Word blocked on Cloudflare - my previous help request was deleted - Posting again.
Hello, it seems my previous request was deleted. I hope I'm not breaking any rules by posting this, so please DM me if I'm crossing any lines.
I've been having troubles with websites that use Cloudflare (including Discord), and it seems the issue is because a word is blocked all across the entire Cloudflare network (I'm not sure how that is possible since traffic is supposed to be encrypted). No matter what website I use, if my email or username contains the phrase "Larwri", I'm bombarded with hcaptcha, SMS verification requirements, and more.
I can use the same websites with no troubles if I create a different name, but "Larwri" triggers this problem only onCloudflare enabled websites.
5 Replies
(I'm not sure how that is possible since traffic is supposed to be encrypted).Cloudflare decrypts all traffic when it hits it -- otherwise it couldn't really do much, need lots of details on the request to do ddos protection/waf/etc
No matter what website I use, if my email or username contains the phrase "Larwri", I'm bombarded with hcaptcha, SMS verification requirements, and more.Cloudflare doesn't use hcaptcha, nor would it do sms verification stuff, etc. Only real possibility that comes to mind is the Cloudflare WAF does scanning for urls, uploaded bodies, etc, but shouldn't be on a specific term like that, and it would be either an outright block or cloudflare turnstile challenge. I would flip this around and look for other common factors. For example if for all these sites you're using the same IP/connection, or email, those could be flagged, etc. Discord specifically is a special care/super sensitive. I've gotten their sms verification stuff before suddenly, they've got their own internal flags and stuff that act in interesting ways.
For hcaptcha, I thought Cloudflare implemented it per their blog post here, is this no longer the case?
https://blog.cloudflare.com/moving-from-recaptcha-to-hcaptcha
The issues I'm running into definitely do not happen under any other account (even new accounts), since they don't contain "Larwri" in the details that would be passed through the URL or any forms.
Thank you Chaika for replying, I really appreciate your time.
The Cloudflare Blog
Moving from reCAPTCHA to hCaptcha
We recently migrated the CAPTCHA provider we use from Google's reCAPTCHA to a service provided by the independent hCaptcha. Since this change potentially impacts all Cloudflare customers, we wanted to walk through the rationale in more detail.
For hcaptcha, I thought Cloudflare implemented it per their blog post here, is this no longer the case?No, they use their own solution called turnstile nowadays. It looks like this: (there's no solving or further interactivity other then clicking a box or waiting for it to solve automagically)
If you're getting an hcaptcha it's not directly cf
The only other thing that comes to mind is if you were using the same username/password and specific customers were using https://developers.cloudflare.com/waf/managed-rules/reference/exposed-credentials-check/ but idk if that would end up with extra verification like that, I would imagine most sites would just force a reset.
The way most people use Cloudflare's WAF/security stuff and they way they operate is pretty simple. If it was something identified by the WAF as bad, you'd either get a simple block screen (more common, but up to config) or a challenge to pass. There's no magical integration further then that, Cloudflare's side ends there. There isn't a service that involves tracking usernames across sites or anything like that. Maybe if they were all companies which factored in your bot score (ip reputation, or browser related) as a super special integration, but if you say it doesn't happen with other usernames/etc without changing anything else then doesn't match.
I would think it's more likely something else is following you. There's other companies that have services to try to fingerprint you and stop bad accounts, maxmind has DBs and lists for stuff like that, FraudRecord, etc. There's another one a lot of hosting companies use too but I can't think of it..
Hmm... I really wish I could receive a little more help with this. Now, my IP seems to be on some sort of blacklist. It doesn't matter if I'm using a clean, vanilla browser, whether it's Edge, Chrome, Firefox, or Safari, I have to complete Cloudflare captcha twice minimum now, regardless of what device I'm using (including on my iPhone, and on my Windows 11).
I know the obvious guess here is my network being an attack source, but that's just not possible. I guess I internet a little more than the average person here, and I'm being throttled and limited by either Cloudflare, or one of Cloudflare's partners. I took my laptop to another network, and no problems at all (but the word "Larwri" triggered everything again, so that word is still blocked too).
- My IP address
- The phrase "Larwri"
I'm guessing some automated security mechanisms are the culprit, and I don't know if anyone is able to, or willing to investigate this even. Seems the only solution is to ditch the name, ditch the IP, and start fresh, which I cannot do.
I don't know who to contact, Discord hasn't gotten back to me, hcaptcha hasn't gotten back to me. Nobody seems interested, so I'm at a standstill. I'm willing to pay someone to actually investigate this internally. But I guess there's no way for Cloudflare to bill for this kind of service...