Google Captcha challenges increasingly annoying

Zero Trust Gateway
1

Hello,

I have filed a support request about the increasing frequency of google captcha challenges against our static gateway egress IP addresses. The answer is that our users have to complete the captchas but that is not helping. I do understand this is google’s responsibility ultimately and that this occurs with other ZTNA vendor solutions.

Our user base of hundreds has been hit with a spate of Meris Botnet captcha challenges. That seemed to subside and now this week it’s standard google captcha challenges. While this may be a Google problem the last hop is cloudflare. Our VIPs are becoming increasingly annoyed by these challenges and the onus falls back on our department. I have been told the solution of “solve the captchas” is unacceptable. This puts me in a very difficult position personally and is distracting from other critical responsibilities. This will ultimately result in the discontinuation of Cloudflare if our stakeholders get any more fed up. They are considerably irked up at present.

I will also raise this with google as we are workspace customers. i know their answer will not be helpful. that said, there has to be a better way of ensuring continuity of service to google properties through cloudflare gateway.

thanks for listening. -A

1 Like
5

We also have this issue; the Meris botnet warning from Google, and being blocked from various websites like https://www.reuters.com/ by Cloudflare.

I have checked our IP’s reputation on https://www.projecthoneypot.org/home.php and found nothing.

It would be very helpful to have the data implicating our IP so I can track down whatever is causing it.

6

Hey Peter,

I get the impression google is classifying this traffic as meris driven due to the large amount of traffic egress-ing from one or two IPs consistent with a botnet attack. The advice is to have your users complete the captchas but that’s kind of a bummer. I don’t know how much IP reputation figures into their calculus.

Other destinations are either blocking by netblock or another manner of traffic inspection (proxy or VPN countermeasures?). A “fix” is to split tunnel the traffic but that’s not a great solution from a security perspective.

I’ve had luck hassling some vendors about this when the destination is for business purposes but YMMV. we have been getting blocked by spirit.com for the past few months but it’s easier to have the user disable WARP than add new rules for seldom used services.