URL in Attention Required! page


#1

http://noabcla.com/cultured.php?userid=7 in any places (with tag style=“display:none” + text anchor “table” or without anchor and text) in source on “Attention Required! | Cloudflare”

Have you been hacked or this is a developer trick?
Someone by this method is trying to search weight of those who blocked the search engines themselves to forward


Attention Required! page hacked or it cloudflare SEO links?!
#2

Now when open with tor browser =
in source
<div class=“cf-column”> <h2 data-translate=“why_captcha_headline”>Why do I have to complete a CAPTCHA?</h2> <a href=“http://noabcla.com/cultured.php?userid=7”></a> <p data-translate=“why_captcha_detail”>Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.</p> </div>

when check with any online services (who blocked) =
link in any other place


#3

It is not quite clear to me what your question is. Can you rephrase that?


#4


Look: <a href=“http://noabcla.com/cultured.php?userid=7” style=“position: absolute; top: -250px; left: -250px;”></a>


#5

Site source by http://watson.addy.com/nph-watson5.cgi (Attention Require - because from bocked ip)
Again 62 <div style=“display:
none;”><a href=“http://noabcla.com/cultured.php?userid=7”>table</a></div&


Who add it to “Attention Required! | Cloudflare” Page?

Look at the code that generates this page, it can be hacked


Attention Required! page hacked or it cloudflare SEO links?!
#6

That link does not come from Cloudflare. Considering you seem to get it from different sites I’d even rule out some customised error page (even though that should have been unlikely anyhow). At this point I’d run a full malware scan on your machine, respectively check if there are any other network components which might have been compromised (router, proxy, etc.).


#7

https://ru.semrush.com/info/noabcla.com ! not on different sites - only on error page from cloudflare . and all services it this. Search systems too (if blocked).


#8

Run a full malware scan and check out your other components too.


#9

It’s definitely not my system and systems that I have a lot to check - different
The fact is that code is inserted into your page.
Moreover, as I see the links are different, which are inserted there for search engines

On other site =
66 <a
href=“http://purpleisp.net/frozentalented.php?more=0” style=“display: none;”>table</a>

On madsoft.ru
for any sites = any other links for seo … No custom pages… Not PRO domains.


#10

Well, the captcha page does not include these links. Are these your sites? Why can you rule out that it is your system?


#11

Pass it on to those who are engaged in security, as this has either been hacked.
Either your coders found earnings.

Yes madsoft.ru my


#12

Can you configure a test URL that always triggers a captcha?

Otherwise you can only contact support. I am pretty confident that is not a Cloudflare issue though.


#13

Because I have several of systems to check, with different operating systems + a bunch of virtual servers in different countries => traffic spoofing


#14

Again, can you configure a test URL which triggers a captcha?


#15

Can’t because I have a list setting. IP for all sites
And apparently Firewall Rules does not work with white lists


#16

I am not sure what you mean. All you need to do is configure a firewall rule with some inexistent dummy path that triggers a captcha.

(http.request.uri.path eq "/dummypath") and a captcha as action should be sufficient.


#17

madsoft.ru/123 - work

*but not for me ( in white lists )


#18

I can try add new cloudflare account and add any domain for look it on other accounts


#19

Got the captcha but no such link

What does http://madsoft.ru/cdn-cgi/trace say?


#20

Other account, because can’t send more replyes (16 hour block for first day limit…)
fl=19f61
h=madsoft.ru
ip=51.255.25.*
ts=1541493376.037
visit_scheme=http
uag=Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
colo=CDG
spdy=off
http=http/1.1
loc=FR
tls=off
sni=off

Look all text in source - not only footer - random places for link…