Mahlon Otero
asked on
Incessant Cloudflare CAPTCHAs
I have a client who is getting Cloudflare CAPTCHAs on almost every single site they visit. It is limited to the network, because as soon as I connect my laptop to the network I start getting them as well.
They used to have a static IP address, but recently switched to dynamic. This seemed to help for a time, but now the CAPTCHAs are back. I've also run a virus scan on all the computers, & nothing came up. Do you have any ideas on what might be causing this issue?
They used to have a static IP address, but recently switched to dynamic. This seemed to help for a time, but now the CAPTCHAs are back. I've also run a virus scan on all the computers, & nothing came up. Do you have any ideas on what might be causing this issue?
I haven’t seen that before, but I am seeing a couple of cases like this in the CloudFlare support community. Most were advised to contact the ISP directly as a next step to troubleshoot further, but also raising a CloudFlare support ticket if the ISP cannot help identify the cause of the behavior changes. I would recommend doing that raising cases on both sides to the ISP and CloudFlare.
It seems you have already tried their virus scan tip, but there are a few others:
It seems you have already tried their virus scan tip, but there are a few others:
there were some news sites (https://www.sozcu.com.tr one of them) that was always asking for captcha for me...
I informed site owners... and after a while it is gone!
maybe they removed captcha or changed settings, not sure...
but I did not do anything!
I informed site owners... and after a while it is gone!
maybe they removed captcha or changed settings, not sure...
but I did not do anything!
What services do you get from cloudfare? Filtering, scanning on firewall, check your service on their portal and whether your settings are the cause post switch from static to dynamic.
@arnold it is not him using Cloudflare but the sites he connects to using Cloudflare captcha seems like he might have stumbled upon a previously banned ip address from his isp
Cloudflare, in my own experience, likes to challenge dynamically allocated IPs on consumer ISP CIDR blocks. I/M/O this is done by CIDR blocks instead of IP addresses as I have been sitting on the same (dynamically allocated) IP address for the last year but still get challenged from time to time.
Cloudflare is "proactive" about challenging Tor or VPN connections.
I think there's little that can be done about the first case other than complain to your ISP. The owners of a /16 block have some leverage against Cloudflare; individuals don't. Complaining to web site managers probably will be ineffective because that site signed up with Cloudflare specifically for the purpose of aggressive, proactive protection against intruders.
Side note: Anyone using a Tor browser or a VPN must expect to see additional challenges and CAPTCHAs. (Trying a goofle search from a Tor connection usually results in six pages of CAPTCHAs followed by a denial anyway.) The Tor and VPN CIDR blocks are well-known and well-known for causing problems, thus are challenged or outright denied more often.
Cloudflare is "proactive" about challenging Tor or VPN connections.
I think there's little that can be done about the first case other than complain to your ISP. The owners of a /16 block have some leverage against Cloudflare; individuals don't. Complaining to web site managers probably will be ineffective because that site signed up with Cloudflare specifically for the purpose of aggressive, proactive protection against intruders.
Side note: Anyone using a Tor browser or a VPN must expect to see additional challenges and CAPTCHAs. (Trying a goofle search from a Tor connection usually results in six pages of CAPTCHAs followed by a denial anyway.) The Tor and VPN CIDR blocks are well-known and well-known for causing problems, thus are challenged or outright denied more often.
As Dr. Klahn said, CloudFlare tends to repeatedly challenge residential IPs or any VPN connection.
Said differently, each time your client's IP changes, then they will get CAPTCHA challenges for every site using CloudFlare.
The only way to fix this is for client to disable their VPN (likely reason), which is unacceptable... so... your client will likely just have to live this this nonsense.
Said differently, each time your client's IP changes, then they will get CAPTCHA challenges for every site using CloudFlare.
The only way to fix this is for client to disable their VPN (likely reason), which is unacceptable... so... your client will likely just have to live this this nonsense.
These CAPTCHAs are a result of suspicious activity from your IP address or the IP address range you’re part of. I am thinking (at stretch) many routers have vulnerabilities that allow attackers to use them in a botnet, often using it to perform DDOS attacks without your knowledge which ends up getting your IP address blacklisted or ruins your IP reputation. Maybe powering down the router or any network devices that gets you the internet to refresh the IP range to get a non-blacklisted IP address.
Thanks David, the asker on behalf of their customer said since they changed their IP from static to dynamic, they are having this issue. Presumably the impact of this issue is that they are required to interact with a site that is cloudflare hosted/protected.
I deny dussgestion deals with if this is the customer's own site to deal/check whether they can address it.
If this is someone else's site, there is little they can do as noted by others.
I deny dussgestion deals with if this is the customer's own site to deal/check whether they can address it.
If this is someone else's site, there is little they can do as noted by others.
ASKER
Thank you all for the help. For additional clarification, we are using a Watchguard Firebox T35-W for the firewall & are not currently using a VPN. The CAPTCHA seems to be appear on the majority of sites we visit. I also checked our IP address to see if it was blacklisted & it is not.
Lastly, we were having this issue WITH a static IP which is why we switched to dynamic. Everything worked for a few days, but then the issue started again.
Lastly, we were having this issue WITH a static IP which is why we switched to dynamic. Everything worked for a few days, but then the issue started again.
Could you point some public sites where you were prompted with the captcha and for what purpose it says you are prompted?
Could you check whether cloudflare is not integrated into your watchguard setup
And is being triggered by internal issues?
Could you check whether cloudflare is not integrated into your watchguard setup
And is being triggered by internal issues?
on the watchguard are you using ssl inspection? https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/https/https_proxy_contentinspection_c.html
ASKER
I have determined the issue is the Watchguard firewall but I'm not sure why. I'm looking further into it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Understanding Cloudflare Challenge Passage (Captcha)
https://support.cloudflare.com/hc/en-us/articles/200170136maybe your issue is one of them...