First, that "obnoxious" page is on the CloudFare server. So, the FlyerTalk folks may not even be able to customize it.

Second, no offense to the people that run FlyerTalk, but I trust CloudFlare more when it comes to this issue. Personally, I'd rather see a page with CloudFlare branding because I know they are more adept at handling these issues than your average webmaster.

Finally, remember that FlyerTalk is free to you and me.

Cloudflare specialise at this kind of stuff. The "obnoxious" page could possibly be customisable, but probably at significant cost. I've seen that very same page put in front of high profile banking sites previously. You will only see it when an attack is in progress, other times you just get switched through directly to the destination site.

The holding page typically needs to be hosted on separate (CloudFlare in this instance) infrastructure as (1) they have very big pipes to be able to absorb the sometimes massive traffic flows directed at targetted sites - these can typically be multi-gigabit sustained flows that would just conjest and overwhelm the usual connection a site like FlyerTalk might have contracted to have in front of their website. Think of a traffic jam, but a very bad one; maybe Flyertalk usually lives on a two lane highway, but all of a sudden it needs a 20 lane freeway to bring the traffic to the front door, and even then it can't keep up.

And (2) the holding page will have some funky algorithms in it that can self-adjust dynamically based on what is being thrown at FlyerTalk and I would suggest other customers of cloudflare. Many DDoS attacks attempt to overwhelm a website by making lots of connection requests but then never actually asking for a webpage. A bit like kids ringing your doorbell and then running off. Repeat many many many times each second. This is highly specialised stuff that needs to be oursourced to the specialists where they can aggregate their knowledge across mulitple customers.

The attacks can go further into the web application itself, with all manner of ways to try to nobble the website itself - with damage and data loss - if the web application has any latent flaws in it. This can happen at any time, but when it's mixed up in the deluge of a wider attack trying to defend youself from the real nasty stuff when you can't see the wood through the trees is very difficult. Although not a silver bullet, the CloudFlare tech will assist with defeating many attempts to do nasty stuff to the web application itself. And I hasten to add that just because there is an attack there's no specific additional risk that data has been lost or compromised.

Where you had a contractural relationship with a site to provide a service, and they are extracting money from you for the provision of that site, then you would expect them to invest in appropriate protection. But FlyerTalk doesn't cost me anything apart from having adverts on the site, yet the owners are investing their money to keep their brand and webpresence up on the net. It's their commercial decision but probably an honourable one, but there will be a significant dent in their income stream from adverts to pay for the DDoS mitigation.

"Checking your browser"
 

I'm not sure if this is the right place, but does anyone know what the "checking your browser" thing is that has been on the screen the past few days prior to actually accessing the page. Is it legit?

Thanks

The messages are from Cloudflare - https://en.m.wikipedia.org/wiki/Cloudflare

I noticed problems with the site right before the Cloudflare messages started showing up, database connection issues IIRC. I wonder if maybe FT was getting DDOS'd and started using Cloudflare to mitigate that.

Please see: https://www.flyertalk.com/forum/tech...k-cf-wiki.html

I have no problem with the CloudFlare system in general, but it really sucks when you write a posting, click send and then hits the DDoS protection. Then your posting is gone... with some luck you can get it back by double "back" in the browser. But that doesn't work 100% reliable...

I agree CF or something like it is needed. Is FT free? Maybe. Most of us watch plenty of ads. We contribute content to this free site that makes it more valuable.

I confess that only Ads I ever open are ones I hit with fat fingers, and I usually ‘go back’ before they open. Sorry, Intenet Brands :(

A few people have suggested copy and paste.

is it impossible to post a new thread??

edit - ah, seems to happen randomly

Cookie needed ?
 

Recently on OS X Safari I get the following message every time I go to my flyer talk page:

Checking your browser before accessing flyertalk.com.

It stays up for a few seconds then I get my flyer talk page. It adds to browser history. It is new feature that is rather annoying and seems like it could be solved with a cookie setting.

