Since last Friday we have a problem that is seriously affecting our website … all users are suddenly having to complete captcha tests, across all countries / all browsers / many different ip etc. This is causing inconvenience and complaints from our customers.
The thing is we never changed any settings in Cloudflare last week, it has previously been working very well during this year. Then suddenly out of nothing the captcha has become super sensitive.
We’ve already checked the fire wall settings … nothing unsual there from what I can see, and nothing has been changed recently.
We’ve also been trying to get help from cloudflare tech support since last Friday - without success unfortunately, hence we are now reaching out instead to the community.
I am not super techy so please make responses as easy to understand as possible.
Have you checked if the I am under an attack! option is being disabled or suddenly enabled at Cloudflare dashboard for your domain?
Furthermore, may I ask what Security Level (Low, Medium, High …) have you got selected under the Firewall->Settings tab at Cloudflare dashboard?
Do you have some custom-made Firewall Rules at the Firewall tab or does something show up at Firewall events log?
Either not related so much, but may I also ask is the Bot Fight Mode option being enabled at Firewall tab->Bots and so on how about Browser Security Check option (Firewall->Settings-> scroll down to see the section?
May I also ask do the user(s) stuck in some kind of a captcha loop or?
Can you try to catch it and post a screenshot of this captcha?
Is it captcha from Cloudflare or some other third-party app/source?
Do you use some kind of an anti-virus program like BitDefender?
Maybe some web browser extension …
How about clearing your Web browser cache? Have you tried that too?
Have you tried using some other Web browser, or a private window, or different device connected to some other network (like cellular / Edge / LTE, mobile data)? - even you stated different countries/browsers, etc.
May I ask have you written a ticket to Cloudflare support? If so, could you post your ticket number here? (Thanks in advance)
We have blocked a few IP addresses that have attacked us in the past, and allow the ip addresses of our work team. Other than that we set up a temporary rule since the weekend to allow users from Nth America and Europe - this was to try to minimise the impact to our clients while we get to the bottom of why the captcha always appears. We also block some countries such as Russia, China where common attacks have come from in the past.
Our settings are Challenge passage=30mins, browser integrity check=on, privacy pass support=on, web application firewall=on, automated bot=challenge, verified bot=allow.
Good idea, but we have already cleaned the cache a couple of times and the problem persists
No it is not a captcha loop … more that ever user has to pass through the captcha. We have tested on differente browsers, in different countries. So the problem is global rather than related to my pc ip address for sure.
The captcha comes from cloudflare … youi can see on our website https://happygringo.com … the index loads fine, but if you click on any other link then the cloudflare captcha appears.
We have had various tickets since last Friday, most of them have been declared resolved by cloudflare even though none of their tech support have even investigated the case. The most recent ticket # 2267698.
If you need any more info then please just let me know, and once again we are very appreciative of your help.