Dear Members,
I'm sure many of you have noticed that as of today, when you attempt to browse the SON Community, you receive a "performing security verification" notice from Cloudflare, regardless of which browser you use. Sometimes it happens too often as you navigate the website.
Due to max_connections errors that plagued the website over the last few weeks/months, we have been working very hard to remove bad bots, which were the primary culprit behind those errors. As noted in a previous post, over the last year, virtually every website on the planet has been aggressively attacked by bots allegedly originating from countries such as China, Hong Kong, Singapore, Indonesia and Vietnam, among others.
One way to combat the issue was to block these countries outright. However, that didn't always work as bots still made their way through and caused a major issue on June 12, as noted here, when more than 25,000 active users were reported by Google Analytics, which was unimaginable considering the number is generally in the low hundreds.
Cloudflare, which is a content delivery network that helps websites with speed, security and analytics, among other services, says the following about bots:
A bot is a software application that is programmed to do certain tasks. Bots are automated, which means they run according to their instructions without a human user needing to manually start them up every time. Bots often imitate or replace a human user's behavior. Typically, they do repetitive tasks, and they can do them much faster than human users can.
Bots usually operate over a network; more than half of Internet traffic is bots scanning content, interacting with webpages, chatting with users, or looking for attack targets. Some bots are useful, such as search engine bots that index content for search or customer service bots that help users. Other bots are "bad" and are programmed to break into user accounts, scan the web for contact information for sending spam, or perform other malicious activities. If it's connected to the Internet, a bot will have an associated IP address.
Bots can be:
Chatbots: Bots that simulate human conversation by responding to certain phrases with programmed responses
Web crawlers (Googlebots): Bots that scan content on webpages all over the Internet
Social bots: Bots that operate on social media platforms
Malicious bots: Bots that scrape content, spread spam content, or carry out credential stuffing attacks
What is malicious bot activity?
Any automated actions by a bot that violate a website owner's intentions, the site's Terms of Service, or the site's Robots.txt rules for bot behavior can be considered malicious. Bots that attempt to carry out cybercrime, such as identity theft or account takeover, are also "bad" bots. While some of these activities are illegal, bots do not have to break any laws to be considered malicious.
In addition, excessive bot traffic can overwhelm a web server's resources, slowing or stopping service for the legitimate human users trying to use a website or an application. Sometimes this is intentional and takes the form of a DoS or DDoS attack.
Malicious bot activity includes:
Credential stuffing
Web/content scraping
DoS or DDoS attacks
Brute force password cracking
Inventory hoarding
Spam content
Email address harvesting
Click fraud
To carry out these attacks and disguise the source of the attack traffic, bad bots may be distributed in a botnet, meaning copies of the bot are running on multiple devices, often without the knowledge of the device owners. Because each device has its own IP address, botnet traffic comes from tons of different IP addresses, making it more difficult to identify and block the source of the malicious bot traffic.
So, with the above in mind, we have had to be more aggressive about blocking these bots in any way we can, which is why you are now getting these "performing security verification" notices in your browser before you can interact with or view the SON Community. I'm sure you've seen plenty of other websites with the same security protocols in place.
It does not matter if you are logged in or not, nor what browser you are using. The message will still pop up and quickly disappear, with the understanding that you are human. It's tedious, I know, but necessary. There is no action you need to take to combat this. Though I am looking at ways to reduce their occurrence, if possible, as I have personally noticed that this security protocol is affecting posting capabilities, particularly when inserting photos into a post.
All that said, I just want you to know this was not done to inconvenience anyone. It was done to protect you all and maintain the community's ability to function so that the inconvenience of a few weeks ago does not return.
By
Errol ·
Create an account or sign in to comment