Their WAF isn't there yet, the moment it can build the expressions you can build with CF (and allows you to have as much visibility into the traffic as CF does), then it might be a solid option, assuming they have the…
L7 DDoS protection and global routing + CDN, there is not a single paygo provider that can handle the capacity CF can, especially not at this price range (mitigated attacks distributed from approximately 50-90k ips,…
There are no alternatives, and those alternatives that did exist back in the day, had to shut down due to either going out of business or not being able to keep a paygo model. Not everybody needs cloudflare, but those…
Those are different products. BIC prevents requests such as empty UAs or corrupted HTTP requests to pass CF without a challenge. Turnstile/Challenges per se don't rely on the UA at all.
I think it's pretty clear you have never worked on fraud protections or bot detections, otherwise you'd understand the struggles of supporting many environments with a single solution, you already have an opinion on…
I think the issue is that Cloudflare tends to be a toggle-and-forget, it's very easy to use and it works for most people. The problem with this setup, is that it sacrifices on both security (because it needs to keep…
You can create a new browser, there are plenty of modern new browsers that aren't considered major and work just fine because they run on top of recent releases of chromium. There are actually hundreds of smaller…
> * If your visitors are using an up-to-date version of a major browser * > * they will receive the challenge correctly. * I'm unsure what part of this isn't clear, major browsers, as long as they are up to date, are…
Cloudflare is actually pretty upfront about which browsers they support. You can find the whole list right in their developer docs. This isn't some secret they're trying to hide from website owners or users - it's right…
BunnyCDN DDoS protection is made to protect their servers and the customers, it's not meant to serve your service as a shield against attacks. This is a common misconception with many providers, they have DDoS…
Banking sites and anybody who suffers from any sort of attack, whether it's scraping, DDoS, bots, bruteforcing... Does everybody get those attacks? Probably not, however, Cloudflare centralizes the attacks into a single…
Things are significantly better now, I can't comment on how good the aid is if you are under attack since we always had a team ready to handle DDoS, however, their follow-up has always been fast. Regarding security…
We get attacked several times a month, we rely on Cloudflare & Corero to mitigate attacks. Cloudflare handles HTTP/s attacks and Corero handles network level attacks. Both require tweaking and are far from being 1-click…
We report each DDoS attack our company receives to a special department our police has, your country likely has something similar and I guess it doesn't hurt reaching out to them. From my experience they will get back…
This is what hCaptcha is currently doing, they are switching the image category every 24-72 hours. How useful is it? Not very. Modern ML models such as mobilenet, resnet or yolo require only a few hundred images for it…
However, that's not a solution but a patch. Google accounts give you a good score and tend to deliver easy captchas while dealing with Recaptcha; however, for this reason, google accounts are being sold and bought…
Ever since ML has reached the "general public", developing models against hearing or vision based CAPTCHAS has become trivial. Sure, you have to emulate or simulate the client JS challenges but when bots are running…
You do not get attacked from Cloudflare with TCP attacks. Somebody is spoofing the IP header and make it seem like Cloudflare is DDoSing you. The only way for somebody to DDoS from Cloudflare would be using workers,…
Adding raw TCP is a big deal, it skips all the existing security stack that focuses on HTTP/S. There is Spectrum and Transit to provide network level protection but... only a few can afford that. Does this mean that TCP…
Just adding some light to the escalations; there were bomb and shoot threats over the last few days. The userbase on the site upped the tone of their "jokes"/threats after the last blog post and thats what caused the…
I understand the point CF is trying to make; however, I still have a hard time trying to ignore many of the content that is being protected by CF. With that being said; I have seen cases where the T&S team flagged…
Their WAF isn't there yet, the moment it can build the expressions you can build with CF (and allows you to have as much visibility into the traffic as CF does), then it might be a solid option, assuming they have the…
L7 DDoS protection and global routing + CDN, there is not a single paygo provider that can handle the capacity CF can, especially not at this price range (mitigated attacks distributed from approximately 50-90k ips,…
There are no alternatives, and those alternatives that did exist back in the day, had to shut down due to either going out of business or not being able to keep a paygo model. Not everybody needs cloudflare, but those…
Those are different products. BIC prevents requests such as empty UAs or corrupted HTTP requests to pass CF without a challenge. Turnstile/Challenges per se don't rely on the UA at all.
I think it's pretty clear you have never worked on fraud protections or bot detections, otherwise you'd understand the struggles of supporting many environments with a single solution, you already have an opinion on…
I think the issue is that Cloudflare tends to be a toggle-and-forget, it's very easy to use and it works for most people. The problem with this setup, is that it sacrifices on both security (because it needs to keep…
You can create a new browser, there are plenty of modern new browsers that aren't considered major and work just fine because they run on top of recent releases of chromium. There are actually hundreds of smaller…
> * If your visitors are using an up-to-date version of a major browser * > * they will receive the challenge correctly. * I'm unsure what part of this isn't clear, major browsers, as long as they are up to date, are…
Cloudflare is actually pretty upfront about which browsers they support. You can find the whole list right in their developer docs. This isn't some secret they're trying to hide from website owners or users - it's right…
BunnyCDN DDoS protection is made to protect their servers and the customers, it's not meant to serve your service as a shield against attacks. This is a common misconception with many providers, they have DDoS…
Banking sites and anybody who suffers from any sort of attack, whether it's scraping, DDoS, bots, bruteforcing... Does everybody get those attacks? Probably not, however, Cloudflare centralizes the attacks into a single…
Things are significantly better now, I can't comment on how good the aid is if you are under attack since we always had a team ready to handle DDoS, however, their follow-up has always been fast. Regarding security…
We get attacked several times a month, we rely on Cloudflare & Corero to mitigate attacks. Cloudflare handles HTTP/s attacks and Corero handles network level attacks. Both require tweaking and are far from being 1-click…
We report each DDoS attack our company receives to a special department our police has, your country likely has something similar and I guess it doesn't hurt reaching out to them. From my experience they will get back…
This is what hCaptcha is currently doing, they are switching the image category every 24-72 hours. How useful is it? Not very. Modern ML models such as mobilenet, resnet or yolo require only a few hundred images for it…
However, that's not a solution but a patch. Google accounts give you a good score and tend to deliver easy captchas while dealing with Recaptcha; however, for this reason, google accounts are being sold and bought…
Ever since ML has reached the "general public", developing models against hearing or vision based CAPTCHAS has become trivial. Sure, you have to emulate or simulate the client JS challenges but when bots are running…
You do not get attacked from Cloudflare with TCP attacks. Somebody is spoofing the IP header and make it seem like Cloudflare is DDoSing you. The only way for somebody to DDoS from Cloudflare would be using workers,…
Adding raw TCP is a big deal, it skips all the existing security stack that focuses on HTTP/S. There is Spectrum and Transit to provide network level protection but... only a few can afford that. Does this mean that TCP…
Just adding some light to the escalations; there were bomb and shoot threats over the last few days. The userbase on the site upped the tone of their "jokes"/threats after the last blog post and thats what caused the…
I understand the point CF is trying to make; however, I still have a hard time trying to ignore many of the content that is being protected by CF. With that being said; I have seen cases where the T&S team flagged…