Comment by IYasha
3 years ago
Website owhers usually don't realise that some "nicely advertised tech" they're ticking "to protect my poor website from evil hackers" is a damn grenade launcher in an infant's hands. Ironically, they're also shooting themselves in the feet by blocking their own customers.
Losing as much as a couple percent of annual sales to prevent card-stuffers from getting through—which can knock you off your payment processor completely—is a pretty easy call for a lot of businesses.
Not sure how the math works out for ad-supported sites, but it pretty strongly favors "moderately-aggressive automated blocking" for those taking direct payments.
It may be understandable if it's on a checkout page.
But Cloudflare often enough blocks users from reading content pages. Cloudflare could just serve their cached static content instead of showing Captchas.
There are several system level and application level ways of dealing with automated traffic, card stuffers, etc.
Sure, a general solution is better, but since everything today is docker running node.js running without a modicum of caching or appfw in front, not surprised things are so fragile