Abusing Cloudflare Trust & Safety - False report takes down website for over 24 hours!

I am running a React + Vite website on workers for an open source project. Unfortunately some haters created a false report which took down my website instantly.

Spent over 24 hours with support trying to figure out what's wrong, until they told me about this report which I found in my Spam folder.

Website: https://mkpool.com/

Protect: https://github.com/Mecanik/mkpool

Purpose: show information, statistics, blog posts.

Why this is extremely concerning

I am running legitimate businesses on several other Cloudflare accounts, fully integrated with Workers, D1, etc. If a false report can take down your website like this, that means your business can be interrupted "just like that", without a reason and without a fast response.

I cannot imagine having one of my businesses down for 24+ hours, especially those with SaaS.

Why am I extremely upset

I've been supporting Cloudflare and it's users for years, with dozens of articles, software and advertising. Personal, Business and even Enterprise users reached out for assistance with many different requests.

If I am being thrown in the gutter "just like that", it means I am of no value to the company, which is very, very sad.

What happens now

Right now I am just waiting on "Cloudflare Trust & Safety" to answer my email and hopefully restore my website. Nothing else I can do, just wait.

I am also seriously re-evaluating every business and project I am hosting on Cloudflare entirely because of this situation. It's extremely concerning and alarms should be raised for anyone relying on Cloudflare entirely.

Thanks

reddit.com
u/Mecanik1337 — 3 days ago

[PROMO] I built a free WordPress plugin for EU Cyber Resilience Act readiness (SBOM, vuln monitoring)

Not sure how many of you have started worrying about the EU Cyber Resilience Act yet, but it's been eating my brain for a while, so I built a plugin for it.

If you put software on the EU market, you're eventually expected to know what your software is made of, keep track of its vulnerabilities, and be able to produce paperwork proving it. For a WordPress site that means your plugins, themes and core. Most site owners have no idea what's actually running or how to document it.

The plugin (GPL, free core, no account needed) does the boring parts inside wp-admin:

  • Builds a component inventory of every plugin, theme and core
  • Generates a CycloneDX 1.6 SBOM you can hand to an auditor
  • Exports CSAF/VEX advisories and an EU Declaration of Conformity
  • Has WP-CLI commands if you want it in a pipeline

Everything runs on your own server. There's a paid tier that adds automated daily vulnerability scanning and alerts, but the core above is genuinely free and useful on its own, and I'm not going to pretend otherwise.

Mostly I'd love a sanity check from people here. Is anyone else actually preparing for the CRA, or is everyone waiting to see how it shakes out? Curious whether the SBOM/DoC angle is what people expect, or if I'm overbuilding for a deadline nobody's feeling yet.

Link: https://wordpress.org/plugins/cra-vulnerability-monitor-eu-cyber-resilience-act/

reddit.com
u/Mecanik1337 — 5 days ago

Open-source Stratum benchmark: ckpool vs mkpool on identical hardware (reproducible kit + repo inside)

Built and ran a controlled benchmark on the Stratum share-validation engine for two open-source Bitcoin pools. I work on mkpool, so this is built to be re-run rather than believed, and the one category mkpool loses is published unedited.

Method: one pool at a time, identical 8-core boxes, same bitcoind regtest node, same Go load generator, fixed difficulty 1, full share validation (coinbase, merkle, 80-byte header, double SHA-256) on every submit. Diff 1 means almost everything is below target on purpose, and both pools fully hash before rejecting, so the hashing is exactly what's being timed. Reject reasons were verified directly on both pools to confirm validation actually runs.

Same-box numbers:

  • Validated shares/sec: mkpool ~315k to 337k, ckpool ~108k to 118k (~2.8x)
  • Median submit-to-ack: 116 us vs 371 us (~3.2x lower), and mkpool won every percentile
  • Reconnect cycles/sec: ~6,391 (4 errors) vs ~402 (1,000+ errors)
  • Memory (ckpool wins): 2k to 8k connections held in ~25 to 68 MiB vs ~66 to 197 MiB, ckpool ~2.7x leaner. ckpool also hit its ceiling on less than half the CPU.