Oh and this is hilarious, I got the above after trying to post the message.

Will move this from the Suggestion Box to the appropriate thread in the Technical Support forum.

cblaisd, Co-Moderator

FlyerTalk will get a small amount of money for every advert you could have seen on the page. They get paid more if you click through, whether it is intentional or not. And possibly more again if that click converts to a purchase.

I don't understand the Cloudflare implementation. I use dozens of websites protected by Cloudflare and none of them require me to wait for 5 (or more) seconds while it checks my browser. Is this some kind of throttling?

I'd guess that's just what happens when you go to a Cloudflare-protected site during a heavy, active DDoS attack.

NOT DDoS / CF Security Threat
 

Because it's a potential security issue and whilst i'm sure everyone here are all nice people as it is a potential hole that places account integrity at risk maybe it's best to talk about that potential hole behind closed doors to the correct people so they can fix it rather than telling the whole world what it is and where to go to find it It has NOTHING to do with the cloudflare message but as I was ignored / nobody approached me i'll crack on and leave y'all to it.

Their focus might have been distracted elsewhere with the DDoS. Try sending a PM to [MENTION=2612]JDiver[/MENTION] or any other mod on here.

Understandable of course and with a few names i'll fire one to them. TY for your help.

The staff at IB are the true administrators of this site; moderators are volunteers and have no oversight over technical operations. The IB staff normally are active during US business days and hours in the Pacific Time Zone. I suggest you either use the generic "Contact Us" function https://www.flyertalk.com/help/feedbacktxt.php or reach out to [MENTION=359244]IBobi[/MENTION] or [MENTION=790438]IBJoel[/MENTION].

Opera
 

For some, this Cloudflare thing may be more than just annoying. I've been using the Opera browser on my phone to access FT and Cloudflare is blocking entry completely. Seems it cannot "check my browser" at all.

Moreover, when trying to post this on FT using Safari, the post was lost and a blank screen appeared instead.

Yes that part maybe came across a bit more salty than intended. Thank you as well and I have fired off a PM regarding it.

I'll take the security Sometime last year, I tried to logon to FT to find out I was permanently suspended-I guess in high school terms that meant expelled. :) The issue was that a ton of fake accounts had been set up to spam FT the night before. One with a very similar handle to mine. I got caught up in the sweep to get rid of them. Fortunately, Mrs. Vker has an account and was able to help get me "freed" very quickly.

Sure thing, you can PM it to me. No one was intentionally ignoring you, we just aren't in the office on Saturdays.

IBJoel - will send one over to you. Understand the machinations of the site a little more and again apologies for the perceived saltiness which wasn't my intention.


*** Update: Jdiver has responded to me & said he will pass the info' over to y'all so rather than duplicate things will leave it to him :) ***

This is correct. We experienced a DDoS attack, so Cloudflare went into "high alert"

Fwiw, I did not get CF when I logged in just a few moments ago (and I had recently cleared my cache, cookies and history before logging in)

Cloudflare should be all good now. Threat has passed, so its response was lowered.

We should caution that this doesn't mean CF won't be needed again at any moment, just that for right now there should be fewer service interruptions that there have been.

Just glad IB had it there when needed! And next time, if there is one, we will be more understanding/informed ;)

Agreed ^ and agreed ^ :)

I’m so happy that’s over! Though Cloudflare can be a PITA it’s a small price to pay for a full DDoS crash - and this DDoS went on ~4 days. A pox on whoever was behind it.

Database Errors are back for me today, having to reload 5/6 times to get a page to open!

Same here.

Seems the attack is back, or new, this morning as I'm getting the 5+ second CF message again.

Anyone still getting database errors? Those are usually different than DDoS's.

I saw database errors early in the morning, but nothing lately.

Didn't have any nor did I get "cloudfared" when I logged in earlier this morning at 07:17* and when I logged in a few moments ago (approx 09:40*)

*Pacific time