Comment by mindslight
3 years ago
But you know the website might have sooper sekret information they want to protect, which is why it's been published on a public website.
Speaking of bullshit restrictions designed to encourage compliance with surveillance, have imgur links just straight up stopped working for anyone else recently? I'm coming from a datacenter IP. I assume it's just some heavy handed part of the cost cutting push they announced.
Verification isn't about keeping secrets, obviously, it's about restricting the velocity of bots and their ability (intentional or not) to degrade your site's performance/availability.
There are too many bots out there that are very inconsiderate and do not limit or throttle themselves.
We have one right now that crawls every single webpage (and we have 10's of thousands) every couple days, without any throttle or limit. It's likely somebody's toy scraper, and currently it's doing no harm, but not everyone has the server resources we have.
The point is - if you are dealing with inconsiderate bots, a captcha of some type is pretty nearly a bullet proof way to stop them.
With that said, Cloudflare usually is smart enough to detect unusual patterns, and present a challenge to only those who they believe are bots or up to no good. If every person gets a challenge, then the website operator is either experiencing an active attack, or has accidentally set their security configuration too high.
I do know the common narrative. FUD -> more snake oil "solutions". I myself rely on a special type of igneous rock that keeps hackers away. In reality:
1. Most sites only have this problem due to inefficient design. You are literally complaining about handling 1 request every 2 seconds! That's like a "C10μ problem."
2. How many IPs are these bots coming from? Rate limiting per source IP wouldn't be nearly as intrusive.
3. There are much less obtrusive ways of imposing resource requirements on a requester, like say a computational challenge.
Not every website is the same, folks.
> You are literally complaining about handling 1 request every 2 seconds
I don't know where this came from. The inconsiderate bots tend to flood your server, likely someone doing some sort of naïve parallel crawl. Not every website has a full-stack in-house team behind it to implement custom server-side throttles and what-not either.
However, like I mentioned already, if every single visitor is getting the challenge, then either the site is experiencing an attack right now, or the operator has the security settings set too high. Some commonly-targeted websites seem to keep security settings high even when not actively experiencing an attack. To those operators, remaining online is more important than slightly annoying some small subset of visitors 1 time.
8 replies →
> The point is - if you are dealing with inconsiderate bots, a captcha of some type is pretty nearly a bullet proof way to stop them.
Not any more.
Most bots do not handle javascript, still to this day. They want to scrape HTML and catalog prices, etc.
At least in our experience.
2 replies →
CloudFlare is usually there to mitigate bots attacking. Without which, the site wouldn't be available to view in the first place.
CloudFlare is merely the symptom of a greater set of problems, which it attempts to mitigate.
If you want to be angry about something, be angry that bruteforce attacks are common, guzzle resources and usually yield zero legal repercussions in most cases.
Personally, I have no problem with CloudFlare's bot protection. My problem is with CloudFlare's lack of diagnostics and community involvement to resolve/explain false positives. I have no idea what obscure default setting to change in Firefox to make it work.
[deleted]
Perhaps. Ask your government about it if you genuinely don't think the alternative is going to be far worse. People demand x solutions for y technologies like crypto or AI. Demand solutions for the problem.
The centralized solution is going to be a government-owned/controlled MITM service like CloudFlare. No doubt with actual ID for verification.
I don't see the decentralized solution happening any time soon.
Massive attacks existed long before CloudFlare ever did. If you're implying there's a conspiracy that CloudFlare is attacking others directly or indirectly to sell their solutions, I'd be extremely careful as that's defamatory and almost certainly false.
Furthermore, most CloudFlare users only use the free plan and thus cost CloudFlare money. Isn't that curious?
1 reply →
Imgur links haven't worked on my VPN for a long time.
Even if they did, I'd still avoid imgur since they censor even worse than reddit.