Cloud flare, preventing logon

[GBMaryland]

Folks,

I’m sitting at home trying to login into TMC, and Cloudflare will not under any circumstances get me past the “ verify you are human” screen.

I’m not using a VPN or anything along those lines… direct directly connected to a Verizon POP.

Why is it not letting me to the website from a normal every day browser on a PC?

(it even let me login and then popped up with this whole cloud flair thing…)

 

[danny]

Are you still having this issue?

 

[GBMaryland]

I haven’t tried today… I’ll check

 

[doug]

You're saying checking the box doesn't work?

 

[woof]

Maybe (just maybe) the OP isn't human, and thus cannot verify itself as such.

 

[GBMaryland]

Well, it appears that cloud flare is once again preventing me from logging onto the website using my desktop computer, which is connected to the same network as the phone. I’m typing this message from.

The symptom is that it keeps asking me to click the verify you are human checkbox.

I’m starting to suspect that TMC is trying to collect a whole bunch of metadata and that is being blocked by the border router here at the house.

How do we fix this?

 

[HankLloydRight]

Are you using a VPN on your desktop?

 

[GBMaryland]

Nope. Tried it from my iPad and I get the same basic issue.

If I had to hazard to guess I would assume that the sonicwall doesn’t like it as TMC is trying to collect some bit of telemetry…

The iPad is using Safari and the desktop is using Chrome.

 

[GBMaryland]

(FWIW I did try a VPN to get around the issue on the desktop only to have the connection immediately terminate. As such, I’m assuming that TMC doesn’t allow you to VPN into the website.)

 

[HankLloydRight]

t like it as TMC is trying to collect some bit of telemetry…

Yeah, no need for conspiracy theories... that's not what's going on here. It's a standard human Captcha at CLOUDFLARE, not TMC. CF is detecting something nefarious with your connection and asking you to verify. That's it. CF clients (downstream) do not have any visibility into the network Capcha that CF puts up.

 

[ewoodrick]

Yeah, no need for conspiracy theories... that's not what's going on here. It's a standard human Captcha at CLOUDFLARE, not TMC. CF is detecting something nefarious with your connection and asking you to verify. That's it. CF clients (downstream) do not have any visibility into the network Capcha that CF puts up.

Yep, Cloudflare has implemented this new PITA solution.

 

[GBMaryland]

Yeah, but it’s not working and it only happens with this website.

And there’s nothing to suspicious about the our connection at all…

One gigabyte Verizon connection, attached to a Sonicwall….

The only possibility is that the Cloudflare service is attempting to collect some sort of telemetry that is not just standard http/https traffic.

From what I know about cloudflare it gets configured by the site that’s using it. Which means that it’s being configured in some manner that is causing an issue with the captcha.

The only thing going on here is that we employ DNS security that prevents telemetry collection in any capacity by third parties.

 

[doug]

I looked up the Ray ID and it didn't give me any more info except that it's the custom rule I have to put a Captcha on the login. We do regularly get hit by bots, so it's pretty important to have that Captcha there. I don't get any info as to why you'd fail the Captcha.

Digging a little deeper, it looks like your traffic is also triggering the rule "949110: Inbound Anomaly Score Exceeded"

 

[GBMaryland]

It’s just weird… It’s a cyclic captcha.

You click the box, then it sits there, ticking away, then it returns to the checkbox asking you to click the box, and it just keeps doing that.

We do have DNS security enabled and we have telemetry from third-party data collectors blocked wholesale. Anything it tries to collect information about where we browse is typically blocked at the DNS level.

So my wonder is whether or not Cloudflare is attempting to use some sort of third-party broker to collect browsing history on us to prove that we’re “human…”

It’s kind of odd that my phone is working, but I think that’s because it has a recent security token, and that I am logged in already.

 

[GBMaryland]

Crap, I replied to the old thread…

 

[doug]

You could try logging in from an incognito tab on your phone.

 

[GBMaryland]

Yep, that does re-create the problem.

So yeah, the phone works only if it’s been logged in from someplace other than my home

 

[ewoodrick]

It’s just weird… It’s a cyclic captcha.

You click the box, then it sits there, ticking away, then it returns to the checkbox asking you to click the box, and it just keeps doing that.

We do have DNS security enabled and we have telemetry from third-party data collectors blocked wholesale. Anything it tries to collect information about where we browse is typically blocked at the DNS level.

So my wonder is whether or not Cloudflare is attempting to use some sort of third-party broker to collect browsing history on us to prove that we’re “human…”

It’s kind of odd that my phone is working, but I think that’s because it has a recent security token, and that I am logged in already.

Sometimes when you do things to keep people out, it keeps them from verifying that you are real. Both are important.

 

[GBMaryland]

Sometimes when you do things to keep people out, it keeps them from verifying that you are real. Both are important.

No, when you ensure third party telemetry isn’t collected (your privacy isn’t invaded), websites that use hinky 3rd parties break.

I’m gonna assume TMC just doesn’t know who can’t use the website if they never manage to create an account / login.

 

[HankLloydRight]

Perhaps your tin foil hat needs replacing.

Hanlon's razor --"Never attribute to malice that which is adequately explained by stupidity" or my preferred version: "cockup before conspiracy"