Any answer from CF? I still have this problem!
I rent an IP address from a big name cloud provider. They not only have a range, they have full-fledged ASNs (huge, several ranges).
My IP address is clean, I take all the precautions to prevent outgoing-anything to keep it that way. Unfortunately the ASN has reports on it. My IP address appears indirectly in one out of 100+ of blacklists for which coincidentally the company maintaining it makes provisions to whitelist yourself if you are in such a situation, lucky us affected right? Not really. They’re doing it as a subscription. I thought it was abuse at first, but then I found a page where they politely let your know it isn’t:
PLEASE NOTE THAT THIS IS AN OPTIONAL OFFER ONLY.
YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL, EXTORTION, SCAM OR SIMILAR BULLSHIT.
Their reasoning is that I should take it to the service provider for letting their network be the source for spam. While it could be a valid argument, if it really was well-meaning and not an opportunistic capitalization scheme; access to that whitelist should be free. Also, there’s the argument that good hosting providers should really not meddle on what a customer does for better or for worse other than protecting their own networks, and thus the customer.
Like I said, this company UCEPROTECTL3 is only one of a very long list of companies and Cloudflare is clearly listening to them without checking out what’s going on.
As a result I get a lot of these checks, each time they consume a lot of CPU and thus energy. I get one each new tab on the same window.
The worse part is that I’m also a Cloudflare customer. That IP address is registered in four domain names managed by Cloudflare which are clearly not checked at all either before I’m put in this annoying hold. I fear at some point I will be unable to access my own account.
I’ve read Cloudflare is teaming up with Apple for a fix for this which I’m sure will use some “anonymous” identifier, but here’s the thing, and I HOPE Cloudflare IS LISTENING: as a visitor on a site open to the public, I want to remain anonymous as much as possible and a host I don’t want my visitors to think I’m collecting stuff about them (which is why I don’t use the proxy service or CDNs). You shouldn’t need to compromise your privacy to visit a random site where your don’t have to log in.
It’s getting worse and worse…any solution? Any answer? Cloudflare?
I am sorry to hear but I really cannot tell if it’s true or false.
if this is something with Cloudflare, kindly I’d suggest you to write a ticket to the Cloudflare support and share your ticket number here with us so we could escalate your issue.
- Login to Cloudflare and then contact Cloudflare Support by clicking on the Get More Help button. If you get automatic reply, reply and indicate to it you need more help and reference to this topic.
You might be offered to switch to the new Customer Support Portal and create a ticket there.
I believe those services do improve from day to day, which takes time. On one side, it’s good to question and challenge or block, on the other we cannot be sure and cannot know because other customers are trying to protect from this kind of traffic/requests.
May I suggest looking into below article for more additional details in terms related to the Cloudflare Captcha:
Might be they’re known for harmful requests or something similar already since before. Therefore, known by providing VPN service and possibly being listed on some VPN list which was generated by AI & ML at Cloudflare → I cannot say and cannot prove, but just my opinion because I am also blocking individually via IP Access Rules every TOR and VPN hosting provider for which I figured out are being misused in a harmful way for my Websites.
My servers are constantly on the list because the how this “blacklist” works is that they add the whole AS number → equal to the data center → therefore all the servers from the same provider/network somehow endup being listed. However, that doesn’t mean my server IP is blacklisted or sending spam.
Unfortunately, I am in the same position with differnt number of web hosting providers being “blacklisted” on that one particular list.
However, I don’t worry much as far as I consider below cite and I cannot remove my IP despite it isn’t my server IP, rather the whole IP range or ASN provider blacklisted:
UCEPROTECT isn’t a real anti-spam blacklist, its a extortion racket.
They are an illegitimate scam:
Fake UCE/UBE (SPAM) blacklist that claims it is a legitimate business. It erroneously lists large network blocks that have never sent SPAM as malicious hosts and provides no way to remove them unless you PAY. This is extortion and not a legitimate service. Its goal is to list as many IPs as possible and therefore extort as much as possible from large cloud providers and ISPs. This ‘service’ doesn’t make the Internet more secure; it is an extortion racket.
Source: UCEPROTECT Blacklist Scam - Anti-Spam Forum
I am sorry to say, but that’s not possible.
