PuzzledGreatly, when you say "running in safe mode" what exactly do you mean? Is it the browser that's running in such mode (no extensions etc.) or is it the operating system itself? Because in case it's the latter you should check (and temporarily, at least, disable) any resident application that may tamper with the Internet connection, such as some antivirus suites (that just protect the rich guys not the average user).
However, if I recall correctly you said earlier before that you had same problems on different computer(s) connected to different ISP(s) so this problem may spread across multiple variables such as browser, OS, provider, town, country. We're still far away from pinpointing the issue other than the hunch of it being Cloudflare's fault.
Google Captcha Terror
Re: Google Captcha Terror
Part of my AHK work can be found here.
- PuzzledGreatly
- Posts: 1320
- Joined: 29 Sep 2013, 22:18
Re: Google Captcha Terror
I'm using Pale Moon, select help > restart with add ons disabled. The dialogue refers to that as Safe Mode. I don't consider it safe as the browser is essentially naked. Running in this manner without any extensions does NOT solve the problem. It merely allows me to complete the captcha. If I run my browser normally and allow all scripting and requests for the site then I'm stuck in an endless loop with one captcha after another. This started about five days ago. I'm positive it is Cloudflare as it sets the cf_clearance cookie. With this cookie I can get straight through to the site. Without it I see the captcha. I tried editing the cookie to extend it beyond the hour and a day it gives me but that didn't work. This morning although I had the cookie I still got the captcha. After running in "safe mode" the cookie's date was reset. What will happen is that cookie will expire and I'll be confronted with the whole mess all over again. I think something is up with Cloudflare. Why is it forcing me to run a naked browser and why does it ignore the date of Its own cookie? It would be helpful if someone else from England or Japan could comment on what cookies they are seeing and whether they have been challenged by Cloudflare. Who else has this cf_clearance cookie? This is beyond frustrating.
Re: Google Captcha Terror
So in fact you are facing a double challenge:
- browser (through some extension) blocks captcha/cookie validation
- location is permanently red-flagged for Cloudflare
Strange that both your Britain and Japan locations are red-flagged.
For the validation you'll have to tinker with your extensions, see which one is blocking access. Either disable all and enable one at a time testing AHK access, or disable them one by one and retry accessing AHK. Tedious work, I know.
As you probably noticed I'm not living in either England or Japan so unfortunately can't help with cookies. For what it's worth there's no cf_clearance for me (as I've already posted my set of cookies sometime earlier in this topic). Frustration is something I understand very well, I'm sorry you have to live through al this.
- browser (through some extension) blocks captcha/cookie validation
- location is permanently red-flagged for Cloudflare
Strange that both your Britain and Japan locations are red-flagged.
For the validation you'll have to tinker with your extensions, see which one is blocking access. Either disable all and enable one at a time testing AHK access, or disable them one by one and retry accessing AHK. Tedious work, I know.
As you probably noticed I'm not living in either England or Japan so unfortunately can't help with cookies. For what it's worth there's no cf_clearance for me (as I've already posted my set of cookies sometime earlier in this topic). Frustration is something I understand very well, I'm sorry you have to live through al this.
Part of my AHK work can be found here.
- PuzzledGreatly
- Posts: 1320
- Joined: 29 Sep 2013, 22:18
Re: Google Captcha Terror
I don't think my extensions are blocking the captcha. If I allowed all the scripting and referrals the captcha would work. But around five days ago what happens now is after the captcha clears and I get the green tick I'm presented with captacha process all over again from scratch in an infinite loop. No updates on my PC so I think the change is with Cloudflare. It's almost as if the mere presence of certain extensions is enough to trigger the block. I suppose I could try and pinpoint particular extensions Cloudflare doesn't like but this is beginning to feel like victimization. What's really galling is that Cloudflare is setting a clearance cookie that terminates after 25 hours. What's with that?
