> you can't protect the rest of your infrastructure (mailservers, chat servers, gameservers, and so on)
That leads to my technique in discovering origin servers when pen testing CloudFlare customers: brute force all the DNS names and record types, map out all the blocks, scan them for open ports, ID the web server ports, attempt to find the vhosts on those ports in requests with the hosts header
You'll almost always find the origin web server (sans protection) and also dev/staging instances of apps.
Only one part of a DMCA takedown is under penalty of perjury, and it's quite possible to file a knowingly false takedown request without that part being falsified.
But isn't it the part where you assert in good faith you own the copyright? How do you get around that scenario of a malicious takedown request against a random site?
It's the part where you asset that you are the owner of the copyright you alleged is being violated. As long as you own copyright on something that's not a problem. The part where you actually allege that particular content uses your work without permission or privilege is not under penalty of perjury.
Under Computer Fraud and Abuse Act (18 U.S.C. 1030) it is a federal crime to "intentionally access a computer without authorization or exceed authorized access" ...
An eager prosecutor could take that and run a mile
Most of the time people don't go through the effort of putting their mailservers/nameservers/etc. behind a proxy.
I'm pretty comfortable guessing that 95% of CPanel/Plesk users that use cloudflare(or another CDN) _and_ host their own mail/name-servers don't put the latter behind a proxy; and they often are on the same box as the webserver.
Edit: Which is to say that this doesn't effect someone doing it 'right', but almost everyone is sloppy(most people just don't care as they're not actively being DDOS'd).
In reality even using this to find the webserver they will eventually get wise to how you're finding the IP(likely) and swap to a new one(depending on their hosting situation) this time putting all other DNS resources 'behind proxies'.
> Most of the time people don't go through the effort
If people don't put in the effort for the security they need, then they won't have that security. This applies to any concept and I dont see how this has anything to do with a single vendor who just provides the tools and service.
Because the whole selling point of CloudFlare is that the customer supposedly doesn't need to invest effort into security, because CloudFlare will handle it all for them.
Which is obviously not the case, but that's what the marketing says.
They do handle a lot, doesn't mean you're not responsible for the settings you choose. Lack of understanding or effort on your part doesn't mean you get to just blame the vendor.
Either you invest effort into security anyway and you don't need CloudFlare, or you don't invest effort into security and CloudFlare won't save you either. In neither case is CloudFlare the solution.
Or the logical way to think about this is that CloudFlare is another vendor that you can use (amongst many) to create the security you need with the trade-offs that are acceptable.
Marketing does not absolve you from proper configuration... clearly you have it out for this company for some reason.
That leads to my technique in discovering origin servers when pen testing CloudFlare customers: brute force all the DNS names and record types, map out all the blocks, scan them for open ports, ID the web server ports, attempt to find the vhosts on those ports in requests with the hosts header
You'll almost always find the origin web server (sans protection) and also dev/staging instances of apps.