It happens several times a year, but I think this one is unusually long and sustained.

The people running it will give up once they figure out that FT isn't going to cave. [MENTION=804859]plunet[/MENTION] posted a better description of how these things work above.

This might be better in the general issues thread but here's what FT looks like for me on mobile after the CloudFlare message appears: https://imgur.com/a/SqsmI4S

(For one thing, I don't use an ad blocker on my phone.)

Cloudflare is relatively new. DDoS attacks on FT, unfortunately, are not.

As I understand it, a DDoS attack can involve thousands of calls on the website, and many addresses. The intercept check prided by Cloudflare may be an occasional minor pita, but the option is a DDoS attack that works - meaning FT is down and unavailable.

Yep, they are still coming up on my phone and computer. Annoying but I'll deal with it over not being able to access FT at all.

Why not use a simpler, straight to the point holding page that isn't such a shameless CloudFlare promotion? I get it that the site is contending with DDoS issues, but certainly a less obnoxious holding page could have been set up for this, no?

First, that "obnoxious" page is on the CloudFare server. So, the FlyerTalk folks may not even be able to customize it.

Second, no offense to the people that run FlyerTalk, but I trust CloudFlare more when it comes to this issue. Personally, I'd rather see a page with CloudFlare branding because I know they are more adept at handling these issues than your average webmaster.

Finally, remember that FlyerTalk is free to you and me.

Cloudflare specialise at this kind of stuff. The "obnoxious" page could possibly be customisable, but probably at significant cost. I've seen that very same page put in front of high profile banking sites previously. You will only see it when an attack is in progress, other times you just get switched through directly to the destination site.

The holding page typically needs to be hosted on separate (CloudFlare in this instance) infrastructure as (1) they have very big pipes to be able to absorb the sometimes massive traffic flows directed at targetted sites - these can typically be multi-gigabit sustained flows that would just conjest and overwhelm the usual connection a site like FlyerTalk might have contracted to have in front of their website. Think of a traffic jam, but a very bad one; maybe Flyertalk usually lives on a two lane highway, but all of a sudden it needs a 20 lane freeway to bring the traffic to the front door, and even then it can't keep up.

And (2) the holding page will have some funky algorithms in it that can self-adjust dynamically based on what is being thrown at FlyerTalk and I would suggest other customers of cloudflare. Many DDoS attacks attempt to overwhelm a website by making lots of connection requests but then never actually asking for a webpage. A bit like kids ringing your doorbell and then running off. Repeat many many many times each second. This is highly specialised stuff that needs to be oursourced to the specialists where they can aggregate their knowledge across mulitple customers.

The attacks can go further into the web application itself, with all manner of ways to try to nobble the website itself - with damage and data loss - if the web application has any latent flaws in it. This can happen at any time, but when it's mixed up in the deluge of a wider attack trying to defend youself from the real nasty stuff when you can't see the wood through the trees is very difficult. Although not a silver bullet, the CloudFlare tech will assist with defeating many attempts to do nasty stuff to the web application itself. And I hasten to add that just because there is an attack there's no specific additional risk that data has been lost or compromised.

Where you had a contractural relationship with a site to provide a service, and they are extracting money from you for the provision of that site, then you would expect them to invest in appropriate protection. But FlyerTalk doesn't cost me anything apart from having adverts on the site, yet the owners are investing their money to keep their brand and webpresence up on the net. It's their commercial decision but probably an honourable one, but there will be a significant dent in their income stream from adverts to pay for the DDoS mitigation.

"Checking your browser"
 

I'm not sure if this is the right place, but does anyone know what the "checking your browser" thing is that has been on the screen the past few days prior to actually accessing the page. Is it legit?

Thanks

The messages are from Cloudflare - https://en.m.wikipedia.org/wiki/Cloudflare

I noticed problems with the site right before the Cloudflare messages started showing up, database connection issues IIRC. I wonder if maybe FT was getting DDOS'd and started using Cloudflare to mitigate that.

Please see: https://www.flyertalk.com/forum/tech...k-cf-wiki.html

I have no problem with the CloudFlare system in general, but it really sucks when you write a posting, click send and then hits the DDoS protection. Then your posting is gone... with some luck you can get it back by double "back" in the browser. But that doesn't work 100% reliable...

I agree CF or something like it is needed. Is FT free? Maybe. Most of us watch plenty of ads. We contribute content to this free site that makes it more valuable.

I confess that only Ads I ever open are ones I hit with fat fingers, and I usually ‘go back’ before they open. Sorry, Intenet Brands :(

A few people have suggested copy and paste.