Getting lots of CAPTCHA since 01/21/2019


#21

Yes only sites protected by Cloudflare is causing this issue.


#22

In fact I can’t get past the CAPTCHA on https://support.cloudflare.com/hc/en-us

Every time I check “I am not a Robot” it shows me a CAPTCHA page again. Frustrating.


#23

Yep! Same with me…

:cry:


#24

Seems like I am off the Blacklist. Not seeing CAPTCHA’s anymore. I did not do anything.


#25

Hi @gopipal, really sorry for the issues with this, I know it is frustrating. You got it right, waiting a few days helps, here are some other ideas, Community Tip - Best Practices For Captcha Challenges.


#26

This whole thread seems to imply that IPs can be the sole reason for a Cloudflare Captcha challenge being shown. But CF has introduced recently Firewall Rules, which gives website owners a lot of flexibility in defining what to Challenge (Captcha), JS Challenge or Block.

Before Firewall Rules were announced, site admins could already require a captcha to be shown for specific IPs or IP ranges, ASN, User-Agent, and Country.

Also, by using Page Rules, a website could set a lower or higher security level for its different sections.

Now with Firewall Rules, a website can combine multiple elements. For instance, I could set my website to show a captcha for users

  1. coming from country US and threat score greater than 30; or
  2. coming from outside US and threat score greater than 10; or
  3. coming from countries RU or CN and a threat score greater than 0; or
  4. coming from UA representing old or odd browsers

While arbitrary, any such filters in Firewall Rules set by website admins could be responsible for visitors seeing more captcha pages. While the idea is to bar bots and malicious actors, there will always be some unintended targets. And since we don’t (and won’t) know how the threat score is calculated (see hint below), there’s little one can do to mitigate a situation where an individual IP is being challenged, other than request that the site owner whitelist the IP.

I don’t know if this will help, but from reading some CF tweets I understand that resolving the captcha reduces the threat score of any given IP. (And, I deduce, abandoning a page after being shown a captcha may increase the threat score associated with your IP)


#27

Hi @gopipal! This is also the case at my side! Suddenly no CAPTCHA’s anymore.
Maybe some more testing could be applied to changes in the CF configuration(s) at customer website side and on CF side :thinking:

Well, all seems to be resolved at my side. Thank you all for your help!


closed #28

This topic was automatically closed after 14 days. New replies are no longer allowed.