All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Why has cloudflare suddenly come to dominate captcha anti-bot/spam arena and don't you hate it?
user3028938
Member
It seems within just a few months cloudflare suddenly overtook recaptcha to become the default anti-spam check on websites.
I mean it is kind of better as you don't have to do some stupid test and it just decides if you may pass or not but also it is annoying for that too because sometimes it fails you, or me anyway, and the spinner just gets stuck endlessly and that pretty much means I am not allowed to access the site.
My isp uses shared ips so lots of times I will be banned while never having been on a site!
Lol! So ironic that when I try and post this message I am greeted by the message:
You have posted 1 times within 240 seconds. A spam block is now in effect on your account. You must wait at least 600 seconds before attempting to post again.
Comments
I've used other captcha services, not just Google, not just hCaptcha, etc., from my experience personally CloudFlare Turnstile is the easiest to deal with as a website visitor.
I'm blessed that I have a static IP from my ISP so I don't have to deal with shitty IP reputation from shared IPs though.
Also if you're having problem on a specific website it could be a misconfigurations/script issue on the website end, or if it's more it could be a browser extension blocking some script.
The end is something something...
It's so incredibly frustrating. I'm the type that will enter the URL of a site then go to a new tab to continue to do something, then go back to the tab with the new site only to see it stuck at the Cloudflare captcha page. Happens all the time when going to InternetBS. So it interrupts my work flow as I now have to sit there for a few seconds and let it pass judgement on me.
It's free (even if you're pushing hundreds of gigabytes of bandwidth), means your low-end provider won't ban you if someone tries a shitty DDoS, and AI scrapers are currently insane and knocking sites down so if you have a dynamic site that people actually use you probably need some kind of protection.
Jail. Straight to jail. No questions asked. Jail.
It's sad that this is the best they've been able to come up with, and that sites are apparently so heavy and bandwidth so expensive, that they can't handle some spurious traffic. Instead, they put the burden on legitimate visitors.
Better than fucking Google Captcha
just look at your logfiles, the amout of bot traffic and "scanning" is so extreme now that there is no alternative.
Why i have to waste 10minutes to solve a google captcha. Like seriously why it have to be so sensitive, missing a single corner of 1pixel mean you are a bot and have to do it again.
hCaptcha is better than Google Captcha but sometime you still waste 3-5 minutes on it just because some guy in same residence line doing some abuse.
Cloudflare Captcha is the best one, it never block me, just a single click and im pass.
Oh you just reminded me of something I hate much more...how AI is taking over everything which is causing extreme cynicism in the internet userbase at large which makes people accuse other real users of being AI at the first hint of anything they find disagreeable.
That is only one effect, another is the one you mention. It is like as soon as humanity finds some new technology they find a way to make use it to their detriment rather than for good.
Worth its own thread, but I better not 'spam' the forum. Two posts already this morning.
Social media would be the other great 'advance' in recent years which has made society worse.
POW is a better solution compared with human verification. I know a WAF called Anubis works in that way, and seems nice.
CloudFlare captcha bans all countries itself!
CloudFlare captcha is a great shit!
I tried other solutions, including CCP's captcha solutions (Alibaba & Tencent have their own captcha solution)
and holys#t its really bad.
turnstile is the way to go unfortunately.
meanwhile I am getting random anime girls as recaptcha
According to Tavis Ormandy, Anubis isn't effective, as you can generate solutions for 11 thousand Anubis deployments in 6 minutes using a free Google Cloud VM. https://lock.cmpxchg8b.com/anubis.html. Also, I think that by default, Anubis whitelists some useragents like Googlebot, so you can easily bypass it if you were an AI scraper. Anubis is for the most part pointless IMO. Plus I find it funny how for a while they used AI-generated artwork while being so anti-AI. Not to mention that they use GitHub for code hosting, which is owned by Microsoft, and we all know how interested Microsoft is regarding AI.
Loving turnstile. 🥰
Anubis is weak protection but it's self-hostable and open source, and apparently works enough that sites are using it. At some point high-effort scrapers will probably kill it but right now it works to prevent AI scrapers from taking down sites.
They make it very hard to pass unless you use a residential IP, or allow yourself to be fingerprinted and tracked all across the web (in ways much more sophisticated than cookies). The easier it is to pass, the more Cloudflare knows everything about you and has already predetermined that you're not a bot.
Same goes for Recaptcha, which is why when using e.g. a Tor exit node, you can solve a captcha 10x times correctly and not pass. They know you're a tor exit (by IP and other metrics), and purposely give you tons of captchas to train their vision AI for free. They know after the first answer you've answered correctly, but would rather milk you for 9 more free training sessions before hitting you with "we've seen too much suspicious traffic from this network" or such.
Once you switch back to your normal browser and turn off the VPN, bend over, and say "ok mr google/cloudflare, I give up", they'll let you access the content you wanted, and add another row to your permanent record that they hold about you.
Cloudflare protects government websites, banks, etc nowadays and MITMs something like 20% of web traffic, while losing hundreds of millions per year. It's basically a way for the powers that be to fund making surveillance easier by deliberately making the web inaccessible to people trying who care about privacy, and centralising "secure" communication through a few small companies who sell your data to brokers and give it to police without a subpoena.
agree with this.
Also, Bing is now using cloudflare captcha when you search using following search parameter
site:lowendtalk.com
From August I've started seeing this captcha on Bing.
do your best to punish sites using captchas by not using them, if at all possible.
it's interesting how much of the internet lives behind cf. scary, but interesting. we'll pay for this shit eventually but until then yay cloudflare i guess.
Recaptcha works in China if you follow Google’s instructions and use recaptcha.net instead of google.com.
Do not dazzle me with this lingo. POW is proof of work? I only know it from crypto jargon. How does it apply here?
Yes they can simply tell by scraping the list of exit nodes but the rest about 'training their AI' sounds like conspiracy talk? What evidence is there for that? I thought they will just fail you infinitely just like the cloudflare endless spinner for users that 'fail'.
I did that at first when it was just odd things like a stack exchange answer I could look up on some independent site but now it is becoming so ubiquitous, hence my reason for making the post, that I don't see that as practical to boycott all sites that use it.
It is like the new recaptcha which was equally hard to avoid. That means you are not able to do online shopping on many sites, a lot of internet banking, many day to day things like that.
Some of the original CAPTCHAs by Google was literally snippits of scanned book pages that you were transcribing for them.
CAPTCHA as a training mechanism isn't anything too new.
That is a strawman argument there.
Just cos it happened sometime before in one instance does not lend proof to the current case.
I'm not saying they don't still do it now but the example given does not seem relevant to that.
I find that https://github.com/41Baloo/balooPow is much better, just enabling it with a reverse proxy with a specific difficulty when under attack, the difficulty depending on the attack size. It does mean that bots are able to pass with certainty, but it makes it very expensive for them to do so.
You do have to do your own implementation of this this though, sadly. Nothing built for you other than the challenge.
https://nodesty.com is a good example of this, although they also do a simple invisible cookie challenge, which in itself will filter out most bots. This is also only enabled when under attack. I suggest you replicate their setup if you want to actually filter out some bots. Browser based bots are still going to solve the PoW, of course. You are going to need to implement something like a JS challenge to detect those.
It's kind of better, never stuck in loop yet
The google captcha, is pure cancer.
Everytime I see that or a fkn cookie banner, ask me to uncheck 100 boxes, I just close the tab.
Except I really, really have to login.
The web evolved in a world where AI predator bots did not exist, most sites are unprepared to mount a proper defense and in desperation their owners just try anything.