[tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jan 24 00:30:11 UTC 2020
#24351: Block Global Active Adversary Cloudflare
-------------------------------------------------+-------------------------
Reporter: nullius | Owner:
| cypherpunks
Type: enhancement | Status:
| assigned
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: security, privacy, anonymity, mitm, | Actual Points:
cloudflare, TorBrowserTeamTriaged |
Parent ID: #18361 | Points: 1000
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
== Cloudflare is turning off the internet for me
Ok, I’ll admit, I’m not the largest fan of centralisation, but rarely do I
so swiftly and effectively feel the crushing weight of it.
I happen to use a very nice Chromium-based web-browser which, when it
opens has javascript disabled. Often I find that nothing works so I re-
enable javascript and continue about my day.
This morning I went to work, as normal, turned on my laptop and as my
laptop dutifully reloaded all my tabs from the day before I saw a few
sites error-ing out.
This is relatively common when I haven’t connected to the network yet, or
some sites which don’t even attempt to load without javascript, so I check
my connection, enable javascript and went about reloading the offending
pages.
But I noticed quite a few of the pages were the following:
[[Image(https://i.imgur.com/z0nm8un.png)]]
Let me copy that for those who don’t like to read images:
{{{
Sorry, you have been blocked
Why have I been blocked?
This website is using a security service to protect itself from online
attacks. The action you just performed triggered the security solution.
There are several actions that could trigger this block including
submitting a certain word or phrase, a SQL command or malformed data.
What can I do to resolve this?
You can email the site owner to let them know you were blocked. Please
include what you were doing when this page came up and the Cloudflare Ray
ID found at the bottom of this page.
}}}
Ok, so I’ve been outright blocked, no captcha, and a suggestion to email
the owners of the sites… which could be difficult given that I can’t
actually reach the sites to find the site-owner for each one.
I figured this might be because I had javascript disabled and tried to
load a few pages, so I refreshed the page, noted that no captcha appeared
and continued my day and figured the ban would eventually be lifted;
Noting that I should keep my browser open so that it doesn’t happen again
when I get home.
home
#
Ok, so I got home 30 minutes ago and I’m following some reddit links from
/r/irc, when I get a “You have been blocked message”.
“Oh,” I thought.
“I forgot about that.”
[[Image(https://i.imgur.com/QyVbHAh.png)]]
So now I’m curious as to why, and what I can do about it.
Any ideas? Please help
EDIT:
if my blog goes down; let it be known that I tried to read the docs on
nginx.org but was not able:
[[Image(https://i.imgur.com/qzKnGEg.png)]]
EDIT2:
plot thickens, it seems to work fine in chrome.
[[Image(https://i.imgur.com/Akq5mpH.png)]]
EDIT3:
Conclusion!
#
I had set a custom user agent string (D'OH!) some time ago, and forgot
about it. Which is now biting me on the butt.
Ironically I set that user agent string before because Google was not
allowing me to log in to my account anymore, I got that working but now
half the internet doesn’t work for me.
Kudos to RyanK24 on HackerNews for following up. Much, much appreciated.
----
https://blog.dijit.sh/cloudflare-is-turning-off-the-internet-for-me
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24351#comment:157>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list