Cloudflare blocking my IP?

Support are unlikely to be able to help you. Please read the steps in the linked post.

You probably have a dynamic IP address and you have changed to one with a low reputation. You may also have malware etc on your network. Again, please see the linked post.

2 Likes

So you are not talking about your own site but about third party ones?!

There is a high chance you either got an IP address assigned which was previously used for attacks or your machine is compromised and is actually the one engaging in attacks.

If you can rule out that it is your machine and if you have a dynamic address you could try to power down your router or modem, wait a bit, boot it up again, and hope your ISP assigned a new IP address.

For the rest, I can only refer you to the article @domjh already linked to. There is nothing the community or Cloudflare can do about that.

3 Likes

I’m in the same boat as kieran.hill1796.

I’ve been a customer of Cloudflare myself for years, so I know exactly what it is that they do. With no activity on my network here at home, over night my IP got blocked. While my ISP does have dynamic IP addresses, they are typically relatively long leases and I’ve been on this IP for a while now.

And to add oil to the fire, kieran.hill1796 is correct in that the captcha for the support page prevents you from getting there unless you’re logged in already. Even when you’re logged in and submit a ticket (which I did from my customer account), the Zendesk URL for your ticket then also presents you with a captcha, which can’t be resolved. It’s an endless loop.

I suspect that there’s been some kind of mixup on Cloudflare’s end, resulting in blocking a batch of IP addresses incorrectly. I’m seeing more reports around the internet of people being blocked out of the blue.

And to @kieran.hill1796: Cloudflare haven’t accessed your IP, it’s the other way around. They offer a service that sits in between you and the servers behind websites, acting as many things, but above all as a firewall and DDoS protection. Those sites you’ve been using for years most likely have also been using CF for years, you just never noticed before because you weren’t blocked. By using these sites, your IP address is visible to CF and these sites (that’s just how the internet works :wink: ). Unfortunately there’s very little you can do right now, but like I said I’ve submitted a ticket using one of my customer accounts to see what’s going on. I’ll post an update here once I get one from them.

3 Likes

Seems like this is a widespread issue, people are complaining about it on multiple boards

You havent looked into how Cloudflare actually works, have you?

Considering they always receive the plain text there is not much need to perform any attack as they already are the middleman.

But yes, its unrelated :wink:

2 Likes

I have this issue as well, as of today. Every cloudfare protected site blocks me and gives me a captcha and also not being able to get to the support page (unless via VPN). Honeypot shows no recent suspicious activity and I do not have any malware on my pc. It’s extremely frustrating.

So far, I’m getting nothing from their support. Just standard responses, they keep insisting my IP was found in security/DDoS events and that I should check for malware. Aside from the fact that I’ve already done that twice just in case (not hard with only a phone and desktop computer using this connection), I’m not your average user. Given the work that I do and the data I have access to, I take my machine’s security very seriously.

Add to that, the captchas are completely broken on some sites. Some, not all. Particularly on CF’s own sites, they just go into an endless loop; and using Privacy Pass just makes matters worse, as it sends itself into a refresh loop.

Makes me question whether I should keep recommending them to my clients to be honest. I can’t even get a timeframe of when these events allegedly occurred out of them.

I bet that a massive DDoS attack occurred on Cloudflare servers overnight, and the attackers spoofed thousands of IP addresses resulting in people being blacklisted mistakenly.

Again, you havent looked into how Cloudflare works. I would suggest you do that.

And again, it really is off-topic in this thread.

2 Likes

Feel free to start a new thread. Discussions are always welcome.

But please stop off topic discussions in this thread. Everyone. Thanks.

1 Like

It does not leave that impression I am afraid. Cloudflare decrypts all traffic, so arguing they could decrypt it is relatively pointless. Whether they share that data with authorities is a different story and there are appropriate terms of service in place. Of course authorities could still have a gagging order in place but this is even more off-topic here than the initial subject itself.

1 Like

To all affected by a possibly false positive ‘ban’. Here are ssone things you should know about this issue and steps to get this probably solved:

:slight_smile: @domjh referred to that link earlier but that got lost in the shuffle of conspiracy theories and outrage :smile:

4 Likes

I keep getting the captcha/attention required page on seemingly any website that uses Cloudflare (they do not usually require authentication, so it is not a standard security level of those websites, e.g. support.cloudflare.com). I have checked my pc for malware (none detected), and there is no information on honeypot for my specific IP (some from same network but years old). Also, when going to support.cloudflare.com, when I complete the captcha, nothing happens (with privacy pass extension turned on it continuously reloads the page). When using a VPN I can connect as normal, but I would like to have a real solution.
Ray ID: 4b0c45e2bf970a8a
Please let me know what could be the cause of this, I can’t think of any reason that my pc would be seen as dangerous. I’m just using up to date chrome browser, nothing notable, just a standard connection, but suddenly this is occurring.

You appear to have poster about the same issue at:

This thread explains why this happens and has links to a post explaining steps to resolve it.

If you mean this link that was posted:

That did not help in that thread nor does it help me. Most of those suggestions are not relevant (such as it can’t be the site’s security level, and honeypot indicates no recent malicious activity), and they are not complete fixes. I will try to get my IP changed (if necessary via ISP), but that shouldn’t be necessary and I would like to know the cause behind this, since my experience and that of others suggests a fault on CF’s part.

That thread explains why the blocks are in place. I doubt it is a CF error, it is due to the security configured on the websites.

Those are the steps that can be taken to remove a block and, if those don’t work, the new IP or waiting strategies are really the only options.

Yes, waiting is the only option I guess. But it would be nice to have some more information about why/how this happened.

As in that thread, these are websites I have visited many times before without a captcha, so it is definitely not a reconfiguration of the security, something else must have changed, namely how cloudfare treats my IP. Which end is responsible is the question, and while it does seem unlikely that CF would cause this, I cant think of any reason that my IP would suddenly be seen as malicious (as confirmed by Project Honeypot). I will check all devices on my network for malware.

You are likely to have a dynamic IP so it changes. It may be the previous network with that IP caused the issue.

Yep, same problem for me.
Have tried everything, and my ISP have static public IP.

Just need to wait. Don’t know why this happend? And why does so many get this issue at the same time? Cloudflare, please explain.