How easy is it to break through Cloudflare protected sites?
Cloudflare is a popular DNS shield provider, and web application firewall. Some people like it, and some people do not. Whether you like Cloudflare or not, there are some facts about Cloudflare, that are not good.
Lot's of website use Cloudflare's Flexible SSL Mode.
This is not good for a few reasons, but we are going to talk about the most important reason. It is extremely unsafe. You do not need much experience to crack through this encryption layer. Once somebody cracks through Cloudflare's SSL, they can see all of the info being transmitted from and to your website directly, all unencrypted. This info can contain unencrypted passwords, usernames, emails, bank account info, credit cards, and more (this all depends on what type of website it is and what is stored on it).
This can be done to other websites that use different providers, but a similar encryption method.
Here is what is exactly happening:
The connection between your browser and Cloudflare's servers, and your domain name, is encrypted via Cloudflare's SSL/TLS Certificate. Cloudflare (or another provider) is not using your actual website's SSL Certificate, so nothing between you and the actual website host is encrypted. The only thing being encrypted is your connection to Cloudflare, and that is pretty much useless for your own server security. In other words, your browser connection to Cloudflare is encrypted, and the connection to your actual website is not.
You can easily solve this issue by configuring your web application firewall, like Cloudflare or ClouDNS, to use your websites SSL Certificate, which actually encrypts the connection between you and the website, rather than just you and Cloudflare, leaving the website ready to be attacked by anyone that is able to break through Cloudflare.