Hello. I’m NOT a site owner, just a regular user. I have to use this option to ask, because I didn’t find any other. Recently I got this “Cloudflare Checking if the site connection is secure” message on many sites and it agetting more and more annoying (solving captcha eech time I visit it). Can anyone explain what is going on? From what I understand, my IP (or more likely the range - I’ll explain later why) is in some kind of blacklist. I’m curious how that happened (no, there is no malware) and how to get whitelisted. I have a dynamic IP provided from my internet provider, so 1st thought was that maybe someone who used that IP before me somehow used it in inappropriate way (I ended up once on some open surveys support forum under absolutely unknown identity) - and that’s the reason I see the message. IP changed a couple of times since the first message, but I still have to prove that “I’m not a bot”. So I guess it’s a whole range blacklisted? I’d like to know what exactly is the reason (maybe some of my browser addon or something else I’m not aware of caused this) and how to whitelist my IP back. Thank you!
The website owner decided to use protection & security measurements for some kind of requests, or based on some criteria like country, user-agent, etc. that’s why you’re experiencing the regular “Cloudflare JS challenge page”.
The website owner can modify the challenge passate time like you can experience this at least each 5min or longer.
Are you using TOR web browser or a VPN maybe?
No, no VPN nor TOR (not even once). The thing is, I got the message on multiple sites, even on sites I didn’t visit for month. Looks like my IP is in some kind of Cloudflare blacklist and every site using Cloudflare (and the list) now force me to prove that I’m not a bot.
Anyone from Cloudflare support maybe?
I have the exact same issues, it seems cloudfare t can’t make a proper bot check and refuses to comment on the issues it creates. Sites are left simple inaccesible with nothing to do on our end, from what i’ver scoured about related issues. It’s a waiting game until they get it together and stop releasing unfinished work.
Tried to reach them on their official Cloudflare support e-mail address - it just redirects over and over again: do, this, buy that - nonsense! Basically if you want a support you need to buy a CF plan, I’m just a regular user, I DON’T use Cloudflare as a site owner, sites I do visit use it. The “contact the sites owners” advice is also useless, it means I have to contact EVERY second (ok, maybe every third) site I visit :-)))))
I am experiencing this verification ‘check’ a lot through my VPN connections. I pay for a VPN service through a commercial provider. I have been testing how to duplicate it. I am experiencing this with a few of the VPN servers I have tried but not all. I have tried 3 different servers in New York state where 2 produce the check and one does not. Additionally a server in Montreal Canada is also producing this ‘check’. There is also another issue that is attached to this verification problem. In Chromium based browsers (the two I used are Brave and Chrome) I have found that if you have ‘Desktop site’ enabled (on an Android device) the browser is sent through a continuous loop with human verifications. I was getting three different methods to verify you are human; a blue button saying “Verify you are human”, hCaptcha, and a Cloudflare check box, but none will allow you to access the site after you verify. It just clocks then a different verify method, or the same, comes up again. As soon as you uncheck the ‘Desktop site’ option in the browser the site will successfully load after an automatic ‘check’ without the need to verify you are human.
@spoore If you are not the owner, then there’s no direct option to modify the JS challenge as mentioned by @fritex
Alternatively, you can check for browser-cross-check compatibility if those challenges are repetitive.
I’m having the same problem: it’s becoming more difficult to access sites using Cloudflare’s bot protection services. When I try to access some website using Cloudflare, usually the “Checking if the site connection is secure” page loads for a few seconds, then passes me to the actual website. But today, I tried to access https://lexica.art/ and it asks me to solve a captcha over and over. I solved the captcha ten times and it won’t let me pass.
Is there any way to have my IP address verified as safe? I’ve read about the “ Friendly Bots” initiative, but I’m not running any bots. I’m just a regular web user.
@naptime You can make sure your browser is updated & not vulnerable to threats. If that’s secure, the CF protected sites won’t take long to load unless there’s js challenge enabled by the web owner.
@neiljay, I discovered if I turned off iOS Lockdown Mode, the bot protection page accepts me immediately.
People who need extra protection from digital threats may want to keep Lockdown Mode enabled for the site they are visiting behind Cloudflare bot protection. For this reason, I hope that Cloudflare fixes this to support Lockdown Mode.
This is a defensive mode applied by Apple in order to protect users from cyber attacks.
When Lockdown Mode is enabled, your device won’t function like it typically does.
While the CF checking the site for secure connection is based on the browser integrity.
This is questionable coz, both entities work for the common goal: protect. However, Lockdown Mode is interesting one. Thanks for enlightening 
Glad you fixed it. I don’t use iOS, so this is not solution won’t work for me though.
