status-resolved Ever-increasing captchas on NP

[eternaldomains]

Lately I keep hitting that Hcaptcha page right after logging in with correct credentials. And it's worse than any other sites, making me repeat it at least 1-2 more times. Plus I have to deal with this again each time if I close my private tabs, even though I'm still on the same connection for the day. Is anyone else getting the same? I hope this won't keep happening too frequently, it's discouraging me from coming here as a member.

 

[Bravo Mod Team]

Hello,

It should be better now.

Here's why it was happening:

I temporarily enabled this over the weekend because we were getting hit with credential stuffing attacks. I intend to disable it today once I finish analyzing the data and ensuring everything is properly blocked.

Learn more:

• https://www.namepros.com/blog/psa-i...d-on-multiple-websites-change-it-now.1230619/

We hope that helps.

 

[Paul]

It should be disabled by this point.

Plus I have to deal with this again each time if I close my private tabs, even though I'm still on the same connection for the day.

That's sort of the point of private tabs. As far as our system is concerned, you're on a fresh session and will be captcha'd again.

 

[Paul]

Lately I keep hitting that Hcaptcha page right after logging in with correct credentials.

You were actually being challenged before it even checked your credentials. It was seeing that you were hitting the login form and didn't have a record that you had passed a captcha recently, since you were using private tabs.

NO! STOP ACCUSING ME OF BEING A ROBOT, YOU !@#$ ROBOT!!!

At the time, it wasn't actually checking anything other than whether people were trying to log in. It's an effective way to slow down bots--and humans, but humans are usually only logging into a single account, whereas these bots were trying to log into tens of thousands. This gives us more time to assess the situation and determine the best response.

I hope this won't keep happening too frequently

Probably not. You may still see a captcha from time to time if we're getting attacked. For the most part, we try to avoid them.

Captchas aren't tied to connections, since it's common for thousands of people to have the same IP address these days, through no fault of their own--it's just a thing ISPs do now. That means each time you close a private session we lose track of whether you've solved a captcha.

it's discouraging me from coming here as a member.

There's not a whole lot we can do about that, unfortunately. The alternative is that we let the credential stuffing attacks go through. We can stop most attacks without needing to resort to captchas, but distributed credential stuffing attacks are difficult, especially when each login attempt comes from a unique residential IP address.

Of course, if everyone had a good password, this wouldn't be an issue. Spread the word and we can ditch captchas: if you know your password, it's a bad password.

 

[Paul]

If you only take away one piece of information from this thread, let it be this: if you know your password, change it now. Don't put it off until it's too late.

Domains are valuable and stolen with the click of a button. Don't risk everything you've worked for.