Is this working now?

Oh great....

tidbit wrote:someone on irc (first time ahk'er. interested in trying it after I boasted about a feature) just posted this :

(more detailed image in staff section)
the site is up-and-running nice and smooth for me
he's USA, using FF/chrome, cannot access the homepage

Buttflare

I'm not on IRC, but I posted to the Reddit thread, and I started a new thread here (I wasn't aware this thread was site access related). Through work, I have access to 3 IPs in Northern NJ, all Verizon FIOS, and all blocked. I couldn't help notice that the image you posted referenced 'Newark.' I come up Newark as well, so I'm guessing this person is using FIOS also.

If all FIOS users are being blocked, that's a lot of people, imo.

someone on irc (first time ahk'er. interested in trying it after I boasted about a feature) just posted this :

(more detailed image in staff section)
the site is up-and-running nice and smooth for me
he's USA, using FF/chrome, cannot access the homepage

agreed

A quick look at the Reddit threads shows that a large portion are from the time where the AHK website was slow. (https://autohotkey.com/boards/viewtopic.php?f=3&t=28561)
Seems like this Reddit person is suggesting to people that it could be due to cloudflare, but he received nor provides no evidence that it is Cloudflare.
The timing of the complaints suggests it is most likely the same slow-down issue we all experienced.

But how then did he get copies to post? how do we know this isnt the same person? how do we know that this isnt the result of legit blocking

a mod/admin of ahks reddit came on irc and mentioned a lot of people are complaining about cloudflare blocking them lately.
he pinned this topic aswell: https://www.reddit.com/r/AutoHotkey/com ... g_the_ahk/

so that means

PuzzeledGreatly wrote:I just hope this isn't happening to other visitors who are not members.

is in fact happening to other visitors

PuzzledGreatly wrote:This is getting bizarre. I have Smart Referer active, the cf_clearance cookie has expired but I got to this page without any captcha. Previously, if I had Smart Referer active I'd get the captcha and then after completing it I'd get another one in an endless loop. With it disabled I could get through the captcha. After 25 hours the cf_clearance cookie would expire and I'd have to go through the whole captcha process again. I wonder how long this state of grace will last?

Maybe this time your current ISP has assigned you an IP in a "clear" range that CloudFlare trusts enough not to pull the captcha on its users.
Told you to monitor your IP on each connection to narrow down the issue…
BTW, there are several online whois services that offer details on IP ranges.

lol, tank. you troll hahah

the executive committee at cloudflare has pardoned you

This is getting bizarre. I have Smart Referer active, the cf_clearance cookie has expired but I got to this page without any captcha. Previously, if I had Smart Referer active I'd get the captcha and then after completing it I'd get another one in an endless loop. With it disabled I could get through the captcha. After 25 hours the cf_clearance cookie would expire and I'd have to go through the whole captcha process again. I wonder how long this state of grace will last?

That's what I'm afraid of. I use Pale Moon normally on my PC, but don't want to fall into this trap ^^

AFAIK, there's no mobile pale moon.

I might be able to try it if I take my PC to Uni, use their wifi, and use a different Windows profile and browser profile to minimize any association to my normal browser.

Exaskryz wrote:Can you confirm at the moment that with Smart Referer disabled, you are able to login just fine?

I'm curious about testing, but don't want to risk it being a success and then having the same problems you are. I'll at the very least be able to use my smartphone and firefox browser for that addon and hopefully see if it triggers something while I'm on LTE data, to prevent impacting my PC on WiFi.

You would probably have to use Pale Moon too.

Can you confirm at the moment that with Smart Referer disabled, you are able to login just fine?

I'm curious about testing, but don't want to risk it being a success and then having the same problems you are. I'll at the very least be able to use my smartphone and firefox browser for that addon and hopefully see if it triggers something while I'm on LTE data, to prevent impacting my PC on WiFi.

Well it is definitely the Cloudflare settings for this site that are triggering the captcha. I found at least one other site I visit regularly that uses Cloudflare and I've never seen hint of a captcha there. The problem is that Cloudflare is forcing me to go through the captcha process every day even though I am logged in. I don't think that is reasonable. Oh, and did I mention that the captcha process has gotten slower and more long winded. I just hope this isn't happening to other visitors who are not members.

CloudFlare tries to decide whether a certain attempt to connect to a site is harmful or not.
When it isn't sure whether you are human or not it will show a captcha.

So far that's how it works in a simple way. Now it would be bad if there were no optimisations.
If you imagine a DDOS hitting it is basically a lot of computers executing similar code to access a certain site. If it always had to individually decide whether an access is bad or good during such times it would exhaust it's own system and that wouldn't prevent the DDOS.
So in order to make things easier it will try to find a common denominator all these accesses have in common and store that result. It will try to analyze every bit of information about your browser it can get out of it.
Now when you get a Captcha and a plugin prevents CloudFlare from confirimg the result you have basically failed the test of being a good connection. CloudFlare will try to analyze anything that's special about your browser and memorize it to recognize the robot.
Since you failed the captcha so often it thinks that a lot of bots using your request/browser settings access the site and you will get a Captcha more frequently.
( At least that's what I think is happening )

That is neither a problem or fault on our side nor is it a fault of CloudFlare. It's simply impossible to cover all possible use cases - you only cover a certain part that's in scope. With our current ressources you are out of scope.

Maybe - just maybe - you have some other tight settings regarding browser type, OS type or whatever other information a server such as Cloudflare might request from your computer and when the request is denied it goes into paranoia mode and presents you with the captcha.

Another possibility would be for the AHK site to be placed on a higher rank in the list of sites more susceptible to a DDoS attack or whatever, so Cloudflare will check its visitors more thoroughly when they come from red-flagged IP blocks.

Again, this is just an assumption - only someone who knows Cloudflare really really well could confirm or deny.

Thanks, I'll look into the settings you mention, but I don't have issues with cookies from any other site so I'm doubtful. I'd be surprised if the AHK site is the only one I visit that uses Cloudflare but it is the only one that presents me with a captcha every time I do so, hence my remark about my computer being targeted. But my worry is that there may be a significant number of people based in England and Japan that are being blocked by cloudflare and don't get to the site because of the hassle.

Yay