Not measured: payouts, real block luck, WAN behavior. This is purely the request/validation engine, which is what governs stale rates and connection density per server.

Reproducible kit (load gen, orchestrator, sampler, both configs, per-box setup): https://github.com/Mecanik/mkpool-vs-ckpool-benchmark

Full report: https://mkpool.com/benchmarks/mkpool-vs-ckpool.html

Pool: https://mkpool.com/

mkpool is GPLv3 and self-hostable.

If you run it on your own boxes I'd like to see your numbers, especially on different core counts.

reddit.com
u/Mecanik1337 — 6 days ago
▲ 1 r/SomebodyMakeThis+3 crossposts

What is an API that you cannot find, really need it, and would pay for it?

Hey r/webdev,

Hope everyone is doing well in this heatwave. As the title says, genuinely curious about your workload and what kind of API would change things for you for the better.

PS: I might do it.

Cheers!

reddit.com
u/Mecanik1337 — 9 days ago
▲ 30 r/webdev

A multi-tool developer API on Cloudflare Workers - one key for AI, security scans, DNS/email checks and reports

Spent the last few months building a single API that bundles the small tools I kept reaching for: AI helpers (summarize, translate, moderation, code review), website and security analysis (security headers, TLS, tech detection, SEO, exposed files), email and

DNS checks, a few developer utilities (QR, hashing, JWT decode, cron explainer), and some bundled "report" endpoints that combine several of the above. One API key for all of it.

The part I had the most fun with is the plumbing:

- Runs entirely on Cloudflare Workers (TypeScript) with D1 (SQLite) and KV. No servers.

- The whole catalog lives in one endpoint registry. The docs page, the OpenAPI 3.1 spec and the Postman collection are all generated from that one source, so they can't drift out of sync. Adding an endpoint updates all three automatically.

- Billing is credit-based with no subscriptions and no expiry. New accounts get a free balance to play with. A nice side effect of a recent rewrite: a failed request now refunds its own credits in the router's finally stage, so a 4xx/5xx never charges you.

There are two thin, hand-written SDKs (TypeScript and Python) if you don't want to hit the REST endpoints directly.

Live demo, no signup, runs against real endpoints with shared demo credits:

https://mecanik.dev/en/api/

Genuinely after feedback on:

- Which small utilities you'd actually use day to day (trying to avoid building junk)

- The "one registry generates docs + OpenAPI + Postman" approach. Worth open-sourcing that bit on its own?

- SDK ergonomics

Happy to go deeper on the Workers setup, the D1 schema, or the credit/refund middleware in the comments.

u/Mecanik1337 — 23 days ago
▲ 0 r/webdev

Built a unified dev API on Cloudflare Workers - AI tools, security scanning, 30+ utilities. Sub-100ms global, typed SDKs for TS/Python.

What it does

Single API key gives access to:

  • AI-Powered Tools
  • Security & Website Analysis Tools
  • Email Tools
  • Developer Utilities
  • Premium Reports

Architecture

  • Cloudflare Workers (TypeScript), runs at the edge, no cold starts
  • D1 (SQLite), KV, R2, Queues, Durable Objects
  • OpenAPI 3.1 spec (single source of truth -> /openapi.json, Postman)

SDKs (hand-written, thin, fully typed)

TypeScript

https://www.npmjs.com/package/@mecanik-dev/api (zero runtime deps, full types)

Python:

https://pypi.org/project/mecanik-api/ (sync, requests-based, dict responses)

Pricing model (experiment)

Credit-based, no subscriptions, no expiry. 100 free credits on signup.

Live demo (no auth)

https://mecanik.dev/en/api/

Try any endpoint with demo credits.

Known gaps

No embedded "Try It Live" forms yet (building next week).

Feedback welcome on:

  1. SDK DX -> TS vs Python ergonomics
  2. OpenAPI -> SDK generation pipeline (using openapi-typescript-codegen + custom templates)
  3. Missing utilities you'd actually use daily

Happy to share more on Workers internals, D1 schema, or SDK generation in comments.

reddit.com
u/Mecanik1337 — 23 days ago

(boros.ai) make me an offer and take it

I just want to give it away already.

