I've read about Cloudflare in the news recently.

Not for the best reasons...I'll let others google it if they want.

FT is up, so whatever they do seems to be working.

Being a jackass. Logic doesn't always prevail.

Can we make this a sticky or announcement across all boards? Didn't know what was going on till I googled 'cloudflare flyertalk' after getting errors all day.

The shrug wasn't about the issue. it was in response to the post wondering why someone would DDOS FT.

I get that. My comment stands. This is a DDOS, not a hack per se. Still, what is IB doing to protect this site and protect our personal info, including passwords? This deserves more than a shrug. Whatever.

Does DDOS threaten any passwords or personal data? I thought it just takes websites down (although I'm definitely no expert).

In any case, if you *are* an expert, you'll surely have different passwords on every single website account you access, so nothing to worry about...

THat's correct. Who knows why someone would want to knock the site offline.

Even non-experts can use a password manager to generate and store unique passwords for every site. I use LastPass.

The CloudFlare thing doesn't bug me as much as every image and CSS being broken when the page finally does load. Weirdly, however, the breakage only happens on my phone and not on my PC.

You're certainly right about passwords. Password manager is helpful. I would still like to know if this is only a DDOS attack or something more.

at least we are viewed by someone as important enough to get attacked LOL

DL/AA/UA/WN/AS/AF/BA/etc, take notice! :D

I'm not really worried. I changed my password to my$password. No one will guess that!

Perhaps I'm a cynic, but the DDoS attack certainly appears to be beneficial to Cloudflare. It's certainly not outside the realm of possibility that the "hacker" is a stakeholder. :eek:

Meanwhile, I am now unable to connect to Flyertalk at all on my older iPad Mini.

It's like the whole snopes thing...

https://cimg7.ibsrv.net/gimg/www.fly...f1c0a677c5.png

But the DDoS note explains the Cloudflare message before getting onto FT this morning. Thanks for the update, mods.

That's also the conspiracy theory behind anti-virus vendors.

DDos attacks have been used to extort money from sites. After the attack is started the attackers then send the admins an email offering to stop for a certain number of bitcoins.

The Wikipedia page of Cloudfare makes for interesting reading. Seems this company is very far from being clean and ethical.

I'm still receiving the CloudFlare message today.

If the DDoS attacks are continuing, CloudFlare will keep activating. I guess we just have to accept this is what can happen on the www.

How long does a DDoS attack go on for? Over 24hrs now that I've been getting the cloudflare pop up every time I do anything. Wish i'd thought to come look for this before losing substantial reply posts to it. Hope the IT bods can get it sorted sooner rather than later.

I see it on PC and mobile. Google chrome.

As IBobi has said up thread, there really is nothing the IT bods can do other than sit the attack out. At some point it'll stop, and the message won't appear. As might have been gathered from other posts, no-one is immune from having to be filtered through the protection 'gate' - including all the moderators.

The alternative to having to wait a few seconds to get in is that the site is taken down completely for an unspecified and unknown period of time - that's a much bigger disaster. On balance, I would say this is the right and practical approach.

The cloudflare messages will continue to appear until the attack subsides. The holding page is making a technical assessment that your request is genuine. If this wasn't done the site would typically be on its knees and unresponsive.

Without knowing the details this is most likely an attempt at blackmail. Assuming its blackmail, the attackers are waiting to see if the site owners pay the bitcoins (or other cryptocurrency) to stop the attack. At some point the budget the attackers have to fund the attack (they typically rent attack resource also paid in bitcoins) will run out, and everyone moves on. If you're really lucky law enforcement might get an angle on the perpetrators of the attack, but that's fairly rare.

Having seen the consequences of denial of service attacks elsewhere, FlyerTalk are at a technical level well prepared and have the right defenses in place, and although the holding page and database errors are inconvenient, they are doing the right thing so bear with them. At the current time the only thong iithink they could to do to improve might be a sticky announcement might help spread the word that they are busy working on the issue.

Checking your browser
 

What is it with this "checking your browser before accessing flyertalk.com" nonsense?

It's totally annoying.

Ditto.

I have no dog in the fight and no interest in Cloudflare and no reason to defend them against any statements, true or not, but your comment piqued my interest and so I went looking for what you're alluding to...and I don't see it.

https://en.wikipedia.org/wiki/Cloudf..._controversies

I've kind of always felt that Cloudflare was the lazy way out, but I have nothing to base that upon. Just curious, what would a better solution be?

Possible Security Breach
 

Hi IT / Admin I know you've been having issues last couple days and don't wish to add to them but could one of you PM about a sec breach I will spotted. Don't want to put details in open forum for obvious details but feel free to PM me or use the email registered to my account and will send you details.

Relative Newbie here so wasn't sure who to reach out to. Any knowledgeable FTs who know who is good for such things please tag them / make them aware if you would be so kind

Thanks in advance

Why would you not post further details? Kind of pointless without. Are you referring to the 'Checking Your Browser' message?

I got that today, LE, is that a known issue?

I seem to have been logged out of a couple sites on my home machine, this one and CC so far

Yeah, this is driving me nuts.

TURN IT OFF! Or at least find a better solution to block the attacks.

Please. :)

I get that the holding page is annoying, but do you have any suggestions on better solutions to keep web services up whilst unknown 3rd parties are trying to bring the site down in a sustained attack from many random and changing source addresses? If you don't have the holding page there would be no FlyerTalk at the moment.

How often has FT been under a DDOS attack? I cannot remember ever seeing these CloudFare messages before. Was I just not paying attention?

It happens several times a year, but I think this one is unusually long and sustained.

The people running it will give up once they figure out that FT isn't going to cave. [MENTION=804859]plunet[/MENTION] posted a better description of how these things work above.

This might be better in the general issues thread but here's what FT looks like for me on mobile after the CloudFlare message appears: https://imgur.com/a/SqsmI4S

(For one thing, I don't use an ad blocker on my phone.)

Cloudflare is relatively new. DDoS attacks on FT, unfortunately, are not.

As I understand it, a DDoS attack can involve thousands of calls on the website, and many addresses. The intercept check prided by Cloudflare may be an occasional minor pita, but the option is a DDoS attack that works - meaning FT is down and unavailable.

Yep, they are still coming up on my phone and computer. Annoying but I'll deal with it over not being able to access FT at all.

Why not use a simpler, straight to the point holding page that isn't such a shameless CloudFlare promotion? I get it that the site is contending with DDoS issues, but certainly a less obnoxious holding page could have been set up for this, no?