Getting lots of CAPTCHA since 01/21/2019

Thanks for your swift answer!

I checked this:
77.174.xxx.yyy is not listed in the SBL

77.174.xxx.yyy is not listed in the PBL

77.174.xxx.yyy is not listed in the XBL

So, not listed as a malicious IP-address… :thinking:
What next step to take?:face_with_raised_eyebrow:

Anyone out there?

This should cover most lists.
https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3A24.56.226.180&run=toolpage

Thanks @Withheld!

I checked it rightaway:

blacklist:77.174.xxx.yyy[Monitor This]

Checking 77.174.xxx.yyy against 95 known blacklists…
Listed 0 times with 5 timeouts

It seems my IP is behaving perfectly :+1:

More ideas?

Again: thank you @Withheld!!

And BTW, why is Cloudflare giving me this message?

Something went wrong (but it’s not your fault)

You were visiting a Cloudflare customer’s website, and something went wrong. Don’t worry, it’s not your fault. If the problem isn’t resolved in the next few minutes, it’s most likely an issue with the web server you were trying to reach.

Cloudflare protects websites by sitting in front of Internet requests, and we work with website owners and hosting providers to identify underlying problems in their server configuration.

This message is displayed when you click on the
image
at the bottom of the “One more step” page preceeding the website I want to visit…

Is there something wrong Cloudflare?? And what is it??

When I go to that link and click on the PBL blacklist it shows the following message

24.56.224.0/21 is listed on the Policy Block List

My IP is 24.56.226.180. Also when I try to remove it the page says the PBL is not a blacklist and if you’re not running email software you should not remove IPs. https://www.spamhaus.org/pbl/removal/

Very confusing.

What’s the website? maybe everyone will get the captcha?

@gopipal: glad you’re still following this thread! All is so confusing…

@Withheld: It is a normal webshop in the Netherlands: www.conrad.nl

When I open up my VPN (presenting another IP) I do not get the “One more step” page!

For me going to www.feedly.com I get CAPTCHA and a few other sites. This issue started happening since around Jan 21st, 2019, 7pm Pacific Time. I don’t remember doing anything weird on my devices at that time.

I also get captcha when I go to www.conrad.nl

@gopipal: I can access the website without any problem. So, it is a per IP-address problem.

What I also see is that, when you finish the CAPTCHA correctly, you are (sometimes) granted to access the website, but all formatting of the site is lost!

Sorry @gopipal! I was wrong: I cannot access the feedly.com website. It is also shielded by CAPTCHA!
(I have now some Privacy Pass tokens in my browser).
Probably only (some) Cloudflare protected websites are bothering us…

The IP 24.56.224.0/21 is listed on the Policy Block List is my provider Wave Broadband. So that is on the PBL

Yes only sites protected by Cloudflare is causing this issue.

In fact I can’t get past the CAPTCHA on https://support.cloudflare.com/hc/en-us

Every time I check “I am not a Robot” it shows me a CAPTCHA page again. Frustrating.

Yep! Same with me…

:cry:

Seems like I am off the Blacklist. Not seeing CAPTCHA’s anymore. I did not do anything.

Hi @gopipal, really sorry for the issues with this, I know it is frustrating. You got it right, waiting a few days helps, here are some other ideas, Community Tip - Best Practices For Captcha Challenges.

This whole thread seems to imply that IPs can be the sole reason for a Cloudflare Captcha challenge being shown. But CF has introduced recently Firewall Rules, which gives website owners a lot of flexibility in defining what to Challenge (Captcha), JS Challenge or Block.

Before Firewall Rules were announced, site admins could already require a captcha to be shown for specific IPs or IP ranges, ASN, User-Agent, and Country.

Also, by using Page Rules, a website could set a lower or higher security level for its different sections.

Now with Firewall Rules, a website can combine multiple elements. For instance, I could set my website to show a captcha for users

  1. coming from country US and threat score greater than 30; or
  2. coming from outside US and threat score greater than 10; or
  3. coming from countries RU or CN and a threat score greater than 0; or
  4. coming from UA representing old or odd browsers

While arbitrary, any such filters in Firewall Rules set by website admins could be responsible for visitors seeing more captcha pages. While the idea is to bar bots and malicious actors, there will always be some unintended targets. And since we don’t (and won’t) know how the threat score is calculated (see hint below), there’s little one can do to mitigate a situation where an individual IP is being challenged, other than request that the site owner whitelist the IP.

I don’t know if this will help, but from reading some CF tweets I understand that resolving the captcha reduces the threat score of any given IP. (And, I deduce, abandoning a page after being shown a captcha may increase the threat score associated with your IP)

3 Likes

Hi @gopipal! This is also the case at my side! Suddenly no CAPTCHA’s anymore.
Maybe some more testing could be applied to changes in the CF configuration(s) at customer website side and on CF side :thinking:

Well, all seems to be resolved at my side. Thank you all for your help!

This topic was automatically closed after 14 days. New replies are no longer allowed.