New captcha (hCaptcha) not working

Hi everyone,

I’m having trouble on my website. I’ve been targeted by some mysterious botnet that randomly hits for relatively short periods but enough to completely crash my website.

I followed this guide here to enable a captcha for every single request and then basically whitelist everything I was sure of was safe, since everytime they change country/IP/anything to get around specific firewall rules.

However, now I noticed since a few days it seems there is a new captcha called hCaptcha in stead of the Google reCaptcha. I noticed since this change, with every spike my site goes down still completely.

As you can see in the image below all requests are presented with a captcha but still my site goes down almost instantly.

Is there any way to prevent this? Are there settings to change the captcha back to reCaptcha? Or is there some additional I am not aware of?

Do you have the captcha challenge enabled site-wide? Perhaps they’re hitting multiple areas of the site (captcha protected and unprotected areas).

If attacks are able to avoid / pass the captcha challenge (with hCaptcha) this is very scary indeed.

This topic was automatically closed after 14 days. New replies are no longer allowed.