hCaptcha DNS issue for mainland China

Maybe try contacting the ISPs with a log of the exact date/time when you encounter the issue. I would make a 24-hour log and present it, see if they can see a pattern in logs on their side.

@hCaptchaSupport It has now been a month since your last post on this thread. Is there any progress in the last month from your internal team? Or any other update on this matter whatsoever? The issue persists.

@hCaptchaSupport Yet another week, no response, and still not resolved.

Gee whiz what a mess of a thread, feel sorry for you op, I am surprised cloudflare haven’t nudged hcaptcha on this, it’s not cloud flare fault however it’s part of their service and seeing this is not good publicity by any means.

Hope you get a resolution doon.

I’m replying now because if I don’t this thread will be automatically closed. Threads on this forum will be automatically closed 7 days after the last reply and in a few hours it’ll have been 7 days. @hCaptchaSupport still haven’t responded, and this issue is still not fixed.

1 Like

We can chime in that this issue is still ongoing. We are a US-based nonprofit, but we have customers in mainland China. We use Google’s recaptcha in part of the signup flow, and recently implemented hCaptcha as an alternative if the visitor is flagged by Cloudflare as from China (the CF_IPCOUNTRY header). However, it doesn’t work in at least 30% of the cases, which kinda makes the purpose of hCaptcha really moot - the free version of Google’s recaptcha works so much better than hCaptcha in terms of functionality. It was the “working in China” that was the main selling point of hCaptcha to us.

2 Likes

@hCaptchaSupport Please give an update on this issue.

As @hCaptchaSupport does not appear to be interested in supporting Cloudflare users, I’m going to ask the engineer on duty if there’s something Cloudflare can do.

4 Likes

We’re still working on it, but this doesn’t have much to do with either hCaptcha or Cloudflare per se: there is a DNS server somewhere in Chengdu that is not resolving the JS subdomain. Opening a ticket with your ISP will likely help get this resolved.

@hCaptchaSupport

「1」 Firstly where you said “somewhre in Chengdu”:

there is a DNS server somewhere in Chengdu that is not resolving the JS subdomain

Its not just a DNS server in Chengdu; I have said a few times in this thread that the issue is mostly limited to Chengdu in my experience but I have encountered it intermittently in the greater Sichuan, and in other cities around China. I have also asked my colleagues/friends around China and abroad to try doing DNS lookups on your domain with mostly success but a few failures producing the same 0.0.0.0 of 127.0.0.1 results I’m seeing. “Abroad” including in Vietnam, Thailand and Hong Kong.

Outside of Chengdu, during testing over months now, there appeared to be times where it would be 100% working for hours/days and then suddenly 100% failures for hours/days. Inside of Chengdu, my test have been only 100% failures for months now.

「2」 Secondly where you said "not resolving the JS subdomain

there is a DNS server somewhere in Chengdu that is not resolving the JS subdomain

It’s affecting hcaptcha.com and sub domains including imgs.hcaptcha.com , newassets.hcaptcha.com , and status.hcaptcha.com .

Opening a ticket with your ISP will likely help get this resolved.

「3」 I have said before that contacting my ISP(s) has just gone around in circles with no outcome. My ISP is both China Telecom, China Mobile, and a T2 ISP for DIA.

As I have mentioned in this thread before, we can easily solve the issue for ourselves by changing to another DNS server on our computers; but that isn’t going to fix the issue for other users unless everybody changes their DNS server settings…good luck teaching people to do that on a mobile cellular connection.

Please stop trying to pass the buck, and take this matter seriously for yourself.

Given it has been so long without this issue being looked at seriously, I’d hope Cloudflare drop you for another Captcha provider as this issue is preventing people from logging into Cloudflare in China WHEN the captcha is asked. We often get asked to fill in a captcha when signing in to Cloudflare but the captcha never loads as shown in the screenshot in the 6th post on this thread (hCaptcha DNS issue for mainland China - #7 by user2765).

Here’s some screenshots of dig, hope it points you in the right direction.







Yes I’m directing to cf-ns/com/net/tech on purpose. I’d already informed you about the results using default DNS servers for China Telecom/Moble/Unicom.

3 Likes

This post was flagged by the community and is temporarily hidden.

As an aside, I’ve personally had similar issues with Google Captcha on bad VPNs (infinitely loops, doesn’t load, etc.) which is why I wouldn’t jump ship just yet. Have you ever tried contacting Google support?

I’ll throw out a new suggestion to our dear @hCaptchaSupport: hardcode a dedicated anycast IP as backup for the < script > request (and the same or other IPs for other subdomain requests). Yes, anycast IPs have their issues; but DNS also has its own issues. (Not sure how great this would be to handle a DDoS, but with the right setup…)

It’s irrelevant why we are getting prompted for a captcha, the issue is about the captcha now loading.

There are 3 scenarios we need a hCaptcha to load, but it doesn’t load:

  1. Trying to login to a website (such as Cloudflare login).
  2. A Cloudflare protected website is in I’m Under Attack mode which requires a captcha to be submitted before you can access the website.
  3. Filling out a website contact enquiry form, or submitting some other kind of form where they are protected from spam by using hCaptcha instead of Google reCAPTCHA.

As you say there may also be times where Cloudflare thinks your connection is attacking them so they’ll prompt you with a captcha more often but thats not the case. We rarely get prompted for hCaptcha in scenario 2 (under attack mode), mostly for scenario 1 (login) and 3 (contact forms).

The reason I posted that screenshot for scenario 2 in the first post of this thread is because I wanted to emphasise that this issue is going to affect any website protected by Cloudflare in I’m Under Attack mode. Users affected by this hCaptcha DNS issue won’t be able to complete the captcha and therefore won’t be able to proceed to the website.

As for websites that use hCaptcha instead of Google reCAPTCHA (this user post hCaptcha DNS issue for mainland China - #46 by ting.qian for example); this might be more common for us since we’re in China and some web developers will automatically set it up to use hCaptcha for China users instead of Google reCAPTCHA. So we might be seeing hCaptcha more often you guy in other regions.

I actually really liked hCaptcha and was happy to see Cloudflare switch over to hCaptcha back then. It’s only since this issue started, the fact they aren’t taking the issue seriously, and that they haven’t fixed it yet which has spoiled my opinion of them.

If hCaptcha took my reporting of this issue seriously right from the beginning when I reported it by email, and if they had fixed the issue promptly, then I would have had an even better opinion of them knowing they can be trusted to listen and act. Unfortunately they try to pass blame, don’t respond, and after months of pushing this matter, it’s still not fixed.

I really hope they can fix it, but I certainly can’t trust them anymore and have had to implement alternatives for captcha’s on our websites.

1 Like