IT.COM

Cloudflare captcha false positives

Spaceship Spaceship
Watch
J

Jurgen Wolf

standforUkraine.comTop Member
VIP
★★★★★★★★★★
Impact
11,954
I get captcha even when I visit NamePros using fresh browser (without any cookies).
To skip this annoying procedure - I banned CloudFlareInsights.com in my dnsmasq.
 
Last edited:
Click to expand...
Reply
2
2 Thanks
0 Like
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Sort by date Sort by points
Jurgen Wolf said:
I get captcha even when I visit NamePros with fresh browser (without any cookies).
To skip this annoying procedure - I banned CloudFlareInsights in my dnsmasq.
Click to expand...

That's unrelated. The captcha in question here isn't from Cloudflare and can't be bypassed if you intend to log in.
 
Click to expand...
Reply
2
2 Thanks
0 Like
•••
I'm talking about the captcha: human or robot...
It asks me daily, when I turn on my PC and visit NamePros.
I banned it.
 
Last edited:
Click to expand...
Reply
2
2 Thanks
0 Like
•••
Yes, this captcha is originated by CloudFlare.
I must confirm that I'm not a robot...
I must select all airplane pictures for example (1st popup), then it asks me to select them again (2nd popup)...
Then it allows me to visit NamePros.
 
Last edited:
Click to expand...
Reply
2
2 Thanks
0 Like
•••
Jurgen Wolf said:
Yes, this captcha is originated by CloudFlare node.
Click to expand...

That's not the one on the login form; I attached a screenshot of the login captcha. You can't block the one on the login form--it won't even try to authenticate you if you do.

You shouldn't be seeing a Cloudflare captcha, so I'd appreciate if you could DM me more info.
 

Attachments

  • upload_2021-9-17_12-59-31.png
    upload_2021-9-17_12-59-31.png
    138.5 KB · Views: 56
Last edited:
Click to expand...
Reply
3
2 Thanks
1 Like
•••
I have no complaints regarding your login captcha.
The annoying captcha is the only one by CloudFlareInsights.com
When you visit NamePros for the 1st time without cookies. At least from Ukraine.
 
Last edited:
Click to expand...
Reply
1
1 Thanks
0 Like
•••
Jurgen Wolf said:
The annoying captcha is the only one by CloudFlareInsigts.com
When you visit NamePros for the 1st time without cookies. At least from Ukraine.
Click to expand...

That shouldn't be happening, so I'd appreciate if you could DM me with details, such as when you last saw it. That sounds like a false positive.

Cloudflare Insights isn't related to the Cloudflare captcha anyway, and blocking it wouldn't have any effect. There's probably something else going on there. That's off-topic for this thread, though, so please DM me about it. I suspect there's an issue with one of our firewall rules that's meant to stop a particular attack from a UA datacenter; it's probably a bit too sensitive.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
And again...
I see it daily, if CloudFlareInsights.com domain is not banned.
When it is banned - this script doesn't execute, so I don't see it.
 
Click to expand...
Reply
1
1 Thanks
0 Like
•••
Other reply moved to https://www.namepros.com/threads/epik-may-have-had-a-major-breach.1252094/page-21#post-8397979

Jurgen Wolf said:
And again...
I see it daily, if CloudFlareInsights.com domain is not banned.
When it is banned - this script doesn't execute, so I don't see it.
Click to expand...

That's probably just a coincidental correlation. I made a test firewall rule that will display the captcha if you visit https://www.namepros.com/?cloudflare-captcha-test=1. If you can bypass it without solving it or using Privacy Pass, something is very wrong. Otherwise, I'm fairly certain there's something else going on that's triggering a false positive, and I would very much appreciate if you would DM me, open a support request, or start a thread in the feedback forum.
 
Last edited by a moderator:
Click to expand...
Reply
2
1 Thanks
1 Agree
0 Like
•••
I have nothing to add for you in DM.
All info is provided above.
Some script from CloudFlareInsights.com is executed when I visit NamePros after I turn on my PC.
It is also visible in Chromium Developer tools.
So I banned this domain/script.
 
Click to expand...
Reply
1
1 Thanks
0 Like
•••
Jurgen Wolf said:
I have nothing to add for you in DM.
All info is provided above.
Some script from CloudFlareInsights.com is executed when I visit NamePros after I turn on my PC.
It is also visible in Chromium Developer tools.
So I banned this domain/script.
Click to expand...

I can see that you were successfully presented with the captcha when you visited the link I posted previously.

If you'd like to contribute to security at NamePros, I would very much appreciate your help tweaking the firewall rule that's triggering when you visit NamePros with no cookies.
 
Click to expand...
Reply
2
1 Thanks
1 Agree
0 Like
•••
Disconnect.me extension also blocks the mentioned script/tracker from CloudFlareInsights.com
No annoying human/robot captcha when I use this extension.
This is another way to skip it without ban at DNS level.
 
Last edited:
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Paul said:
I can see that you were successfully presented with the captcha when you visited the link I posted previously.

If you'd like to contribute to security at NamePros, I would very much appreciate your help tweaking the firewall rule that's triggering when you visit NamePros with no cookies.
Click to expand...
1. Yes.
2. You may move all posts about this annoying captcha/tracker to another thread.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Jurgen Wolf said:
2. You may move all posts about this annoying captcha/tracker to another thread.
Click to expand...

Thanks. :)

I'd really appreciate your help making it less annoying--not just because false positives are annoying, but also because they're a sign that we may not be blocking attacks as effectively as we could be. Those particular firewall rules are meant to target very specific requests and should not be flagging humans under normal circumstances.
 
Click to expand...
Reply
2
2 Thanks
0 Like
•••
@Paul
Today I got login captcha from start - just when I clicked "Log in or Sign up"...
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Click to expand...
Reply
2
2 Thanks
0 Like
•••
Log in or sign up to reply here.

Similar threads

Thasreefa P M
Seeking Help : Unauthorized Sale On Afternic
0 replies
334 views
Thasreefa P M
Thasreefa P M
Kostas
Dan.com - Problem with landing pages
2
49 replies
3K views
Mister Funsky
Mister Funsky
DataSN
Brandbucket name servers issue? Domains are not redirecting to domain sales page
9 replies
585 views
Future Sensors
Future Sensors
Acroplex
  • Article
information Top Topics: Sell without escrow? Dot .in untradeable, says NIXI; Dan lander issues; Domainer guilt; Big dogs to fight in court
0 comments
2K views
Acroplex
Acroplex
ryan87
Domain reclassified as premium. I need advice.
2 3 4
87 replies
5K views
namegulf
namegulf

We're social

Escrow.com

New posts

Auction activity

Domain Recover

What non .com extensions have you sold in 2024?

Polls of interest

Popular this week

Community favorite

Popular this month

Blog favorites

  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back