Re: Google Captcha Terror
What I said was that certain extension(s) may block the captcha validation, not the process itself of seeing/interacting with the captcha. That is, the response the captcha script is sending to the (Cloudflare or AHK?) server gets blocked or corrupted.
It might help if you could list all your extensions, no matter how insignificant they may appear to be. Personally I have an extension called "about: addons-memory" which lists all addons on a dedicated page. Then I have "Screengrab (fix version)" which can take a screenshot of the entire web page.
However, the listing itself wouldn't help much as individual addon settings may differ greatly from user to user.
As for the idea of "the mere presence of certain extensions" being the trigger I kinda doubt that but theoretically it's possible. However I could compare your listing with mine and eliminate the common ones that I have no problems with.
From a logical standpoint the clearance cookie is like a limited-age passport. It says you're OK for now but at some point it may not be you using that IP so whoever is using it at that point should pass the test again to get new clearance. This shows your IP ranges are definitely red-flagged in the Cloudflare database and it's unlikely to be cleared permanently anytime soon.
The Internet is not what it used to be anymore. I've had my share of navigating "troubled" waters back then and it all seemed like a large ocean of knowledge. Not anymore for some time already - it's been transformed into small seas with narrow policed canals (if any) that allow passage from one sea to another. That's the reality and the "freedom" of the 21st century, my friend…
It might help if you could list all your extensions, no matter how insignificant they may appear to be. Personally I have an extension called "about: addons-memory" which lists all addons on a dedicated page. Then I have "Screengrab (fix version)" which can take a screenshot of the entire web page.
However, the listing itself wouldn't help much as individual addon settings may differ greatly from user to user.
As for the idea of "the mere presence of certain extensions" being the trigger I kinda doubt that but theoretically it's possible. However I could compare your listing with mine and eliminate the common ones that I have no problems with.
From a logical standpoint the clearance cookie is like a limited-age passport. It says you're OK for now but at some point it may not be you using that IP so whoever is using it at that point should pass the test again to get new clearance. This shows your IP ranges are definitely red-flagged in the Cloudflare database and it's unlikely to be cleared permanently anytime soon.
The Internet is not what it used to be anymore. I've had my share of navigating "troubled" waters back then and it all seemed like a large ocean of knowledge. Not anymore for some time already - it's been transformed into small seas with narrow policed canals (if any) that allow passage from one sea to another. That's the reality and the "freedom" of the 21st century, my friend…
Part of my AHK work can be found here.
- PuzzledGreatly
- Posts: 1320
- Joined: 29 Sep 2013, 22:18
Re: Google Captcha Terror
After testing by disabling extensions it seems that cloudflare doesn't like Smart Referer (version 0.0.11). With this disabled I can allow scripting with NoScript and RequestPolicy to load and pass the captcha and get the cf_clearance cookie. I tried using Cookie Manager to change the cf_clearance cookies expiry date but the cookie still times out. It looks like cloudflare is specifically targeting my computer with the AHK site. Regarding the canals it's less policing and more like militarized occupation.
Re: Google Captcha Terror
yep its just you cloudflare had an executive meeting and said fragg this guy in particular
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
Re: Google Captcha Terror
Good, you found the culprit for one part of the bigger issue. That's a step forward. Personally I've never used that extension so can't say anything about its usage, but its description on the Mozilla Addons page says "You can whitelist domains with wildcards and configure other things, look in the preferences page of the addon in the addon manager" so you'd have to look there and change some settings if you want to keep using it.PuzzledGreatly wrote:After testing by disabling extensions it seems that cloudflare doesn't like Smart Referer (version 0.0.11). With this disabled I can allow scripting with NoScript and RequestPolicy to load and pass the captcha and get the cf_clearance cookie. I tried using Cookie Manager to change the cf_clearance cookies expiry date but the cookie still times out. It looks like cloudflare is specifically targeting my computer with the AHK site. Regarding the canals it's less policing and more like militarized occupation.