I’m still looking for a way to whitelist my IP address, so I don’t get blocked again, and I can use Lockdown Mode. Does such an option exist?
Any answer from CF? I still have this problem!
I rent an IP address from a big name cloud provider. They not only have a range, they have full-fledged ASNs (huge, several ranges).
My IP address is clean, I take all the precautions to prevent outgoing-anything to keep it that way. Unfortunately the ASN has reports on it. My IP address appears indirectly in one out of 100+ of blacklists for which coincidentally the company maintaining it makes provisions to whitelist yourself if you are in such a situation, lucky us affected right? Not really. They’re doing it as a subscription. I thought it was abuse at first, but then I found a page where they politely let your know it isn’t:
PLEASE NOTE THAT THIS IS AN OPTIONAL OFFER ONLY.
YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL, EXTORTION, SCAM OR SIMILAR BULLSHIT.
Source: http://www.uceprotect.net/en/index.php?m=7&s=6
Their reasoning is that I should take it to the service provider for letting their network be the source for spam. While it could be a valid argument, if it really was well-meaning and not an opportunistic capitalization scheme; access to that whitelist should be free. Also, there’s the argument that good hosting providers should really not meddle on what a customer does for better or for worse other than protecting their own networks, and thus the customer.
Like I said, this company UCEPROTECTL3 is only one of a very long list of companies and Cloudflare is clearly listening to them without checking out what’s going on.
As a result I get a lot of these checks, each time they consume a lot of CPU and thus energy. I get one each new tab on the same window.
The worse part is that I’m also a Cloudflare customer. That IP address is registered in four domain names managed by Cloudflare which are clearly not checked at all either before I’m put in this annoying hold. I fear at some point I will be unable to access my own account.
I’ve read Cloudflare is teaming up with Apple for a fix for this which I’m sure will use some “anonymous” identifier, but here’s the thing, and I HOPE Cloudflare IS LISTENING: as a visitor on a site open to the public, I want to remain anonymous as much as possible and a host I don’t want my visitors to think I’m collecting stuff about them (which is why I don’t use the proxy service or CDNs). You shouldn’t need to compromise your privacy to visit a random site where your don’t have to log in.
It’s getting worse and worse…any solution? Any answer? Cloudflare?
I am sorry to hear but I really cannot tell if it’s true or false.
if this is something with Cloudflare, kindly I’d suggest you to write a ticket to the Cloudflare support and share your ticket number here with us so we could escalate your issue.
- Login to Cloudflare and then contact Cloudflare Support by clicking on the Get More Help button. If you get automatic reply, reply and indicate to it you need more help and reference to this topic.
You might be offered to switch to the new Customer Support Portal and create a ticket there.
I believe those services do improve from day to day, which takes time. On one side, it’s good to question and challenge or block, on the other we cannot be sure and cannot know because other customers are trying to protect from this kind of traffic/requests.
May I suggest looking into below article for more additional details in terms related to the Cloudflare Captcha:
Might be they’re known for harmful requests or something similar already since before. Therefore, known by providing VPN service and possibly being listed on some VPN list which was generated by AI & ML at Cloudflare → I cannot say and cannot prove, but just my opinion because I am also blocking individually via IP Access Rules every TOR and VPN hosting provider for which I figured out are being misused in a harmful way for my Websites.
My servers are constantly on the list because the how this “blacklist” works is that they add the whole AS number → equal to the data center → therefore all the servers from the same provider/network somehow endup being listed. However, that doesn’t mean my server IP is blacklisted or sending spam.
Unfortunately, I am in the same position with differnt number of web hosting providers being “blacklisted” on that one particular list.
However, I don’t worry much as far as I consider below cite and I cannot remove my IP despite it isn’t my server IP, rather the whole IP range or ASN provider blacklisted:
UCEPROTECT isn’t a real anti-spam blacklist, its a extortion racket.
They are an illegitimate scam:Fake UCE/UBE (SPAM) blacklist that claims it is a legitimate business. It erroneously lists large network blocks that have never sent SPAM as malicious hosts and provides no way to remove them unless you PAY. This is extortion and not a legitimate service. Its goal is to list as many IPs as possible and therefore extort as much as possible from large cloud providers and ISPs. This ‘service’ doesn’t make the Internet more secure; it is an extortion racket.
Source: UCEPROTECT Blacklist Scam - Anti-Spam Forum
I am sorry to say, but that’s not possible.
If you’d use TOR, you’d lose your nerves because it’s slow.
If you’d use VPNs, you don’t know where you’ll end and through where your data actually goes if you’r concern about privacy.
If you aren’t doing harm or bad things on the Internet, then there is no need for such anonymity from my understanding.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.