Bitcointalk Running Cloudflare

[King Pajeet]

So I logged into bitcointalk earlier today and noticed that it's now running Cloudflare.

Firstly I don't think this is a good idea because I now need to keep the security-vulnerable javascript enabled on a website that deals with bitcoin.

Secondly, I don't want google crawling up m my ass, invading my privacy, logging my data and fucking me over like they tend to do.

Thirdly, if cloudflare is now enabled, I think that google recaptcha should be disabled on the login page.

[subSTRATA]

theymos decided to go with cloudflare as the ddos solution since his homebrew solution was no longer proving effective. he's said before in the thread announcing this change that he will gladly switch off of cloudflare if one could solve the problem.

[Decoded]

Point 1 - You can check what JavaScript is running on your machines just by accessing dev tools. Check what CDNs the sources are hosted on and look for reputablr sites. Bitcointalk is relatively trustable.

Point 2 - There are extensions avaliable to whitelist certain domains and allow js to run under certain conditions. Search. You can probably write up your own chrome extension to do it.

theymos decided to go with cloudflare as the ddos solution since his homebrew solution was no longer proving effective. he's said before in the thread announcing this change that he will gladly switch off of cloudflare if one could solve the problem.

He previously made a big deal about not using cloudflare, since it means that a little trust has to be given to cloudflare not to look at you shit.

[TheQuin]

He previously made a big deal about not using cloudflare, since it means that a little trust has to be given to cloudflare not to look at you shit.

This is correct, it was done with much reluctance due to the ever increasing DDoS attacks the forum was coming under. You can read what theymos said about it at the time in this thread https://bitcointalk.org/index.php?topic=2485318.0

[King Pajeet]

Cloudflare has been removed once again. Thanks theymos for doing this. Having Google breathing down our backs is never a good thing and I'm sure many of the forum users agree and support your decision.

[Quickseller]

Cloudflare has been removed once again. Thanks theymos for doing this. Having Google breathing down our backs is never a good thing and I'm sure many of the forum users agree and support your decision.

I am not sure why you think this is true. The IP address of the forum is currently very clearly associated with cloudflare

[Madmim]

I believe the admin added cloudflare for a reason. But it is a pain in the back. Today when I tried to login, I had to try several times because I got the message that entered invalid captcha. Filling the google captcha was already a pain before.

And because of cloudflare I lost a post today. I made a lengthy post and when I pressed the post button I cloudflare page popped up and BCT said the message was empty. Admin should do something about this so posts which takes time to type does not get lost because of cloudflare.

[hamade]

they add cloudflare to protect the fourm from Dos attake
your words is true but added the cloudeflare better than Fourm will Down

[Joel_Jantsen]

I believe the admin added cloudflare for a reason. But it is a pain in the back. Today when I tried to login, I had to try several times because I got the message that entered invalid captcha. Filling the google captcha was already a pain before.

Wait,Google captcha and cloudflaire are two different services and are not dependent on each other.Cloudflaire is there to prevent Ddos attacks while captcha prevents spam bots.Having said that I agree captcha is pain in the ass.

And because of cloudflare I lost a post today. I made a lengthy post and when I pressed the post button I cloudflare page popped up and BCT said the message was empty. Admin should do something about this so posts which takes time to type does not get lost because of cloudflare.

Does you browser cache the temp data being typed ? If you're writing a lengthy post,it's always better to write in your text editor or keep a shallow copy of it somewhere.Admins don't care about your post and they shouldn't since forum's usability is more important than your lengthy post.

[2112]

This is an experimental post. I'm making it with Javascript disabled. I correctly saved the previous text to into SMF drafts https://bitcointalk.org/index.php?action=drafts , still without Javascript.

While writing this post I looked up some information on this forum in a separate window of the same browser, still with Javascript
disabled.

So it just looks like Cloudflare is requiring Javascript only to set up some ephemeral cookies when first opening a browser session. Once the browser session is started Javascript can be disabled.

Now I'm going to try to post it, with Javascript still disabled.

Edit: It appears it went through without a hitch. I'm now editing it with Javascript still disabled. Please post your experiences using your ISPs because Cloudflare is known for using various amounts of defensive technology for various ISPs and various traffic conditions.

Edit2: Further along this Cloudflare discussion, I went to a different site that is also using them for DDoS protection. In the past that site used to show the same Cloudflare screens about "Checking your browser". That other site didn't make that challenge this time at all, still with Javascript disabled. I know that this "other site" is nowadays not under attacks anymore, they are just using Cloudflare out of inertia.

Edit3: I just wanted to save my previous edits, still with Javascript disabled. Worked fine. Another variable as far as Cloudflare is that I'm typing this from a less popular browser. On the same computer I have bitcointalk.org opened in a very popular browser with most recent updates. In that browser Cloudflare re-challenged with "Checking your browser" despite the fact that I didn't close that other session and the ephemeral cookies are still present.

Edit4: So the summary is: YMMV (your mileage may vary). You can certainly browse and post on bitcointalk.org through Cloudflare with Javascript disabled. Just use tools less popular amongst the DDoS crowd and other script kiddies.

[Madmim]

Wait,Google captcha and cloudflaire are two different services and are not dependent on each other.Cloudflaire is there to prevent Ddos attacks while captcha prevents spam bots.Having said that I agree captcha is pain in the ass.

Somehow they are affecting the login page. Otherwise google captcha is buggy.

Does you browser cache the temp data being typed ? If you're writing a lengthy post,it's always better to write in your text editor or keep a shallow copy of it somewhere.Admins don't care about your post and they shouldn't since forum's usability is more important than your lengthy post.

I am using Tor

[selezneve]

This might be required for securing the forum from hackers. One big problem I experience with this is sometimes while making a post here, page refreshes because of cloudfare. This results in all content written till then getting removed. Is there any solution to this problem ? Can we have some other alternative to this security measure which does not cause any trouble while making a post here ?

[Joel_Jantsen]

This might be required for securing the forum from hackers. One big problem I experience with this is sometimes while making a post here, page refreshes because of cloudfare. This results in all content written till then getting removed. Is there any solution to this problem ? Can we have some other alternative to this security measure which does not cause any trouble while making a post here ?

You mean page randomly refreshes while writing a post after you have passed the cloudflaire wall the first time you opened the website ? Do you have a dynamic ip by any chance ? Do you use a VPN ? Maybe your ip will be one of those data sources which cloudflaire has detected as part of the ddos attack ?

As interesting as it gets,I'd like to know more about your case.

[2112]

Let's try different browsers from a different computer on a different continent.

But same schtick: enable Javascript to pass Cloudflare and Google captcha challenges and then browse and post with Javascript disabled.

If you see it, it worked.

[Quickseller]

This might be required for securing the forum from hackers. One big problem I experience with this is sometimes while making a post here, page refreshes because of cloudfare. This results in all content written till then getting removed. Is there any solution to this problem ? Can we have some other alternative to this security measure which does not cause any trouble while making a post here ?

Before you his "post" you can copy the entire content into your clipboard so you have it in case this happens, and can try again.