There are settings regarding the lifetime of cookies in Pale Moon's options and there may be more advanced options if you install Pale Moon Commander. There are also settings regarding sending the referer, în Tools > Advanced options > Security > Privacy (the advanced options are provided by Pale Moon Commander). Maybe you should tinker with those settings a bit. But don't touch the Ciphers tabs or bad things may happen. I've enabled all of them instead of using the defaults and couldn't access my profile and settings in WordPress anymore afterwards. So be careful what you change, maybe get screenshots of the defaults for each tab and subtab and test thoroughly.
As for Cloudflare specifically targeting your computer… c'mon, you have to admit it's too far stretched.
You may be right with the canals though. Either way it doesn't make us feel safer, but more oppressed. Oh well…
Part of my AHK work can be found here.
Re: Google Captcha Terror
Yay
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
- PuzzledGreatly
- Posts: 1320
- Joined: 29 Sep 2013, 22:18
Re: Google Captcha Terror
Thanks, I'll look into the settings you mention, but I don't have issues with cookies from any other site so I'm doubtful. I'd be surprised if the AHK site is the only one I visit that uses Cloudflare but it is the only one that presents me with a captcha every time I do so, hence my remark about my computer being targeted. But my worry is that there may be a significant number of people based in England and Japan that are being blocked by cloudflare and don't get to the site because of the hassle.
Re: Google Captcha Terror
Maybe - just maybe - you have some other tight settings regarding browser type, OS type or whatever other information a server such as Cloudflare might request from your computer and when the request is denied it goes into paranoia mode and presents you with the captcha.
Another possibility would be for the AHK site to be placed on a higher rank in the list of sites more susceptible to a DDoS attack or whatever, so Cloudflare will check its visitors more thoroughly when they come from red-flagged IP blocks.
Again, this is just an assumption - only someone who knows Cloudflare really really well could confirm or deny.
Another possibility would be for the AHK site to be placed on a higher rank in the list of sites more susceptible to a DDoS attack or whatever, so Cloudflare will check its visitors more thoroughly when they come from red-flagged IP blocks.
Again, this is just an assumption - only someone who knows Cloudflare really really well could confirm or deny.
Part of my AHK work can be found here.
Re: Google Captcha Terror
CloudFlare tries to decide whether a certain attempt to connect to a site is harmful or not.
When it isn't sure whether you are human or not it will show a captcha.
So far that's how it works in a simple way. Now it would be bad if there were no optimisations.
If you imagine a DDOS hitting it is basically a lot of computers executing similar code to access a certain site. If it always had to individually decide whether an access is bad or good during such times it would exhaust it's own system and that wouldn't prevent the DDOS.
So in order to make things easier it will try to find a common denominator all these accesses have in common and store that result. It will try to analyze every bit of information about your browser it can get out of it.
Now when you get a Captcha and a plugin prevents CloudFlare from confirimg the result you have basically failed the test of being a good connection. CloudFlare will try to analyze anything that's special about your browser and memorize it to recognize the robot.
Since you failed the captcha so often it thinks that a lot of bots using your request/browser settings access the site and you will get a Captcha more frequently.
( At least that's what I think is happening )
That is neither a problem or fault on our side nor is it a fault of CloudFlare. It's simply impossible to cover all possible use cases - you only cover a certain part that's in scope. With our current ressources you are out of scope.
When it isn't sure whether you are human or not it will show a captcha.
So far that's how it works in a simple way. Now it would be bad if there were no optimisations.
If you imagine a DDOS hitting it is basically a lot of computers executing similar code to access a certain site. If it always had to individually decide whether an access is bad or good during such times it would exhaust it's own system and that wouldn't prevent the DDOS.
So in order to make things easier it will try to find a common denominator all these accesses have in common and store that result. It will try to analyze every bit of information about your browser it can get out of it.
Now when you get a Captcha and a plugin prevents CloudFlare from confirimg the result you have basically failed the test of being a good connection. CloudFlare will try to analyze anything that's special about your browser and memorize it to recognize the robot.
