Malf on 12/9/2025 at 09:17
Edit: NVM, reading comprehension failure on my behalf.
Kubrick on 15/9/2025 at 17:14
Quote Posted by Al_B
I've been manually turning on the block when needed rather than having it enabled at all times - trying to strike the balance between excessive traffic and adding an extra step for genuine members. This is a problem that looks to be a longer term change to the way that bots access the internet and may need to be automated.
In the meantime, if there are general problems then give me a shout by PM or the contact form - I'm still (mostly!) human and will look to sort it as soon as I can.
That explains it. I live in Argentina and I assume that makes my connection suspicious, since I have to check the box every once in a while, but if that's the price I do not mind at all, that's a million times faster than what the forums were like the past week. So yeah, if you wanted imput on how it works for someone potentialy getting a false positive, even then it's working better, so perhaps the block could remain in place in the future!
Al_B on 15/9/2025 at 20:11
Thanks, Kubrick. I suspect with the aggressive filtering enabled it's just suspicious of everyone - it does the same in the UK. I'm still going to keep an eye on it for now and turn on when necessary - it can also have a SEO impact (not necessarily the main concern) as well as being a bit annoying.
WingedKagouti on 15/9/2025 at 20:56
Just now there were 8 members and 5931 "guests" browsing the forum. I would not expect the deluge of crawlers to let up anytime soon.
Azaran on 19/9/2025 at 14:31
Quote Posted by WingedKagouti
Just now there were 8 members and 5931 "guests" browsing the forum. I would not expect the deluge of crawlers to let up anytime soon.
That was the great forum fanclub convention :p
Inline Image:
https://i.postimg.cc/L6tLv096/insidepackage.pngwhitefox on 10/10/2025 at 10:20
I’ve been noticing the same thing lately — pages take forever to load, and sometimes I even get timeout errors when trying to open threads. Seems like the bots are hitting the forum hard again.
Glad to hear Al_B is aware of it and doing what can be done. Thanks for keeping things running! Hopefully the block or some automation can make it a bit smoother for everyone soon.
WingedKagouti on 10/10/2025 at 21:37
The bots are basically just waiting for whenever Cloudflare isn't active to hammer the site. A quick glance at user numbers indicates that Cloudflare filters out about 99% of all connections to the site.
It may not be optimal, but it's either Cloudflare asking for proof of us being human or having a site/forum that may not even respond.
Robin Yu on 21/10/2025 at 22:12
Forgive my ignorance, but could the check be avoided for logged-in users? The bots aren't making accounts yet, right?
WingedKagouti on 22/10/2025 at 11:19
Quote Posted by Robin Yu
Forgive my ignorance, but could the check be avoided for logged-in users? The bots aren't making accounts yet, right?
Simple answer: No.
Longer answer: To check if someone is logged in requires connecting to the site. Cloudflare stops connections from reaching the site until they've cleared the check. Cloudflare does not have privileges to check the login cookies (and it would be a major security hole if they did). If there was a way to validate a user being logged in before Cloudflare activated, it would still require traffic to the site and forum, which would mean the bots would still hammer the site and forum.
Twist on 23/10/2025 at 18:24
That's not accurate, but the most useful and powerful way to handle this at TTLG's scale isn't free.
CloudFlare can filter people who access a site (*before* they access the site at all) by a number of different variables, including a verifiable custom authorization cookie.
That means CloudFlare could check for that authorization cookie before the user ever connects to the site.
It's only a "major security hole" if it isn't handled carefully. Lots of enterprise sites do exactly this. Many major banks are big customers of CloudFlare, and they specifically use this feature to save bandwidth and keep their customers secure but not too annoyed.
For a site of TTLG's scale, however, this would require both money and probably some significant work by the admins. So it's not likely to happen anytime soon, if at all.
Plus I think bots have actually created accounts here, even if it's been rare. Maybe if the admins ever went down this path, they'd only give the CF authorization cookie to full members rather than "new" members.
