Re: Captchas on Cloudflare-Proxied Sites

[Rich Kulawiec via NANOG <nanog () lists nanog org>]

On Tue, Jul 01, 2025 at 09:16:02PM -0500, Josh Reynolds via NANOG wrote:
> The problem is the bots.

Bots are certainly a problem, but only one of many.  There are also
enormous cloud operations (*cough*) that are systemic and persistent
sources and sinks of abuse and attacks; there are hosting operations
that are the same; there are "security researchers" that launch repeated
attacks; there's the IOT (which is why the "dumpsterfire" mailing list
exists); there are large email operations that source/sink/support
spam and phishing; there are ~1000 worthless gTLDs that are overrun
with abusers; there are rapacious/abusive AI operations; and there are,
unfortunately, a fair number of people pushing idiotic security theater
(e.g., captchas, passkeys) that doesn't solve these problems, only
(a) covers them up and/or (b) makes them worse.

The best solutions I've found for these are combinations of null routing,
firewall rules (including geographic restrictions), and members-only
web sites.  (E.g., dumpsterfire's archive is no longer public because
of AI crawlers.)

We can't have nice things generously built for the common good any more
because there are too many selfish and greedy thugs who don't care about
anything except their own wealth, power, and egos.

---rsk
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/47PAZBXAJ25OD4U2262UBCRTBLOR52ES/