Dear Members,

I'm sure many of you have noticed that as of today, when you attempt to browse the SON Community, you receive a "performing security verification" notice from Cloudflare, regardless of which browser you use. Sometimes it happens too often as you navigate the website.

Due to max_connections errors that plagued the website over the last few weeks/months, we have been working very hard to remove bad bots, which were the primary culprit behind those errors. As noted in a previous post, over the last year, virtually every website on the planet has been aggressively attacked by bots allegedly originating from countries such as China, Hong Kong, Singapore, Indonesia and Vietnam, among others.

One way to combat the issue was to block these countries outright. However, that didn't always work as bots still made their way through and caused a major issue on June 12, as noted here, when more than 25,000 active users were reported by Google Analytics, which was unimaginable considering the number is generally in the low hundreds.

Cloudflare, which is a content delivery network that helps websites with speed, security and analytics, among other services, says the following about bots:

---

A bot is a software application that is programmed to do certain tasks. Bots are automated, which means they run according to their instructions without a human user needing to manually start them up every time. Bots often imitate or replace a human user's behavior. Typically, they do repetitive tasks, and they can do them much faster than human users can.

Bots usually operate over a network; more than half of Internet traffic is bots scanning content, interacting with webpages, chatting with users, or looking for attack targets. Some bots are useful, such as search engine bots that index content for search or customer service bots that help users. Other bots are "bad" and are programmed to break into user accounts, scan the web for contact information for sending spam, or perform other malicious activities. If it's connected to the Internet, a bot will have an associated IP address.

Bots can be:

• Chatbots: Bots that simulate human conversation by responding to certain phrases with programmed responses

• Web crawlers (Googlebots): Bots that scan content on webpages all over the Internet

• Social bots: Bots that operate on social media platforms

• Malicious bots: Bots that scrape content, spread spam content, or carry out credential stuffing attacks

What is malicious bot activity?

Any automated actions by a bot that violate a website owner's intentions, the site's Terms of Service, or the site's Robots.txt rules for bot behavior can be considered malicious. Bots that attempt to carry out cybercrime, such as identity theft or account takeover, are also "bad" bots. While some of these activities are illegal, bots do not have to break any laws to be considered malicious.

In addition, excessive bot traffic can overwhelm a web server's resources, slowing or stopping service for the legitimate human users trying to use a website or an application. Sometimes this is intentional and takes the form of a DoS or DDoS attack.

Malicious bot activity includes:

• Credential stuffing

• Web/content scraping

• DoS or DDoS attacks

• Brute force password cracking

• Inventory hoarding

• Spam content

• Email address harvesting

• Click fraud

To carry out these attacks and disguise the source of the attack traffic, bad bots may be distributed in a botnet, meaning copies of the bot are running on multiple devices, often without the knowledge of the device owners. Because each device has its own IP address, botnet traffic comes from tons of different IP addresses, making it more difficult to identify and block the source of the malicious bot traffic.

---

So, with the above in mind, we have had to be more aggressive about blocking these bots in any way we can, which is why you are now getting these "performing security verification" notices in your browser before you can interact with or view the SON Community. I'm sure you've seen plenty of other websites with the same security protocols in place.

It does not matter if you are logged in or not, nor what browser you are using. The message will still pop up and quickly disappear, with the understanding that you are human. It's tedious, I know, but necessary. There is no action you need to take to combat this. Though I am looking at ways to reduce their occurrence, if possible, as I have personally noticed that this security protocol is affecting posting capabilities, particularly when inserting photos into a post.

All that said, I just want you to know this was not done to inconvenience anyone. It was done to protect you all and maintain the community's ability to function so that the inconvenience of a few weeks ago does not return.

My only issue with this has been several long comments/replies I've written, and then I get this when I try to post them. However, I realized that if I just open up the original place where my comment was meant to go, it's still there and I just have to re-post it.

6 minutes ago, EricMontreal22 said:

My only issue with this has been several long comments/replies I've written, and then I get this when I try to post them. I realized that if I just open up the original place where my comment was meant to go, it's still there and I just have to re-post it.

SON has been that way for a long time, thankfully. Whatever thread you start to post something on, if you walk away without submitting, or get interrupted or distracted and never finish typing -- it automatically saves your draft in the thread. Just click on whatever thread you were on, and begin to click to start a new reply, and your draft will display. I don't know how long it retains drafts, but it's a great thing if you get interrupted or temporarily lose internet connection.

_ _ _ _

Edit to add: LOL when I tried to post that, the cloudfare thing popped up then disappeared like it's supposed to. -- and just like you said -- my post seemed to have been lost since it wasn't posted. So I opened up the window to start the new the new post, and YAY my draft was still there so I just clicked submit.

Edited 19 hours ago19 hr by janea4old

UPDATE: Unless and until it is absolutely otherwise necessary, I've made a rule that skips traffic originating from the United States, Canada and the United Kingdom, the three countries with the most visitors to the SON Community, from having to deal with the verification check.

Those postings from the aforementioned countries should no longer be subject to the verification check. If that's not the case for you, please let me know. Ideally, if it occurs but not as frequently, that should be fine.

11 minutes ago, janea4old said:

Whatever thread you start to post something on, if you walk away without submitting, or get interrupted or distracted and never finish typing -- it automatically saves your draft in the thread. Just click on whatever thread you were on, and begin to click to start a new reply, and your draft will display.

Not anymore it doesn't. Not for me in a long while, or most of the time.

That's not me filing a complaint, to be clear. The site has more pressing issues, I can handle it.

This was my first experience with that--but that's great to know! Especially since I tend to ramble on and on and then it's pretty disheartening to think that may be lost.

Good to know that all is not lost ;)

Thanks Errol!

7 minutes ago, Errol said:

UPDATE: Unless and until it is absolutely otherwise necessary, I've made a rule that skips traffic originating from the United States, Canada and the United Kingdom, the three countries with the most visitors to the SON Community, from having to deal with the verification check.

Those postings from the aforementioned countries should no longer be subject to the verification check. If that's not the case for you, please let me know. Ideally, if it occurs but not as frequently, that should be fine.

Really appreciate that!

That "save draft" feature works for me on my ancient windows 10 desktop computer on Chrome browser. Haven't tested other browsers or my phone for that.

Edited 19 hours ago19 hr by janea4old

1 hour ago, Vee said:

Not anymore it doesn't. Not for me in a long while, or most of the time.

That's not me filing a complaint, to be clear. The site has more pressing issues, I can handle it.

Saving drafts is a system default built into our forum software. It should only be needed if you have a lingering post but were interrupted in publishing due to issues noted above, though it is supposed to be temporary. Do you often have posts you haven't published yet that just disappear without saving at least some of them? Only the most recent post you were typing in will retain data, while a separate post that wasn't finished won't.

Thank you @Errol for all that you do to help keep Soap Opera Network running and functional. It's a tireless, thankless thing that you do.