Info:

  • Registered: 2023-11-20
  • Expires: 2027-11-20

Appraisals:

  • Atom: $52,500
  • Dynadot: $48.875

BIN/Offers here: https://boros.ai/ (spaceship).

First good offer to come in gets it.

reddit.com
u/Mecanik1337 — 24 days ago

A thank you note for all the Easy Cloudflare tools users

Hello,

I hope that everyone is doing well!

Just a little update and thank you note for all the users of my free tools for Cloudflare so far.

Your trust and feedback has been invaluable and gave me even more motivation to continue updating and developing new tools.

It wasn't an easy road so far because of skepticism, malicious actors that are constantly trying to cause harm, spam accounts, cracking attempts and even SEO related damage.

But good always prevails and there are still like minded users out there that want to make their development flows easier, for free.

As such, a huge thank you goes out to all the users that downloaded the Easy Cloudflare tools so far and are using them daily. A small snapshot of numbers so far:

Activated Licenses (by popularity):

I am incredibly thankful that more and more users are trying my free tools. It seems that R2 and D1 are more popular, as such I will focus updates on these tools as priority.

Got feedback?

Feedback is very important for me and other users. It helps me develop better tools, fix bugs and share awareness. It was thanks to a user's feedback that I was able to pinpoint and nail down a nasty bug that prevented license activations on MacOS for example. I am very thankful for that user.

Please share your feedback via any channel you wish; contact form, direct email or product review. I will read every single message no matter how busy I am and will get back to you.

Got new ideas?

If you have any new ideas or suggestions for tools that can make development cycles easier for Cloudflare, just let me know. I will consider it, analyze the resources required and if possible develop it. Once again you can reach out via any available channel, and I look forward to hear your thoughts.

Fun Fact / Good To Know

Did you know that all my web stack is running on Cloudflare? Yes, that's right!

  • The main website (custom) was created with Hugo and running on CF Workers.
  • The members area (custom) was created with React + Vite and running on CF Workers.
  • The API is running on CF Workers too.
  • The databases are running on CF D1 and files are stored on CF R2.
  • I am also using a bunch of other things like Queues and more.

Did you know that I have been supporting Cloudflare products for years? Yes, that's right!

  • I've created a WordPress plugin for CF Image Resizing (now Transformations) that speeds up websites considerably with heavy images.
  • I've also created a Worker that for WordPress that does the same thing, but better, faster and on the Edge.
  • I've also created a Worker for Magento that does the same thing.
  • I've also created a Worker for Prestashop that does the same thing.
  • I've supported many Cloudflare Business users with custom Workers to enhance their speed, SEO and other things.

I cannot recommend enough how good Cloudflare is for supplying all the services you need to create your full stack web projects. I don't think there's any other platform that does it better.

How it works (for the skeptics)

A few common questions come up, so here's how the tools are built:

Your API tokens never leave your machine. They're stored locally with strong encryption nothing is transmitted or stored externally. For extra safety, restrict your tokens by IP in the Cloudflare dashboard so a leaked token is useless anyway. That's good practice for any token, not just mine. If you want to see it for yourself, I'm happy to screen-share the code.

Why it's closed-source and needs activation. The tools are free, but they're not open. Learning Qt and building these took a long time, and open code would just get rebranded and resold. License activation is what lets me ship updates and stop that from happening it's not about locking you in.

Final conclusion

It is clear by now that there is an appetite for tools that make development easier and more enjoyable. I hope that Cloudflare appreciates the effort it took to develop all these free tools and maintain them on my own cost. Hopefully someone will acknowledge them.

I want to thank everyone again for trusting my tools and development skills, I really appreciate you all!

u/Mecanik1337 — 25 days ago
▲ 7 r/zec+1 crossposts

mkpool now supports solo eCash mining - with Stratum V2 + TLS

Hey r/eCash 👋

A few days back I launched mkpool, a solo mining pool built around one idea: give small miners a genuine, uninterrupted shot at the block.

