If you file enough DMCA takedown notices (or other abuse reports) you’re eventually going to run into a site that appears to be hosted using Cloudflare’s content delivery network.
Cloudflare, for those who don’t know, is a CDN, or content delivery network, and it works by sitting between the visitor and the server the site is on, delivering the site’s content from endpoints located all around the world. While this can be great for websites, which see faster delivery times, lower bandwidth costs and greater reliability, it is bad news for DMCA filers.
The reason is that there is no way to know where the origin host is as long as the site is using Cloudflare and Cloudflare itself will not remove infringing material, considering itself a pass through network. However, you can file a DMCA notice with Cloudflare and they will provide you with the information of the original host and you can, theoretically, forward the notice on to them.
However, Cloudflare recently changed their DMCA policy and will not provide the IP address of the original site to you. Instead, that information is only provided directly to the host. According to Cloudflare, this is because several people abused the DMCA process to get the original IP address and launch denial of server attacks on the main server (bypassing Cloudflare’s network).
This isn’t a major issue if the communication between the original host and Cloudflare is good, but, as a recent case of mine revealed, it sometimes isn’t. This results in long delays in getting a DMCA Notice resolution, many back and forth emails and general headache.
Fortunately, Jim Lippard came forward with a solution that I was unaware of. If you’re having trouble getting the IP address of an original site on Cloudflare, there’s a simple workaround that seems to work most of the time. While it isn’t perfect, it may help deal with stubborn cases where Cloudflare and the main host are not seeing eye-to-eye or the main host refuses to believe the content is hosted on their network.
Cutting Through the Confusion
The solution, at least much of the time, is actually very simple and it relies on a quirk in the way that Cloudflare sets up DNS on customer accounts.
By default, when Cloudflare sets up a new domain (this was at least true historically), it would add a subdomain, in this case direct.domain.tld, that would point to the original server (IE: For Plagiarism Today, it would be direct.plagiarismtoday.com, though Plagiarism Today does not use CloudFlare at this time).
While you usually can’t visit the site there, usually because the main server is not configured to do so, it’s an important testing feature that lets users bypass Cloudflare to view or work on their site directly.
As a result of this, by simply looking up the IP address of the direct subdomain, you can often get an IP address for the main server. You can do this trivially at WhoIsHostingThis, which will get you the IP and attempt to get you the host of the subdomain.
Not a Perfect Solution
The solution is far from perfect, the main reason being that this is a customer-editable option and many customers simply remove the line, often for security reasons.
However, I did a check of five sites that I knew were hosted on CloudFlare, including three that were involved in copyright-related disputes, and four of five times it worked.
Still, bear in mind that it will not work all the time and CloudFlare actively encourages customers that don’t need the subdomain to remove it. Furthermore, they could decide at any time to simply stop using it.
For right now thought, it may be a method to try and see if it can help you. However, I don’t recommend making it your first approach and, instead, I suggest everyone attempt filing a DMCA notice with CloudFlare first, both to see if it works and to have the notice on record should things progress farther.
Bottom LineDistil, which is what Plagiarism Today is currently using, are going to be a larger and larger part of the Web moving forward and, as such, a larger and larger part of DMCA and other abuse issues.
But these services, while they can protect sites from being abused, including denial of service, scraping and other issues, they can also protect those who do the abusing. That’s the double-edged nature of such networks and part of the challenge webmasters are going to face moving forward.