hCaptcha DNS issue for mainland China

Hi

We are based in mainland China. We often have issues logging into our Cloudflare account due to hCaptcha failing to load, when we try to login we get an error about missing the hCaptcha.

The hCaptcha fails to load in every regard due to its DNS queries either failing, or returning 127.0.0.1 from China Telecom and China Mobile default DNS servers.

The hCaptcha failing to load also happens on any website protected by Cloudflare and has a challenge before entering the site. It happens on any website using hCaptcha to protect their enquiry forms for example. And the hCaptcha website itself also fails to load.

I reported this issue to hCaptcha back in June and they confirmed the issue exists but said:

“it appears this issue is only affecting a small percentage of requests for two ISPs in China: one segment of China Mobile and one segment of China Telecom.”

I don’t know what method they are using to gauge the percentage of users affected by this issue in mainland China because in the time following my reporting of this issue and the 2 month prior I have tested this issue on at least 100 devices of friends, family and colleagues with 100% of them being affected. I’ve also reached out to colleagues in other provinces to do a probe of hcaptcha.com DNS with the same results.

Everyone in our office is affected by this issue, at their homes, on their mobile data, and on every network we’ve tried.

We can easily fix this issue for ourselves by changing the DNS configured to our devices however that won’t fix the issue for the end users in mainland China who are also affected by this issue.

This is something that needs to be reported to hCaptcha. Not sure what can really be done here except tagging @hCaptchaSupport

You could also report it to those ISPs as it sounds like something on their end

Like I said in the post that I have reported it to hCaptcha and they acknowledge the issue exists but they haven’t fix it.

You mentioned reporting this in June. It’d be good to nudge them about it if you haven’t done so lately.

Hello,

All of our monitoring locations in mainland China show normal behavior. If you’re still seeing this, please open a ticket via [email protected] with your public IPv4 + IPv6 IP(s) and the upstream DNS servers you’re using.

www.hcaptcha.com IPs were previously on a third party service that had recent (service-wide) issues with China reachability, but that subdomain has been rerouted and currently works as expected in China, according to e.g. China Firewall Test - Test if Any Site is Blocked in China and Free Website Speed and Performance Testing | Dotcom-Tools. This should not have affected API or JS resources, however.

I did open a ticket last month which went back and forth for 7 days with no resolution. You acknowledged there was an issue:

“it appears this issue is only affecting a small percentage of requests for two ISPs in China: one segment of China Mobile and one segment of China Telecom.”

And a few days later said its definitely not your end:

“we’re looking into it, but it’s definitely not on our end”

And finally you tried to push the enterprise option as a work-around for our site/app integrations but doesn’t solve the issues experienced on Cloudflare’s integration:

“becoming an enterprise customer you could simply use our first-party hosting option, which makes this irrelevant”

@hCaptchaSupport

@hCaptchaSupport …?

Please open a ticket via [email protected] with your public IPv4 + IPv6 IP(s) and the upstream DNS servers you’re using; that screenshot doesn’t show either piece of info, unfortunately.

@hCaptchaSupport As stated in my initial post, I had already spent a week going through your support ticket process with no outcome. I’m raising this issue publicly now. Communicate with me here.

@user2765 Sure, but we’ll still need your public IPv4 + IPv6 IP(s) and the upstream DNS servers you’re using. If you don’t want to post your IP(s) publicly, then please post the /24.

Are you saying that after a week of back and forth with this person in your support channel, you didn’t get any of this information?

1 Like

I don’t know the DNS sorry. Every time I call them to ask the question just goes in circles with no answer.
The DNS is whatever is default for the network. As said before that if we change the DNS server then it fixed the issue.

IPv4 are:

  • 117.136.64.67
  • 125.70.168.152
  • 110.188.94.24
  • 222.210.61.221
  • 223.104.215.19
  • 223.104.215.68
  • 139.207.195.124
  • 171.93.161.212
  • 110.188.95.121
  • 171.93.155.95
  • 223.104.216.5

No IPv6

We got “information” but no resolution to the issue.
hCaptcha acknowledged that an issue exists:

“it appears this issue is only affecting a small percentage of requests for two ISPs in China: one segment of China Mobile and one segment of China Telecom.”

But the issue wasn’t solved, other than shifting the blame to the ISP

“we’re looking into it, but it’s definitely not on our end”

Or asking us to upgrade to an enterprise plan as a workaround for our websites, but that doesn’t solve the issue experienced on other websites (such as Cloudflare) who use use hCaptcha:

“becoming an enterprise customer you could simply use our first-party hosting option, which makes this irrelevant”

Thank you. If you’re not familiar with how to look up your DNS server then please try: http://www.whatsmydnsserver.com/ and report the results here. This info will also generally be displayed in your wireless router after login.

If you’d like to send over the ID of the support ticket you opened, that would also be useful. Sounds like the person who replied may have misunderstood what you were asking, so we’ll flag it for training.

This info will generally be displayed in your wireless router after login.

I did try checking the router but the information wasn’t displayed there. It was not useful information for you as the DNS was a operator address on 100.x.x.x

Besides that, it’s only the network at our office, not only the network at each of our homes, but also all of our mobile phones and every friends & colleagues phone we’ve tried.

Here’s the results from http://www.whatsmydnsserver.com/ but keep in mind the results from such tools cannot be accurate.





@hCaptchaSupport Heres some more network IPs we’re having the issue on:

  • 117.136.63.48
  • 117.136.63.72
  • 171.216.206.18
  • 223.104.216.9
  • 117.174.14.252

And another screenshot from the DNS checker website, but keep in mind my last comment about it.
6

@hCaptchaSupport …?

Thanks, looks like we can’t test that name server from outside of the network, but we’ve reached out to their DNS admins to open a ticket.