Is there anything that I can do?
Is it certain characters that trigger this?
I find it very frustrating when a friend is asking for private advice and I have to go dump all that info into a Skype message because the forum won't let me send the message . . .
(2014-02-12, 04:35 PM)Wildcard Wrote: [ -> ]Is there anything that I can do?
Is it certain characters that trigger this?
I find it very frustrating when a friend is asking for private advice and I have to go dump all that info into a Skype message because the forum won't let me send the message . . .
Please open a support ticket and we can review. I'm pretty sure you have the
Web Application Firewall turned on & that's why certain behaviors are getting challenged. If you want to see if is the WAF, then you can go to the Security Settings for the domain->WAF Settings. You should be able to see if rules are turned on.
damoncloudflare, I had a similar issue while uploading an attachment today. It asked for captcha, and uploaded afterwards.
imo, this is a ip based block by the cloudfare. if it identifies your ip as bad then you get that captcha screen.. but majority of the time its a false positive.
(2014-06-25, 05:47 PM)mmadhankumar Wrote: [ -> ]imo, this is a ip based block by the cloudfare. if it identifies your ip as bad then you get that captcha screen.. but majority of the time its a false positive.
In this case it's CloudFlares WAF.
@Wildcard: Chris will have to adjust the CloudFlare WAF for this to stop happening.
I also got this as well, I figured it was because of something for guests. I don't find it at all annoying. Just seems like a routine to me.
(2014-06-25, 05:47 PM)mmadhankumar Wrote: [ -> ]imo, this is a ip based block by the cloudfare. if it identifies your ip as bad then you get that captcha screen.. but majority of the time its a false positive.
It isn't a false positive per se. Our multiple data sources online, including Project Honeypot, have seen problematic activity online from that IP (spammer, exploit attackers, etc.).
Relative to the
WAF, which is separate from Basic Security, a rule set would be triggered based on the OWASP Top 10 or a custom rule set specifically designed to stop certain attack types (WordPress brute force attacks, for example).
(2014-06-25, 05:03 PM)_Jerry_ Wrote: [ -> ]damoncloudflare, I had a similar issue while uploading an attachment today. It asked for captcha, and uploaded afterwards.
That also sounds like the WAF.
If you are getting challenged in your admin back end for these cases, then I would recommend whitelisting your IP(s) in your Threat Control panel. You could also set a PageRule to exclude from security, if you wish, but I would generally recommend against doing so because admin urls are frequently attacked.
I guess a simple work around for now is to paste the code on pastebin and then send the link in PMs.
That'll probably not work as it will pick up that you've only sent a link (a bit like a spammer) and show you the CAPTCHA anyway...
Nah, the CAPTCHAs generally show when you use code or SQL in the message (at least as far as I've seen), putting it up on pastebin, etc. seems to work fine.