Since you failed the captcha so often it thinks that a lot of bots using your request/browser settings access the site and you will get a Captcha more frequently.
( At least that's what I think is happening )
That is neither a problem or fault on our side nor is it a fault of CloudFlare. It's simply impossible to cover all possible use cases - you only cover a certain part that's in scope. With our current ressources you are out of scope.
Recommends AHK Studio
- PuzzledGreatly
- Posts: 1320
- Joined: 29 Sep 2013, 22:18
Re: Google Captcha Terror
Well it is definitely the Cloudflare settings for this site that are triggering the captcha. I found at least one other site I visit regularly that uses Cloudflare and I've never seen hint of a captcha there. The problem is that Cloudflare is forcing me to go through the captcha process every day even though I am logged in. I don't think that is reasonable. Oh, and did I mention that the captcha process has gotten slower and more long winded. I just hope this isn't happening to other visitors who are not members.
Re: Google Captcha Terror
Can you confirm at the moment that with Smart Referer disabled, you are able to login just fine?
I'm curious about testing, but don't want to risk it being a success and then having the same problems you are. I'll at the very least be able to use my smartphone and firefox browser for that addon and hopefully see if it triggers something while I'm on LTE data, to prevent impacting my PC on WiFi.
I'm curious about testing, but don't want to risk it being a success and then having the same problems you are. I'll at the very least be able to use my smartphone and firefox browser for that addon and hopefully see if it triggers something while I'm on LTE data, to prevent impacting my PC on WiFi.
Re: Google Captcha Terror
You would probably have to use Pale Moon too.Exaskryz wrote:Can you confirm at the moment that with Smart Referer disabled, you are able to login just fine?
I'm curious about testing, but don't want to risk it being a success and then having the same problems you are. I'll at the very least be able to use my smartphone and firefox browser for that addon and hopefully see if it triggers something while I'm on LTE data, to prevent impacting my PC on WiFi.
Recommends AHK Studio
Re: Google Captcha Terror
That's what I'm afraid of. I use Pale Moon normally on my PC, but don't want to fall into this trap ^^
AFAIK, there's no mobile pale moon.
I might be able to try it if I take my PC to Uni, use their wifi, and use a different Windows profile and browser profile to minimize any association to my normal browser.
AFAIK, there's no mobile pale moon.
I might be able to try it if I take my PC to Uni, use their wifi, and use a different Windows profile and browser profile to minimize any association to my normal browser.
- PuzzledGreatly
- Posts: 1320
- Joined: 29 Sep 2013, 22:18
Re: Google Captcha Terror
This is getting bizarre. I have Smart Referer active, the cf_clearance cookie has expired but I got to this page without any captcha. Previously, if I had Smart Referer active I'd get the captcha and then after completing it I'd get another one in an endless loop. With it disabled I could get through the captcha. After 25 hours the cf_clearance cookie would expire and I'd have to go through the whole captcha process again. I wonder how long this state of grace will last?
Re: Google Captcha Terror
the executive committee at cloudflare has pardoned you
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
Re: Google Captcha Terror
lol, tank. you troll hahah
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
Re: Google Captcha Terror
Maybe this time your current ISP has assigned you an IP in a "clear" range that CloudFlare trusts enough not to pull the captcha on its users.PuzzledGreatly wrote:This is getting bizarre. I have Smart Referer active, the cf_clearance cookie has expired but I got to this page without any captcha. Previously, if I had Smart Referer active I'd get the captcha and then after completing it I'd get another one in an endless loop. With it disabled I could get through the captcha. After 25 hours the cf_clearance cookie would expire and I'd have to go through the whole captcha process again. I wonder how long this state of grace will last?
Told you to monitor your IP on each connection to narrow down the issue…
BTW, there are several online whois services that offer details on IP ranges.
Part of my AHK work can be found here.
Who is online
Users browsing this forum: No registered users and 13 guests