Getting excessive captcha challenges from Cloudflare? Post here!

  Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Post Reply
keith Offline
Team-Kodi Member
Posts: 1,435
Joined: Sep 2007
Reputation: 17
Location: SF, CA
Post: #1
If you're getting a page like below excessively:

[Image: jcbvD5L.png]

Please let us know! We have implemented Cloudflare as a CDN/Firewall in front of our sites, but because of the amount of code being posted, sometimes a code block is similar to one that an exploit uses, so it triggers a challenge. We've tried to tweak it as much as possible, but if you're continually receiving them, please post here so we can investigate.

We will need the IP, or just post if you're the person having the issue directly after having the issue and the admin can look up your IP, provided it's the same IP as the one having the issue.

I will be made this post sticky.
(This post was last modified: 2016-10-01 11:55 by keith.)
find quote
Ned Scott Offline
Banned
Posts: 31,461
Joined: Jan 2011
Location: Arizona, USA
Post: #2
Is there any way to just turn off that kind of protection? At least for the wiki? I understand protecting against DDOS's and using CloudFlare as a CDN, but protecting against these kinds of text string exploits should just be a happy bonus, and not a burden. It's happening more and more on the wiki, and there users don't even have the option of using a captcha. They're just flat out blocked, and they don't know why. It happens with totally benign text that doesn't even contain code snippets.

If I'm lucky, someone will ask me about it because they know how to contact me directly, but most people don't do that.

EDIT: I just saw in your other post that wiki users will now get the captcha challenge. That should be enough for us, thanks!
(This post was last modified: 2016-10-02 02:09 by Ned Scott.)
find quote
BobCratchett Offline
Posting Enthusiast
Posts: 1,454
Joined: Jan 2015
Reputation: 148
Post: #3
Trying to preview changes to the Add-On:Library Node Editor (wiki) page I'm getting blocked with no catchpa option. IP address is (according to the CloudFlare page) 79.75.73.21. Cheers.
find quote
keith Offline
Team-Kodi Member
Posts: 1,435
Joined: Sep 2007
Reputation: 17
Location: SF, CA
Post: #4
I don't see that IP come up... Can you post the image you're receiving? Is there a Ray ID on it?
find quote
BobCratchett Offline
Posting Enthusiast
Posts: 1,454
Joined: Jan 2015
Reputation: 148
Post: #5
Sure. Screenshots are here: http://imgur.com/a/gKqR5, the ray ID is shown in the second and is 2ec15628a2dd362f.
find quote
keith Offline
Team-Kodi Member
Posts: 1,435
Joined: Sep 2007
Reputation: 17
Location: SF, CA
Post: #6
My mistake, you're working on the wiki, and I was looking at forum rules. Should be resolved now.
find quote
BobCratchett Offline
Posting Enthusiast
Posts: 1,454
Joined: Jan 2015
Reputation: 148
Post: #7
Indeed resolved. Thanks Smile
find quote
asavah Offline
Senior Member
Posts: 238
Joined: Sep 2014
Reputation: 9
Post: #8
Please see http://forum.kodi.tv/showthread.php?tid=302078
find quote
BFeely Offline
Junior Member
Posts: 15
Joined: Apr 2017
Reputation: 0
Post: #9
These CAPTCHAs still occur quite frequently in the Tor browser (a browser designed for anonymous web surfing).
Many Cloudflare-infected sites seem to be getting better, but does Kodi have the firewall set particularly strict?

Not sure if it is notable, but Cloudflare also protects the websites for banned addons. It does appear you dodged getting a SSL certificate that throws them in with you, according to the SSL Labs check I just ran.

Did you ever try shopping for other WAF solutions like Incapsula or Sucuri (not related to any but whenever I mention Incapsula on Twitter I get a Like)?
(This post was last modified: 2017-05-12 23:42 by BFeely.)
find quote