That's not only the captcha lol are you serious?Originally Posted by KittyChloe
Try to attack iHabbol, and next try to say something into this thread.
The JS Challange of CLOUDFLARE is useless, can be bypass with easy way.
That's not only the captcha lol are you serious?
Try to attack iHabbol, and next try to say something into this thread.
The JS Challange of CLOUDFLARE is useless, can be bypass with easy way.
Expert hacker alert ! Even if you have an anti bot page this will not stop DDOS attacks, Cloudflare Pro, along with the right IIS/Apache/Nginx settings and you will be safe. Vinnie, you seem to be talking utter rubbish here. The "browser check" can be bypassed yes! but if you are using the CloudFlare Pro settings correctly then you will be fine as CloudFlare takes the connection before it connects to your server, if you set it up correctly with their Captcha very few bots can bypass the latest version of Google's Recaptcha system.
I deal with this type of thing in the real world, not Habbo retros getting attacked by dumb kids with mummys and daddys paypal buying $5 off a hacking related forum.
When you understand that a DDOS attack is more than putting a IP address in a box and hitting the bit red button you will understand how to stop the attacks too.
I can reply just like that: ahah!
After that i can say just that: u didnt read nothing about what i said.
Is not the "Browser Check" is the JS Challange (with google captcha). That can be the best vs Layer 7 attack but that got bypassed with some script. If you build something by youself with the last version of google recaptcha or similiar as Cloudflare, but only by yourself, you can do something. ;)
PS: Im not expert or something like that, but i can prove what i said. If you want i can prove it, whatever you want. ahh... and we're talking about Layer 7, not Layer 3/4! Mr. red button! :D
Last edited by Vinny95; 11-11-19 at 02:43 PM.
I do know about attack types, I live and work outside of the habbo retro kid attacks on their $5 web booters and l33t botnets. Putting a PHP page on the website with a captcha will never stop a ddos attack, this will stop auto account creation bots, data harvesters. You really think a multi million pound company cannot stop habbo skids and their big red buttons ? All you are proving so far is that you have no clear understanding how the attacks actually work behind the scenes, If you are really looking to stop attacks from taking your website down you will need to invest huge amounts of money in hardware, CloudFlare have more than just a JS check on their network, their systems have multiple layers of security and used correctly by people with the knowledge it will protect you.
Off topic, would you also be in the same mindset that every retro needs a TCP proxy to be safe ?
Just 1 thing.
We're talking about Habbo here and not for other reasons.
I'll not say that. There is a system around that (see iHabbol). At the moment, yes, they can't stop that cause Cloudflare can be bypassed and you know that. I'll say that again: "i can prove it". I'm talking about Habbo Retros with CF Pro and basic and business.
I know how CF work, but they got bypassed alot of times. CF is not safe anymore.
The proxy for me, in client, is the stupid thing ever.
PS: We're talking about the JS Challange by Cloudflare, also the geoblock or the check browser is bypassable. Other things i can't say nothing, but im talking about JS Challange by cloudflare and cloudflare pro.
Cloudflare is good, but easily to bypass. Useless to say the lies if i can prove it no? ;)
Vinny is right. CF is easily to bypass with a python script.
The only solution if you want to be sure, is that "shitty php page" with the recaptcha of google.
It stop's the bot, it's true.
Thanks @Vinny95!
Last edited by TheDarkV0x; 12-11-19 at 08:23 AM.
That's really not how ANY of this works dude...
Yea right, sherlock.
--
Anyway this 'anti-bot' will not protect you because the attacks will still reach the server. Also CloudFlare 'Pro' will not protect you, so the CloudFlare free one is fine. One good way is to configure your settings the right way and make it slowdown the attacks. But when they use thousands of attacks/ips this settings will not protect you either. The best solution is to see what they are attacking and fix it with CSRF tokens, cooldowns or whatever.
Last edited by Chapo; 12-11-19 at 04:25 PM.
ofc will not protect you as you want. But you need to do something with rules for make it working.
There is alot of php around the anti-bot page where he act like a "ok, you dont pass = you got banned from the webserver".
But you need to work on your web server for make it work well.
Dude, allowing the connection to reach your web server PHP page is fatal, no PHP page will stop a DDOS attack full stop. To stop DDOS attacks you either need
1)Reverse proxy to sit in front of your web server that has firewall and software rules in place to drop the bot traffic and allow the clean
2)Hardware firewall that is configured to detect the bots and place a block or black hole the the bad traffic
3)Configure your IIS/Apache/Nginx to limit / slow down the processing of the traffic
NO captcha will stop a ddos attack on Layer 7
Anyone said the only captcha block the attack lol
Reply With Quote