Getting captcha incessantly

Forums › Geekzone › Getting captcha incessantly

1 | 2

freitasm

BDFL - Memuneh
80657 posts

Uber Geek
+1 received by user: 41064

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2586434 16-Oct-2020 21:31

Jase2985:

@freitasm you need to update your blurb at the bottom of the forum

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Different services. The Cloudflare captcha is presented when Cloudflare identify a possible threat in the form of a browser session that might be bot driven.

I use the Google reCAPTCHA in some pages - login, registration, private message to make sure only humans use those pages - and I do this regardless of what Cloudflare thinks about the visitor.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#2596699 3-Nov-2020 00:07

I have also been asked to select any boxes containing bicycles/trains/fire hydrants/traffic lights etc at least twice in the past week.

freitasm

BDFL - Memuneh
80657 posts

Uber Geek
+1 received by user: 41064

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2596700 3-Nov-2020 00:50

Same computer or device both times?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Rikkitic

Awrrr
19071 posts

Uber Geek
+1 received by user: 16317

Lifetime subscriber

#2596768 3-Nov-2020 08:58

freitasm:

Different services. The Cloudflare captcha is presented when Cloudflare identify a possible threat in the form of a browser session that might be bot driven.

I would be interested to know how that determination is made. I have also been getting more captchas than usual, though not too many, and this usually happens when I post a reply, same computer, same session, nothing unusual that I can see. What makes it think that my response might be coming from a bot?

Plesse igmore amd axxept applogies in adbance fir anu typos

networkn

Networkn
32871 posts

Uber Geek
+1 received by user: 15464

ID Verified

Trusted

Lifetime subscriber

#2596810 3-Nov-2020 09:50

Is it possible to "geo" these queries? The chances of a hacker/attack within NZ is pretty low. If you made it so that only <NZ> got queried ?

freitasm

BDFL - Memuneh
80657 posts

Uber Geek
+1 received by user: 41064

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2596814 3-Nov-2020 09:55

Security should be a "trust no one" by design and let pass those that are authorised. If we clear the way for New Zealand only you'd soon see people using VPNs - or those banned trying to bring the site down because they are automatically inside the "trusted geo".

And believe me, there are some dickheads that try.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

MikeAqua

8031 posts

Uber Geek
+1 received by user: 3820

#2596817 3-Nov-2020 10:00

I find captcha triggers if I let a part written post sit idle for a long time. For example if I stop halfway through writing a post, to do something else and finish writing it say 30 minutes later, captcha will trigger.

Mike

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#2597334 4-Nov-2020 00:03

freitasm: Same computer or device both times?

Yes.

richms

29104 posts

Uber Geek
+1 received by user: 10219

Trusted

Lifetime subscriber

#2597345 4-Nov-2020 02:24

Rikkitic:

I would be interested to know how that determination is made. I have also been getting more captchas than usual, though not too many, and this usually happens when I post a reply, same computer, same session, nothing unusual that I can see. What makes it think that my response might be coming from a bot?

Built up with tracking across other sites you use and similar. If you are a compulsive cookie blocker and similar than you look much more untrusted so will receive a lot more challenges to prove you're human. That will usually set some cookies so you don't get them again for a while, They will never publish how exactly it is determined and when it does get reverse engineered by the bad actors they will have moved on to other methods.

Richard rich.ms

freitasm

BDFL - Memuneh
80657 posts

Uber Geek
+1 received by user: 41064

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2597370 4-Nov-2020 08:05

As above. And yes, the "I am human" cookies are set for a week - if you clean cookies every time you close your browser or on a schedule, plus how you move around other sites will be signals used to determine the need to show a captcha.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

MikeAqua

8031 posts

Uber Geek
+1 received by user: 3820

#2597378 4-Nov-2020 08:46

So cleaning cookies is bad now?

I thought the best approach was to deal to all cookies apart from an exception list of sites you want to stayed logged into?

Mike

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

freitasm

BDFL - Memuneh
80657 posts

Uber Geek
+1 received by user: 41064

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2597380 4-Nov-2020 08:50

MikeAqua:

So cleaning cookies is bad now?

I thought the best approach was to deal to all cookies apart from an exception list of sites you want to stayed logged into?

A blanket approach is bad. Assuming all cookies are bad simply doesn't work. We simply don't know how things really interact. Someone wants to clean social network tracking? Sure, go for it (I logged out of Facebook and deleted all related cookies). Want to delete known personal-based tracking? Yes, fair. But then there are cookies that are used for security, session control, etc.

As above, if a computer is logged into a network/ISP/VPN known for abuse, but passes a captcha, how are security services to know this specific machine passed, if not storing a piece of verifiable information - a cookie?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

MikeAqua

8031 posts

Uber Geek
+1 received by user: 3820

#2597399 4-Nov-2020 09:34

freitasm:

MikeAqua:

So cleaning cookies is bad now?

I thought the best approach was to deal to all cookies apart from an exception list of sites you want to stayed logged into?

A blanket approach is bad. Assuming all cookies are bad simply doesn't work. We simply don't know how things really interact. Someone wants to clean social network tracking? Sure, go for it (I logged out of Facebook and deleted all related cookies). Want to delete known personal-based tracking? Yes, fair. But then there are cookies that are used for security, session control, etc.

As above, if a computer is logged into a network/ISP/VPN known for abuse, but passes a captcha, how are security services to know this specific machine passed, if not storing a piece of verifiable information - a cookie?

Thanks for the explanation. Can you advise the correct domain to allow an exception for to avoid deleting the Captcha cookies?

Mike

freitasm

BDFL - Memuneh
80657 posts

Uber Geek
+1 received by user: 41064

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2597408 4-Nov-2020 09:39

Hmmm. Good question - I would recommend you look at Dev Tool (CTRL-SHIFT-I on your browser) when looking at Geekzone - then click the Application tab and look at Storage / Cookies. The domains are mainly geekzone.co.nz and cloudflare.com really.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

MikeAqua

8031 posts

Uber Geek
+1 received by user: 3820

#2597423 4-Nov-2020 09:50

freitasm:

Hmmm. Good question - I would recommend you look at Dev Tool (CTRL-SHIFT-I on your browser) when looking at Geekzone - then click the Application tab and look at Storage / Cookies. The domains are mainly geekzone.co.nz and cloudflare.com really.

OK, thanks. Geekzone is already on my exception list.

Mike

1 | 2