Added eCash to the supported coins, so XEC solo miners can finally get in on it.

What makes it worth a look:

  • Works out of the box with Bitaxe and similar hardware
  • Stratum V2 + TLS support; faster, more secure, lower latency than the usual setups

eCash is still fresh on the pool, so this is your chance to be among the first solo miners on it. If you've got a Bitaxe sitting around, point it over and see what happens.

Check it out: https://mkpool.com/

PS: Seriously, give SV2 a try, it's a big step up. Any hiccups, just ping me.

Happy hashing ⛏️

u/Mecanik1337 — 26 days ago

mkpool, an open source Bitcoin Cash solo mining pool I built, has found its first 2 BCH blocks

I just launched mkpool, a solo mining pool with Bitcoin Cash support, and it already solved 2 BCH blocks while I was testing it before going live.

Blocks found:

- Block #953811

- Block #954026

It is a solo pool, so you mine with your own BCH address as the username and the full block reward goes straight to you from the network. The pool never holds your coins.

It supports plain Stratum, Stratum over TLS, and native Stratum V2 with Noise encryption, and the whole engine is open source under GPLv3, so how shares are validated and how the block is built is all there to read.

Source: https://github.com/Mecanik/mkpool

Pool and connection details: https://mkpool.com

Inspired by ckpool and written from scratch in modern C++.

Questions and code review welcome.

u/Mecanik1337 — 29 days ago
▲ 40 r/BitcoinMining+1 crossposts

Open source Bitcoin solo mining pool with native Stratum V2 (Noise), released under GPLv3

I released the source for mkpool, a Bitcoin solo mining pool engine, under GPLv3.

The idea is straightforward. You mine with your own Bitcoin address as the username, and if you find a block the reward goes to you directly from the network. There is no custodial wallet in the middle.

What might interest this sub specifically is the protocol support. It speaks classic Stratum, Stratum over TLS, and native Stratum V2 with the Noise handshake, so mining traffic can be encrypted end to end. Work is always built from the full transaction set the node provides.

Because it is open source, the parts that matter to a miner, how shares are validated and how the coinbase and block are constructed, are all auditable rather than a black box.

Source: https://github.com/Mecanik/mkpool

Live pool: https://mkpool.com

It is licensed GPLv3 and was written from scratch in modern C++, inspired by Con Kolivas' ckpool.

Questions and code review welcome.

u/Mecanik1337 — 29 days ago

Antigravity/Ultra plan - 5 questions (no work done), game over.

As the title says, we are doomed. There's nothing you can automate or do whatsoever anymore. I literally asked for a plan implementation for something in Antigravity using Claude and behold:

https://preview.redd.it/8mxulgz8xe2h1.png?width=641&format=png&auto=webp&s=34e66796dc079bd655b861e2b10e7a747d708ee9

Nothing out of the ordinary and nothing over complex. You can't work like this, it's just mental. Might as well run your own model.

What's the point in paying such a plan? What's your take on this?

reddit.com
u/Mecanik1337 — 2 months ago

Antigravity 2.0 - Do you like it? I don't!

Hi,

I used Antigravity for 1 day only, and on the same day it just so happened that it downloaded automatically the "2.0" version. Little did I know what was expecting me...

A horrible, way too simple editor. The previous version which was a fork of VS Code was actually decent; you could see your project structure, navigate between files, see what the AI is actually doing, etc. Now, it's working blindly and I have to "review" an "implementation" plan for simple tasks.

In essence, I tried to automate development and deployment for a very simple React site, and it just works sideways. Of course had to upgrade because as per my previous post, the free version wasn't doing anything, at all.

Doesn't matter if I use Gemini 3.5 which is supposed to be faster, cheaper, etc; compared to Claude, it ran out of Juice very quickly. So I can't even finish and deploy a simple React site, not to mention anything more complex.

As such, this is my review so far:

- Editor? Horrific. Tried to copy probably what Claude did with their own editor, but it sucks; missing a bunch of features and lags.

