make my assumptions off what I know (two terrible companies, one of which has a liar writing an article where they pretend to not have admittted to their own lies about the subject), and I'm going to assume this:
Seems pretty obvious to me. Barring further details, my assumptions are based on what I know, and I am perfectly happy sticking to that.
You do you.
From the additional info I read, it sounds more like the traffic wasn't the main issue.
Gambling is forbidden in a lot of countries or heavily regulated. Cloudflare uses a common IP pool for all customers, so a casino customer would possibly get their IPs blacklisted (by various ISPs). The Enterprise tier of Cloudflare has "Bring your own IP (ByoIP)", which they probably wanted to force onto this problematic customer to protect their business.
So it's actually a problem, not just them paying not enough (which is another reason to get rid of them as fast as possible).
That would have been a mature thing to do.
The first communications were intentionally misleading though. CF wasn't trying to solve a problem, they were trying to sell a service. If CF had just led with "upgrade or we nuke your site" then that's scummy, but fair. Leading these guys on about technical problems and "trust & safety" bullshit was not fair at all.
Is that the first communication though? I would really like to hear Cloudflare's side of the story.
There were 3 issues at once, so "trust & safety" is definitely part of it.
So maybe fucking say that?
And understandably you wouldn't switch plans if all you're talking to is sales without context.