Are you seeing captchas? Here's the reason

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › Geekzone › Are you seeing captchas? Here's the reason

freitasm

BDFL - Memuneh
81026 posts

Uber Geek
+1 received by user: 41896

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#324953 18-Jun-2026 14:42

Over the last few hours, we've seen an increase in requests from New Zealand ISPs.

For comparison, here's the last seven days of requests to Geekzone. You can see the unusual increase today:

These are the top five ISPs during the period from 6AM to 2PM today:

The top three seem to always be in that position, being the largest ISPs in the country. But this seems to be seven times more requests than usual for the same period in other days.

Then Mercury and Starlink appear, when they usually are just a blip.

Looking at the traffic and the IP address distribution, I believe there is a bunch of compromised devices in New Zealand, probably the usual suspects: malware-infested Android streaming boxes bought from AliExpress and cheap routers. These are usually remote-controlled and rented out to companies (good or bad) wanting to use residential IPs to crawl websites or initiate an attack.

So I've enabled captchas on Geekzone. Blame the people who plug these devices into the network.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

freitasm

BDFL - Memuneh
81026 posts

Uber Geek
+1 received by user: 41896

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3504793 20-Jun-2026 10:08

This is a chart for the last seven days, direct from our logs (not from Cloudflare). You can see the New Zealand traffic around 18 June is not the largest one, with a spike 13 June that was much larger. That previous spike was not driven from New Zealand IP addresses.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

boosacnoodle

1409 posts

Uber Geek
+1 received by user: 946

#3504825 20-Jun-2026 12:33

Aren't you using Cloudflare? Shouldn't they be picking this up automatically? Either way, it's really odd.

freitasm

BDFL - Memuneh
81026 posts

Uber Geek
+1 received by user: 41896

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3504881 20-Jun-2026 12:54

boosacnoodle:

Aren't you using Cloudflare? Shouldn't they be picking this up automatically? Either way, it's really odd.

Yes, and no.

It's not a DDoS. It's coming from multiple different IP addresses, and it doesn't look like bot traffic. So I set up Cloudflare custom rules to filter traffic based on a set of conditions unique to Geekzone. That's why the spikes disappear.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

geek3001

341 posts

Ultimate Geek
+1 received by user: 520

ID Verified

Subscriber

#3504978 21-Jun-2026 09:09

All good.

The Capture process seems to add barely a second to the initial connection to the site while it decides whether it likes me or not.

Tinkerisk

4953 posts

Uber Geek
+1 received by user: 3899

#3505106 21-Jun-2026 18:44

edit: wrong category

Qui nihil scit, omnia credere debet. - He who knows nothing must believe everything.
Firewalls do NOT stop dragons. Really not!
I avoid Big Tech. They try hard to dictate technology and „culture“ across borders.
In effect we have everything to hide from someone, and no idea who „someone“ is.

richms

29295 posts

Uber Geek
+1 received by user: 10383

Trusted

Lifetime subscriber

#3505108 21-Jun-2026 18:51

Do you know what device it is that is doing it yet? I have extensive chinese tat on my connection here and have not had any captcha issues.

Richard rich.ms

AliExpress

Shop now on AliExpress (affiliate link).

freitasm

BDFL - Memuneh
81026 posts

Uber Geek
+1 received by user: 41896

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3505109 21-Jun-2026 18:59

We are not doing captchas for specific devices or connections. But there's a chance that any China-sourced streamer will have malware installed from the origin. Check the link I posted in the OP.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

turtleattacks

1026 posts

Uber Geek
+1 received by user: 312

Trusted

#3505110 21-Jun-2026 19:19

This is a worthy watch. https://www.youtube.com/watch?v=apEPPKYgLL0

TL:DW: Streaming or photo frame devices may be infected with malware.

----

Creator of whatsthesalary.com and whatstheincometax.com

insane

3332 posts

Uber Geek
+1 received by user: 1012

ID Verified

Trusted

2degrees

Subscriber

#3505111 21-Jun-2026 19:36

It's not something like Sam knows or similar monitoring system now running a check or crawl of GZ?

Can you see the user agent?

freitasm

BDFL - Memuneh
81026 posts

Uber Geek
+1 received by user: 41896

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3505112 21-Jun-2026 19:38

The volume of requests, variety of IPs, the clustering around a few ISPs and the consistent use of standard User Agents indicate these are likely compromised devices.

Again based on volume it's more likely routers or streaming boxes. I don't believe there are enough photo frames in New Zealand to justify this spread.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

nztim

4087 posts

Uber Geek
+1 received by user: 2793

ID Verified

Trusted

TEAMnetwork

Subscriber

#3505115 21-Jun-2026 20:12

This is when been on a smaller ISP helps I am with Sky (Hybrid resold 2degrees with their own ASN) not had a challenge

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

HP

Shop now for HP laptops and other devices (affiliate link).

freitasm

BDFL - Memuneh
81026 posts

Uber Geek
+1 received by user: 41896

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3505116 21-Jun-2026 20:32

Nothing to do with ISP. There are conditions in place.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

News and reviews »

D-Link A/NZ Launches GaN Charger Range
Posted 12-Jun-2026 09:25

New Amazon Kindle Scribe Range Now Available in New Zealand
Posted 12-Jun-2026 09:19

OPPO Watch X3 Launches in New Zealand
Posted 5-Jun-2026 17:01

Blink Debuts Its First 2K Video Doorbell
Posted 4-Jun-2026 15:45

Spark Launches Verified Call to Help Combat Rising Impersonation Scams
Posted 4-Jun-2026 06:00

GoPro MISSION 1 Series Cameras and Accessories Now Available on Retail Shelves
Posted 3-Jun-2026 15:56

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Support Geekzone »

You can support Geekzone with a one-off or recurring donation via PressPatron.

RSS feeds: Main feed; Forums feed

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Status Page

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright