I don’t know who this company thinks they are but they’ve accessed my IP without permission, have decided that it is for some reason untrustworthy and are now blocking me from websites, servers and just making the internet unusable for me. I want them to leave me alone, delete all my information and stop blocking me from everything because they have done this with no consent given.
Captcha on every Cloudflare protected website
Web page access server returns 403 error
I tried contacting their support and it’s blocked by their own captcha, which keeps appearing no matter how much I complete it. This is very shady because I cannot even go through the support to fix the issue
They are Cloudflare, a company whose free services you are using in one way or another (either as site owner or site visitor).
That statement doesnt make much sense to begin with.
It is not quite clear to me what your issue is. Can you post a screenshot of the error. Either you misconfigured your account or (if you are visitor) the site owner blocked you, in which case you need to contact that site’s administrator, though it is their perfect right to block anybody if they wish so.
Having never heard of cloudflare, I now get this constantly on every site and server I try to visit for now reason. I can’t do my job because I cannot access servers. I can’t even open a web page.
Cloudflare protects other websites, please see this article.
That can’t be right, these are sites and servers I have been using for years, and suddenly this morning everything is blocked, and I cannot access the support and resolve this
Support are unlikely to be able to help you. Please read the steps in the linked post.
You probably have a dynamic IP address and you have changed to one with a low reputation. You may also have malware etc on your network. Again, please see the linked post.
So you are not talking about your own site but about third party ones?!
There is a high chance you either got an IP address assigned which was previously used for attacks or your machine is compromised and is actually the one engaging in attacks.
If you can rule out that it is your machine and if you have a dynamic address you could try to power down your router or modem, wait a bit, boot it up again, and hope your ISP assigned a new IP address.
For the rest, I can only refer you to the article @domjh already linked to. There is nothing the community or Cloudflare can do about that.
I’m in the same boat as kieran.hill1796.
I’ve been a customer of CloudFlare myself for years, so I know exactly what it is that they do. With no activity on my network here at home, over night my IP got blocked. While my ISP does have dynamic IP addresses, they are typically relatively long leases and I’ve been on this IP for a while now.
And to add oil to the fire, kieran.hill1796 is correct in that the captcha for the support page prevents you from getting there unless you’re logged in already. Even when you’re logged in and submit a ticket (which I did from my customer account), the Zendesk URL for your ticket then also presents you with a captcha, which can’t be resolved. It’s an endless loop.
I suspect that there’s been some kind of mixup on CloudFlare’s end, resulting in blocking a batch of IP addresses incorrectly. I’m seeing more reports around the internet of people being blocked out of the blue.
And to @kieran.hill1796: CloudFlare haven’t accessed your IP, it’s the other way around. They offer a service that sits in between you and the servers behind websites, acting as many things, but above all as a firewall and DDoS protection. Those sites you’ve been using for years most likely have also been using CF for years, you just never noticed before because you weren’t blocked. By using these sites, your IP address is visible to CF and these sites (that’s just how the internet works ). Unfortunately there’s very little you can do right now, but like I said I’ve submitted a ticket using one of my customer accounts to see what’s going on. I’ll post an update here once I get one from them.
This post was flagged by the community and is temporarily hidden.
Seems like this is a widespread issue, people are complaining about it on multiple boards
You havent looked into how Cloudflare actually works, have you?
Considering they always receive the plain text there is not much need to perform any attack as they already are the middleman.
But yes, its unrelated
I have this issue as well, as of today. Every cloudfare protected site blocks me and gives me a captcha and also not being able to get to the support page (unless via VPN). Honeypot shows no recent suspicious activity and I do not have any malware on my pc. It’s extremely frustrating.
Captcha on every Cloudflare protected website
So far, I’m getting nothing from their support. Just standard responses, they keep insisting my IP was found in security/DDoS events and that I should check for malware. Aside from the fact that I’ve already done that twice just in case (not hard with only a phone and desktop computer using this connection), I’m not your average user. Given the work that I do and the data I have access to, I take my machine’s security very seriously.
Add to that, the captchas are completely broken on some sites. Some, not all. Particularly on CF’s own sites, they just go into an endless loop; and using Privacy Pass just makes matters worse, as it sends itself into a refresh loop.
Makes me question whether I should keep recommending them to my clients to be honest. I can’t even get a timeframe of when these events allegedly occurred out of them.
I bet that a massive DDoS attack occurred on Cloudflare servers overnight, and the attackers spoofed thousands of IP addresses resulting in people being blacklisted mistakenly.
Again, you havent looked into how Cloudflare works. I would suggest you do that.
And again, it really is off-topic in this thread.
Feel free to start a new thread. Discussions are always welcome.
But please stop off topic discussions in this thread. Everyone. Thanks.
It does not leave that impression I am afraid. Cloudflare decrypts all traffic, so arguing they could decrypt it is relatively pointless. Whether they share that data with authorities is a different story and there are appropriate terms of service in place. Of course authorities could still have a gagging order in place but this is even more off-topic here than the initial subject itself.
To all affected by a possibly false positive ‘ban’. Here are ssone things you should know about this issue and steps to get this probably solved: