Cloudflare driving me nuts.

[Brad_C]

I've been getting these come up for about 6 months now *every single time I visit* using my laptop or desktop. It's driving me nuts.
Is anyone else seeing similar? I don't get it on any other site/forum. Just TFP.

I'm using Firefox on Linux, and aside from version upgrades nothing has changed in the last 20 odd years.
I don't see them on my iPad, so it's not related to my specific IP address.

 

[mknauss]

I only occasionally see it. I also use Firefox.
@Leebo

 

[DrewLG]

I don't see them on my iPad, so it's not related to my specific IP address.

Cloudflare uses other hints (browser user agent, etc) to differentiate among multiple devices that share a single public IP. So the absence of captchas on your iPad doesn't necessarily mean that your IP is irrelevant.

There are a number of possible explanations for Cloudflare's suspicion that you might be a bot:

You could have malware (or a user who acts like malware) on your laptop and desktop.

If you're using a commercial VPN or other proxy, you might be sharing your public IP with a bot.

If you don't have a static IP, your internet provider might have recently changed your public IP to one that had previously been assigned to a bot.

It's possible that the TFP website owner recently raised the Cloudflare security level, so signals from your IP that were previously ignored are now viewed as questionable.

Etc.

Try following the tips here: https://community.cloudflare.com/t/community-tip-best-practices-for-captcha-challenges/56301

Good luck.

 

[laprjns]

I'm using Firefox on Linux, and aside from version upgrades nothing has changed in the last 20 odd years.

Same step up here, same problem with Cloudflare. A least I don't have to click on all the images with traffic lights anymore. Cloudflare doesn't seem to trust us Linux users. Using the User Agent Switcher and Manager extension set to Firefox / Windows 10 seems to eliminate the need to prove that you are human.

 

[Brad_C]

So I've tried everything except changing my user agent.

We have a static IP. There are 3 of us in the house.
I don't have a virus, I don't have bots and frankly my net side firewall logs *everything* so I'd know if a gnat so much as farted on the network. We don't use a VPN to access the world. My requests come directly from my home static IP.
None of our IoT devices can access the outside world for any reason including DNS (I caught a mail server trying to exfiltrate data using DNS requests).
Our IP comes up as clear in pretty much all of the test tools I've been able to find, and it's our primary inbound office MX also so I'd know pretty quickly if there is an issue (outbound goes via a VPS as I can't get a reverse delegation on the home address).

Thanks for the suggestions.

 

[proavia]

Are you using a VPN?
Have you totally cleared your browser cache and cookies?

 

[Leebo]

So I’m gonna put up a quote from the host that kinda makes sense to me…..but at the same time is well beyond my pay grade. Long story short however, let’s see if this change helps.

Looks like there was a WAF rule setup in cloudflare to block a DDoS attempt over the summer that included a user agent check for firefox on linux that would have triggered the captcha. I've just removed that rule since it seems to have died down quite a bit

 

[ajw22]

So I’m gonna put up a quote from the host that kinda makes sense to me…..but at the same time is well beyond my pay grade. Long story short however, let’s see if this change helps.

Translation - Someone with the same configuration as yours tried to do nasty things and you are getting blocked in the trap laid for them. They seem to have left to bother others so the trap has been removed.

 

[Brad_C]

So I’m gonna put up a quote from the host that kinda makes sense to me…..but at the same time is well beyond my pay grade. Long story short however, let’s see if this change helps.

And that appears to have fixed it. Straight in this morning with no Spanish Inquisition. Ta!

 

[Leebo]

Great!

No promises it’ll stay forever as DDoS attacks suck…..a TON! At least for now we know what options we’ve got in the future just in case we ever need to reimplement the setup.

Now more important, what’s Linux?? Like, that still exists???

 

[laprjns]

I now can log into the site without having to lie about what operating system I am using.

Now more important, what’s Linux?? Like, that still exists???

It's the only platform that I can't run PoolMath on.

 

[Brad_C]

Now more important, what’s Linux?? Like, that still exists???

I'm pretty sure it's still a thing.

It's the only platform that I can't run PoolMath on.

It's the only platform I run poolmath on. PoolMath and a copy on a local server.
Simple, reliable and not reliant on the two tin cans and piece of string we call "internet" in Australia.

 

[mgtfp]

Simple, reliable and not reliant on the two tin cans and piece of string we call "internet" in Australia.

But... but... at least 50cm of that string are now made from glass fibre.

 

[Newdude]

But... but... at least 50cm of that string are now made from glass fibre.

You guys joke all you want. Not once was string ever encrypted and held for ransom. Nor was Charlie Brown's school teachers voice intercepted by a 3rd party. Heck. It wasn't even understood by the intended recipient.

 

[mgtfp]

You guys joke all you want. Not once was string ever encrypted and held for ransom. Nor was Charlie Brown's school teachers voice intercepted by a 3rd party. Heck. It wasn't even understood by the intended recipient.

Now you're diving very deep into string theory. Very controversial stuff.