- Models? Horrific. Free does not work, period. Ultra maxes out with very simple development, can't even think of anything more complex.

That's me.

reddit.com
u/Mecanik1337 — 2 months ago

Installed Antigravity for the first time - Our servers are experiencing high traffic right now, please try again in a minute.

Hi,

Well that's a bad first impression. I installed this to give a try, and gave a very short and simple prompt using Claude.

Result:

Our servers are experiencing high traffic right now, please try again in a minute.

I click retry after waiting like 2-3 minutes:

Our servers are experiencing high traffic right now, please try again in a minute.

Considering Claude is the problem, so trying Gemini:

Our servers are experiencing high traffic right now, please try again in a minute.

I simply cannot test this software whatsoever.

Thanks

reddit.com
u/Mecanik1337 — 2 months ago

4x price per request from 1st of June

So I downloaded a report for last month (April 01, 2026 - April 30, 2026) from a Copilot Business plan. This is what I see:

https://preview.redd.it/wak0xg0rqg1h1.png?width=1248&format=png&auto=webp&s=1dacfb114cc5f6dd031019f6bb79b69a033a60ac

This clearly shows me the price I was paying before, is now 3x, almost 4x more. We can see this clearly based on the chart as well:

https://preview.redd.it/16o26d7xqg1h1.png?width=1253&format=png&auto=webp&s=5a6cf34e90a5023fbcf12fc8ffb1c48501cf756a

PRU = current, old cost vs AIC = new cost. Even better here:

https://preview.redd.it/h8pt17z7rg1h1.png?width=1258&format=png&auto=webp&s=d19c9899cd55a948d9e381a036197410f6e755fb

And now May so far (luckily, I stopped all automations):

https://preview.redd.it/7vqq3tqcrg1h1.png?width=1276&format=png&auto=webp&s=b4b4a04d1d056a4632c7c720a3f3841cabda41f4

I don't know what to tell you Github, or if anyone from the "top" will actually read this, but this is crazy. You cannot simply 4x the price like this, especially since you offered the current price for a while and users have automations and businesses built on top of Copilot.

You are literally stabbing everyone in the back and ransoming more money, because what the heck can you do?! There's no free model that can compare, and you can't run your own, let's be realistic.

This comes on top of the "rate limit" problems you had all April where work was interrupted no matter the plan several times a day.

Extremely unhappy and very disappointed. You will lose users one way or another.

Peace.

reddit.com
u/Mecanik1337 — 2 months ago

Quick update from OCM for anyone following solo mining on the platform.

The current scoreboard:

  • 126 blocks found solo by individual miners
  • 27 blocks found in team / shared sessions
  • 153 total since launch, all verifiable on-chain

Full history with txids, winners, payouts, and timestamps: https://oneclickminer.com/solo-mining/blocks?coin=BCH

Most recent BCH block was caught a few days ago. Effort has reset, fresh cycle.

Worth highlighting from the broader record: blocks have been found across the full range of package tiers, not just Colossus and Titan. Hammer, Shovel, and other smaller-tier hashrate purchases have produced wins. Solo on OCM isn't a whales-only game.

On pricing:

Crypto market conditions cooled hashrate demand earlier this year, which dropped our rig acquisition costs. We've passed almost all of that through to customers. Most BTC/BCH packages are now priced close to operating cost; Pulverizer (100 PH/3h) is at 0.007 BTC (was 0.00912), Titan (250 PH/3h) at 0.017 (was 0.0228), and similar cuts across the lineup. These are the lowest prices OCM has ever offered. They hold while market conditions persist; we'll adjust if the hashrate market moves.

7-day offer to mark the recent block:

A Pulverizer order includes a complimentary Excavator. Chain selectable on each; BCH or BTC. Details on the site, not going to itemize here.

Standard caveats: mining is probabilistic, no guarantees, past performance not indicative of future results. You're buying a hashrate allocation for a defined period, not a share of any specific block. The on-chain record is what it is, but each new block is its own roll.

GL to anyone who plays 🍀

u/Mecanik1337 — 2 months ago