If you’d use TOR, you’d lose your nerves because it’s slow.
If you’d use VPNs, you don’t know where you’ll end and through where your data actually goes if you’r concern about privacy.
If you aren’t doing harm or bad things on the Internet, then there is no need for such anonymity from my understanding.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
Re-opened due to user request here.
Nothing like that. I’m trying to get in touch with the support for weeks. The way you described will lead me here (to the forum) anyway. There is no such thing for a regular user like me (not the CF customer) to create a support ticket. I tried to e-mail them like 8x to the main support e-mail, all answers are basically automatic nonsense saying that I have to ask (eventually) on the forum. No one (from CF) wants to explain what is going on! That’s the real problem.
You are correct, unfortunately there is no way for non-customers to contact Cloudflare. The correct way to approach this is to contact one of the websites you are having issues with, they can take the RayID you see on the page and check their logs to see why you received the challenge/block. Once you know that it can help figure out where the problem is.
This tip has some general information on common causes, it’s always worth checking your network as sometimes this is caused by something malicious there.
Well, every second site asking me for this security check, I can’t ask them all, right? Isn’t it easier to simply check the source of this issue (Cloudflare)? All those sites (has nothing to do with each other - from all around the world) are using the CF and only CF knows why they have to check me every f (2nd) time I visit some site. Ridiculous. On some sites I have to confirm “secure connection” like 30x a day!!! Once it’s secure and confirmed, WHY should I do this over and over again??!? CF could simply check their lists and say, yep, this IP (or IP range) is there because of this and that. I’m curious if it’s possible to add an IP manually to this kind of blacklist too, because I pissed some guys from very known IT platform?
It would be easier for you but it’s not something that can be done. Cloudflare don’t expose exactly how they work out IP reputation for obvious reasons. Cloudflare also won’t disclose customer details or settings and telling you this could do that. Almost every Cloudflare setup is slightly different, it’s not just ‘checking a list’.
Sorry for deleted, posts, can’t find the “edit” button.
Ok, how would you explain that every 2nd site with CF wants to make my life a bit “better”? Obviously it goes under same scenario, it checks some kind of list and see my IP or my setup and immediately offers a security check procedure.
Not to mention, I got the same security check from sites I didn’t visit for months (or even years!). So it’s not like I abuse the site, the site already consider me as a threat because CF said so.
It could be down to threatscore which is used in a lot of sites security posture but that’s not something we can tell for sure.
I did make a tool a while ago that can tell you what that number is. If you visit threatscore.domjh.com let us know what you see.
Customers can set their security level to different levels which can challenge or block based on this. The default would challenge you if this number is greater than 14. IP Reputation is calculated based on Project Honeypot, external public IP information, as well as internal threat intelligence from the WAF managed rules and DDoS.
Sorry, I had to wait 22hrs becuase of the forum messages limit.
Your Threat Score is: 0
Any other ideas?
While the situation is most likely out of your control, the only realistic way to figure this out is to reach out to a sympathetic site owner where this is happening, and give them the RayID of one of these checks.
It sounds like you were able to get into the threatscore test site without issue, so that particular site isn’t an option.
This is a long thread, and I believe you said you have tried a different browser and incognito mode. And may have answered these as well:
- Does this happen on a different device on your home network?
- Does this happen if you tether your computer to your phone’s WiFi hotspot?
- Does this happen on low-profile sites? (by this, I mean something that’s most likely not an Enterprise-level site. Something like a personal blog, local organization, etc.)
Got in touch with one of the owner. He said he did some adjustments but the annoying “You’ve been blocked” is still there. He can’t help me anymore - his last words. He won’t soft the settings any more. So basically if I want to use his site, I have delete all cookies, log in again and wait for the next sudden “You’ve been blocked”. There is no pattern, it could happen after any click. This is just one example, there are more sites (not that aggressive though) which constantly want to “check” me over and over again.
What browser are you using? Do you have any browser extension?
Firefox, a lot of various extensions - but if that’s the reason, that would be the problem for many other users, right? All extensions are from official FF addon page. I have two different profiles with different sets of extensions - I have the “CF check” problem on both.