It does appear that iFastNet changed how the testcookie system interacts when using Cloudflare. IIRC they were incompatible before, so iFastNet made an exception for Cloudflare so it would bypass the testcookie check.
But it appears that iFastNet has now removed this exception and instead fixed the testcookie check so it works with Cloudflare.
iFastNet didn’t communicate about this, so right now we can only speculate why they did this. But I can personally attest that Cloudflare can be astonishingly ineffective at detecting and stopping HTTP floods. It seems likely that iFastNet saw the load that this caused and decided to fix it.
You have to understand that while Cloudflare can be configured to block bots quite effectively, I’m pretty sure the overwhelming majority of users don’t go through the trouble of fine tuning that. Meaning their websites are more susceptible to attack with Cloudflare than without.
I can see how this is bad for you guys because of how fine tuned your setup is. But know that you are the exception, and there are probably good reasons for this change that do not include bullying you personally.