Cloudflare protected sites loop "Checking if the site connection is secure" on Firefox 52 and Mypal 68

[D.Draker]

4 hours ago, Tripredacus said:

Random.org does it.

Can't pass it, will try again. This one is also compares the spoofed UA with the real one through ClientHints (which I blocked, obviously).

My Quad CPU on a crappy 16GB RAM PC is loaded at 38% while "checking". And the RAM usage goes to 3GB with that page opened.

Someone wrote :  "It does work through VPN, though"

https://community.cloudflare.com/t/cant-pass-checking-if-the-site-connection-is-secure/430459/2

 

 

[msfntor]

2 hours ago, XPerceniol said:

@msfntor is this also happening to you on DCBrowser? On the above site?

YES, this same, with "Just a moment..." tab title (and Ray ID for me which is different in each new tab, every time I reload the page it changes my current Ray ID) ... I remember now, that I have the same, if I want to access a site that I forgot the address for the moment... just a moment...

- but i'm able to access to these websites with my UltraSurf VPN (some of theses, but NOT random.com).

 

Found on the web:

Access denied by Cloudflare:

"This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution (by Cloudflare!). There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data."

"Solution 1: enable cookies in browser.

Cookies are used by Cloudflare to distinguish between malicious visitors and legitimate users, so you need to make sure it’s enabled in your browser.

Solution 2: disable/remove browser extensions.

If you find any browser extensions could block the cookies, you should go to disable or remove them completely.

Solution 3: clear browser cookies.

You should go to clear your browser’s cookies; then, set it to cache from "all time" properly."

 

- so I've cleared the browser data , with cookies too, and miracle: now I'm able to go to random .com (with redirect: https://catchy.com/buy/domain/random.com because the domain random.com is finished, is no more functionning)...

Edited December 29, 2022 by msfntor

[Tripredacus]

8 hours ago, msfntor said:

so I've cleared the browser data , with cookies too, and miracle: now I'm able to go to random .com (with redirect: https://catchy.com/buy/domain/random.com because the domain random.com is finished, is no more functionning)...

It is random.org not .com

Anyways, sites with Cloudflare DDOS protection have has a pre-loader message for a few years now. It is only recently that 1) random.org has had it (it appeared shortly after that large cookie notice that takes up the top 1/4 of the page) and 2) the Cloudflare message changed the text to checking if secure.

It is also possible that websites that are using the Cloudflare service are not aware that some browsers can't pass this message. But I also wonder if these same browsers were able to pass the old pre-loader message that Cloudflare used to use.

[D.Draker]

6 hours ago, Tripredacus said:

I also wonder if these same browsers were able to pass the old pre-loader message that Cloudflare used to use.

No, they weren't. I started to notice it a long time ago, and just ignored and removed such websites from my usage. But looks like now it's more and more of them and cloudfare's censorship is getting tougher and we warned about it. Also, I noticed some domains still won't connect, even if I pass this fingerprinting "checking" . Like not loaded images, etc.

[msfntor]

6 hours ago, D.Draker said:

cloudfare's censorship

Quote: I see Cloudflare as a Tool of Global Censorship & Control.

Article: How To Bypass Cloudflare Protected Website And Find Origin IP?: https://shadowhosting.net/blog/bypass-cloudflare/

Chrome extension: FilterBypass : https://chrome.google.com/webstore/detail/filterbypass/naeeohopejehgjckpkmbdojogdipklbj

Website: filterbypass.me: https://www.filterbypass.me/  - this doesn't work on random.org (why?..) - but on other addresses it work.

 

 

 

 

Edited December 30, 2022 by msfntor

[Old Technology]

I’ve spoken to random.org. They’ve fixed the problem on their end and will endeavour to make a ticket with cloudflare.

[Old Technology]

Heard back from cloudflare. Apparently the older browser triggers the message based on the security level.

https://support.cloudflare.com/hc/en-us/articles/200170056-Understanding-the-Cloudflare-Security-Level

hope this helps people 

[D.Draker]

3 hours ago, Old Technology said:

Heard back from cloudflare. Apparently the older browser triggers the message based on the security level.

https://support.cloudflare.com/hc/en-us/articles/200170056-Understanding-the-Cloudflare-Security-Level

hope this helps people 

Oh really !?!?! Gotta bloody love their support blocks, in the style of "reboot your PC, rinse, repeat."

You do understand they didn't answer anything, don't you ?

[D.Draker]

On 1/6/2023 at 4:48 PM, Old Technology said:

I’ve spoken to random.org. They’ve fixed the problem on their end and will endeavour to make a ticket with cloudflare.

Works now, can confirm. Tried just out of curiosity, never used this site before. But thanks.

[Old Technology]

7 hours ago, D.Draker said:

Oh really !?!?! Gotta bloody love their support blocks, in the style of "reboot your PC, rinse, repeat."

You do understand they didn't answer anything, don't you ?

I get that. I’m asking cloudflare a new question about their criterion. Although I think for now needling individual sites works best. The only one I used enough was fanfiction.net and they’ve had complaints about the policy within the community since 2021. 

 

Let me onow what other other websites are trouble makers!

[Tripredacus]

W3C's validator has this on it as well. I had seen this type on another site ( https://steamdb.info/ ) but it also has some other domain that is side-loading as well: hcaptcha.com. And I suspect hcaptcha is trying to side-load another domain further down the line that I can't see (to allow), so I can't get through to either of these sites unless I use stock Chrome.

https://validator.w3.org/

 

[NotHereToPlayGames]

So I've now had TWO consecutive "forced updates" that both did the same exact thing on my end.
That result being that Cloudflare captchas would loop endlessly and never be able to be "solved".
The "are you human" checkbox would show a checkmark after solving the puzzle (only for a split second), but it would only take you to another puzzle.
Endlessly.

The first time was last November.
The solution was a "forced update" from running Chrome v136 and manually updating to Chrome v140 (v138 technically solved, but v140 solved a different issue).

The same exact thing happened yesterday.  Cloudflare captchas would appear to solve but all they would do is take you to another puzzle.
Manually updating from v140 to v141 solved the endless captcha loops (but presented video stutter issues that v140 did not have!).

In both cases, the first sign of something happening was that Google Search would present Cloudflare captchas EACH AND EVERY TIME you visited Google Search.
They would "solve" but you were presented with it EACH AND EVERY TIME you visited Google Search!

In both cases, my water sewage bill would present the unsolveable endless loop!

This happened EXACTLY in this manner in November.  And again yesterday.  Simply can not be a "coincidence".
The Cloudflare captcha server-side algorithms being updated to use new coding is behind this.
They (the algorithms) are getting smarter and smarter at detecting "old browsers".

[NotHereToPlayGames]

45 minutes ago, NotHereToPlayGames said:

(but presented video stutter issues that v140 did not have!).

Solved.  v141 updated a flag "behind my back" that was set in v140.
Returning the #use-angle to D3D9 setting which was set in v140 but v141 updated to "D3D11 WARP" solved the video stuttering.

[NotHereToPlayGames]

And that (D3D9!) was all it took to return my water sewer bill to an infinite unsolveable Cloudflare captcha loop!  Even as high as Chrome v144.