CloudFlare – Bad timing, great service, and a hack discovered

Update: I spent the morning debugging the issues I mentioned below with CloudFlare, and was stunned by two things:

Firstly, the service from CloudFlare was amazing! As I was leaving the service I sent them a note to let them know what had happened. Less than an hour later I got a thoughtful and thorough response. I replied, and while waiting for a reply I dug into the Internet Explorer issue I was seeing.

This was my second shock – I’ll post full details soon, but the short version is – my site was hacked. It was only a coincidence that I noticed it the day I made the switch to CloudFlare, but my site breaking in Internet Explorer was what tipped me off. This likely had something to do with both the lower click through rate for ads, as well as the Russian showing up in my Google ads.

So kudos to CloudFlare for the great customer service (Seriously, I was blown away by the responsive and thoughtful answers!), I’ll give them another try, and post a review that isn’t plagued with the unfortunate coincidence of my site being hacked.

Old thoughts on CloudFlare – Please see update above

There are days when I regret my propensity to try out the latest new service with my production web sites. Yet I still do it. I jumped into EC2 before I’d fully solved the performance issues I was seeing with the Micro instance, and then got too frustrated to continue tinkering and upgraded to the small size instance. And yesterday I tried out CloudFlare – the service is full of tantalizing promise, yet in my very brief experience has some really big problems for any blog running AdSense – that’s just about all blogs, right?

I first stumbled upon CloudFlare when I noticed a new setting in the W3 Total Cache plugin that I use on many of my websites. I could choose to integrate with a service called CloudFlare. Intrigued, I took a look at their website (and somewhat cheesy videos describing what their service does). In a nutshell, when you configure your DNS name servers to point to CloudFlare, it sits between your users and your website, doing a host of interesting things. Firstly it acts like a CDN, caching copies of your website and distributing to edge nodes. For this to work I can only imagine that they regularly update their cache, but I didn’t try the service long enough to find out. It also allows you to see traffic from bots, web crawlers and anywhere else that Google Analytics won’t pick up on because it requires javascript to load. And finally, CloudFlare helps prevent bad traffic from consuming resources by throttling traffic from bots while letting legitimate traffic through.

The CDN functionality itself wasn’t that intriguing for me, since I use Amazon CloudFront with many sites already – but I can see the strong appeal for someone who isn’t already setup with a CDN. It’s WAY easier to setup CloudFlare than CloudFront, in my opinion. What was most interesting for me, was some visibility into traffic coming from non-user sources. I could probably find a tool that did this with my site logs, but … I haven’t really had the time or inclination to go hunting for this set of tools. And CloudFlare seemed like an easy way to try it out.

Boy, was I wrong. Checking on my website stats the next day I noticed two things: The speed hadn’t improved at all according to Google Analytics, and the click through rate for AdSense ads had dropped dramatically. It appears that CloudFlare does something to AdSense ads that removes their contextual relevance and makes Google think the website is Russian – at least the text Google shows in the ad block indicated this when it said ‘Реклама от Google’ instead of ‘Ads by Google’.

Even as promising as the security and performance features appeared, I’m not willing to accept a 50%+ reduction in AdSense revenue for this. And switching back has been an absolute nightmare. Stale DNS entries prevent the page from loading sometimes, and IE seems to have a new, yet to be determined issue that prevents it from correctly rendering half of the page. It also appears that now when I activate the W3 Total Cache plugin I get ‘website temporarily unavailable’ errors – the only thing I can think of is that there are some lingering effects of integrating with CloudFlare from W3 Total Cache. ARG!

While I struggle to understand the IE issue, the biggest lesson I learnt from all of this – Set a short TTL on your domain name servers before changing them. Today as I was returning everything back to how it was it took hours for the DNS changes to propagate. This can be decidedly frustrating when trying to debug issues.

So all in all – CloudFlare was an interesting experiment, but proceed with caution if you use AdSense on your website.

0 0 votes
Article Rating
Subscribe
Notify of
guest
14 Comments
Inline Feedbacks
View all comments
Matthew Prince
12 years ago

Appreciate the report here and through our ticketing system! We’re looking into this. While I can’t think of anything that would have caused AdSense to think your site was Russian, we’ll check with the the people we know on the… Read more »

Matthew Prince
12 years ago

Thanks Vanessa! Glad we got to the bottom of the issue. Let us know if we can be of any help getting the hack cleaned up. Hopefully, in the future, CloudFlare can help you prevent future incidents like this.

Vanessa Howell
Reply to  Matthew Prince
12 years ago

Thanks for your help Matthew!
The extra security from CloudFlare is looking quite enticing right about now 🙂

Anna
Anna
12 years ago

No problems with Clourflare, http://scrabblecheat.com
We were fine.  The only thing they change is the headers and that shouldn’t have effected you.
Only thought is if their dns server goes down so does your website.

Vanessa Howell
Reply to  Anna
12 years ago

Good point Anna – I guess you’ve got to trust them or someone else with DNS. On the plus side, cloudflare protects against your site going down – which I’ve found Wordpress is wont to do on occasion.

jediSwift
12 years ago

this cloudflare shit said i was in a botnet? i just did a scan and came up clean?? i dont know if i would want to lose traffic and performance due to some algorithm…

trackback
11 years ago

[…] started using Cloudflare there were a few bumps in getting started. My first impression was that Cloudflare had somehow exposed my server to hackers. I’ll admit that was not a great start for a service that promotes itself as… Read more »

Dee
11 years ago

Thanks for this, Vanessa. I tired CloudFlare previously for a couple of sites but later switched away from CF for both because of the repeated “Website Temporarily Unavailable” message. CF support suggested whitelisting their IPs with my hosting provider while… Read more »

eastdakota
eastdakota
12 years ago

Appreciate the report here and through our ticketing system! We’re looking into this. While I can’t think of anything that would have caused AdSense to think your site was Russian, we’ll check with the the people we know on the… Read more »

eastdakota
eastdakota
12 years ago

Thanks Vanessa! Glad we got to the bottom of the issue. Let us know if we can be of any help getting the hack cleaned up. Hopefully, in the future, CloudFlare can help you prevent future incidents like this.

Vanessa Harris
Reply to  eastdakota
12 years ago

Thanks for your help Matthew!
The extra security from CloudFlare is looking quite enticing right about now 🙂

Anna
Anna
12 years ago

No problems with Clourflare, http://scrabblecheat.com
We were fine.  The only thing they change is the headers and that shouldn’t have effected you.
Only thought is if their dns server goes down so does your website.

Vanessa Harris
Reply to  Anna
12 years ago

Good point Anna – I guess you’ve got to trust them or someone else with DNS. On the plus side, cloudflare protects against your site going down – which I’ve found Wordpress is wont to do on occasion.

JEDISWIFT
12 years ago

this cloudflare shit said i was in a botnet? i just did a scan and came up clean?? i dont know if i would want to lose traffic and performance due to some algorithm…

14
0
Would love your thoughts, please comment.x
()
x
Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive a weekly update on the happenings in the crypto industry, indepth crypto analysis.

You have Successfully Subscribed!