I see a captcha page but are not blacklisted on ProjectHoneyPot, how do I fix this?

Since last night, when we surf the web home, we keep facing "One more step - Please complete the security check to access www …" to proceed to the site.

It does not matter which browser we are surfing or on what device (Windows/Mac/Iphone/Ipad).

I have contacted my ISP and according to them we do not have a shared IP address. Our IP address does not show any signs problematic activities, not even in the logs. Everything looked good according to them.

I have found out that it is related to Cloudflare. The web page somehow detects all our devices from our IP-address as potential bots or other malicious software and wants us to verify that we are humans.

I have read this article: https://support.cloudflare.com/hc/en-us/articles/203366080-Why-do-I-see-a-captcha-or-challenge-page-Attention-Required-trying-to-visit-a-site-protected-by-Cloudflare-as-a-site-visitor-

My conclusions to the problem-solving guide:

  1. Our IP address is not blacklisted on ProjectHoneyPot, however I have tried to whitelisted it anyway. It has not helped.

  2. If I take a device from my network to a different network (another IP-address but from the same country) the validation screen is gone. Take it back to my network and the validation screen is back. Conclusion, it is related to our IP-address and we can rule out the country ban.

  3. We are trying the same sites from a PC with Windows, a Mac with MacOS, an Ipad and an Iphone. The validation screen turns up on all of them so this should rule out “your actions are triggering a Web Application Firewall rule”. All we try to do is to surf the web with a web browser. Antivirus software also seems pointless because all the device in our network can not possible been infected by malicious code. The validation screen turns up on all devices.

I am running out of options on how to solve it. I am really start to think that we are affected by some error in Cloudflare. What can we do to fix this?

Please help me!

Cloudflare has its own IP reputation system, as well as using data from various other IP reputation networks. Unless it shows as blacklisted/bad on Honeypot, whitelisting it there won’t do anything.

Cloudflare only responds to threats detected on domains customers use it on - there are rarely any false positives. Maybe one of your IoT devices was used in a botnet, a rogue app or piece of malware is being used in a botnet, or someone did, in fact, perform malicious activity from your IP (maybe from a Guest WIFI network or In-Real-Life attack).

Best I can say is ensure everything is secure - run malware scanners, check for rogue ethernet devices/LAN turtles, and use Wireshark or another network analyzer to see if anything devious is happening on your network. Cloudflare support generally can’t change IP address reputation, so after a few months with no malicious activity your IP reputation will be back to normal and you won’t receive captchas.


Thanks for the answer.

I am following up on all your recommendations but to pinpoint where to look it would be useful to get some information from Cloudflare. Information such as when and where did we get blacklisted, and what sort of activity resulted in a blacklisting. Anything else is like looking for a needle in a haystack even for a fairly IT-oriented person like me. I would assume that the ultimate goal for Cloudflare would be to void the Internet of malicious code, not just simply blacklisting people.

Av smart service would let med install a software on my device that I register into with my e-mail address. This software could monitor my public IP-address on a specific network and periodically report it to Cloudflare. If Cloudflare gets any alerts on any malicious activities from my IP-address I would immediately get a mail from them with as much information as possible. This way I would get a chance to handle it and Internet would be a better place.

At a very least, it would make sense if I could fill out a form at Cloudflare where I enter my IP- and e-mail address, and then a report would be mailed to me with what type of activities (when, where and why) got me backlisted.

I really don’t mind the captcha so much but I do mind wondering if my network now is infected with something. With Computers, Iphones, Ipad, Xbox, Smart TVs, Sonsos, Apple TVs, Chrome Casts, Network Printers, NAS and WiFi connected on/off switches etc it really becomes close to impossible to find the source to the problem.

Is there anything else I can do to find the source of the blacklist?

1 Like

This topic was automatically closed after 14 days. New replies are no longer allowed.