If you’re on twitter following game stuff, you can’t have missed this:
No matter what you think of Fish, nobody deserves getting his life exposed this way.
I read everywhere that the guy doxxed himself to get attention. He is often over reacting so why not?
The main clue for this theory is a screenshot proving Polytron website is using cloudflare. Suddenly, everybody is a security expert claiming:
site is hosted by cloudflare, it can’t be hacked.
Just check what Cloudflare is : https://www.cloudflare.com
It’s a CDN, not a hosting plan. It means it delivers your content faster and reduces your needs in bandwidth by replicating your static files on servers around the world. But your master website is still hosted on your own server.
If you want to hack a website using cloudflare, attack the main server, not cloudflare!
It somehow offers more security, protects against bots, prevents from DOS attacks but it doesn’t keep you safe from everything. Social engeneering still works, CMS exploits still work, lots of SQL injections still work, old wordpress, phpbb are still vulnerable…
And Cloudflare is not really hiding your server IP to the world.
To setup cloudflare on your website you just point your DNS to cloudflare and that’s it. So now, yourdomain.com will be turned into an IP by their name servers. Some subdomains will point to their ip, but others will still redirect to the real server.
yourdomain.com -> CF ip
www -> CF ip
mail -> CF ip
ftp -> real server ip
so grabbing real IP is as easy as ping ftp.yourdomain.com in many cases.
Once you get the real IP, get full access to the server (not the easy part but that’s what hackers do) , change the files, and everything will be replicated to cloudflare servers.
I don’t know the truth, i’m not a great web detective, but don’t think everything said as obvious on Twitter is true because it matches your own opinion.
(And for people saying 1.5GB can’t be collected and uploaded that fast, just keep in mind server to server transfers are really fast, and data collecting can be older. We can also think files were directly packed through ssh directly on the server)