MX Linux Forum

Posted: **Sat Oct 12, 2024 3:17 pm**

Snapshot created on: 20220315_1001
System:    Kernel: 5.10.0-33-amd64 [5.10.226-1] x86_64 bits: 64 compiler: gcc v: 10.2.1 
           parameters: BOOT_IMAGE=/boot/vmlinuz-5.10.0-33-amd64 root=UUID=<filter> ro quiet splash 
           Desktop: Xfce 4.18.1 tk: Gtk 3.24.24 info: xfce4-panel wm: xfwm 4.18.0 vt: 7 
           dm: LightDM 1.26.0 Distro: MX-21.3_x64 Wildflower October 20  2021 
           base: Debian GNU/Linux 11 (bullseye) 
Machine:   Type: Desktop System: Gigabyte product: N/A v: N/A serial: <filter> Chassis: type: 3 
           serial: <filter> 
           Mobo: Gigabyte model: F2A88X-UP4 v: x.x serial: <filter> UEFI: American Megatrends 
           v: F8a date: 12/14/2015 
CPU:       Info: Quad Core model: AMD A10-7850K Radeon R7 12 Compute Cores 4C+8G bits: 64 
           type: MCP arch: Steamroller family: 15 (21) model-id: 30 (48) stepping: 1 
           microcode: 6003106 cache: L2: 2 MiB 
           flags: avx lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 29545 
           Speed: 1696 MHz min/max: 1700/3700 MHz boost: enabled Core speeds (MHz): 1: 1696 
           2: 1696 3: 1696 4: 1696 
           Vulnerabilities: Type: gather_data_sampling status: Not affected 
           Type: itlb_multihit status: Not affected 
           Type: l1tf status: Not affected 
           Type: mds status: Not affected 
           Type: meltdown status: Not affected 
           Type: mmio_stale_data status: Not affected 
           Type: reg_file_data_sampling status: Not affected 
           Type: retbleed mitigation: untrained return thunk; SMT vulnerable 
           Type: spec_rstack_overflow status: Not affected 
           Type: spec_store_bypass 
           mitigation: Speculative Store Bypass disabled via prctl and seccomp 
           Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization 
           Type: spectre_v2 
           mitigation: Retpolines, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected 
           Type: srbds status: Not affected 
           Type: tsx_async_abort status: Not affected 
Graphics:  Device-1: AMD Kaveri [Radeon R7 Graphics] vendor: Gigabyte driver: radeon v: kernel 
           alternate: amdgpu bus-ID: 00:01.0 chip-ID: 1002:130f class-ID: 0300 
           Display: x11 server: X.Org 1.20.11 compositor: xfwm4 v: 4.18.0 driver: 
           loaded: ati,radeon unloaded: fbdev,modesetting,vesa display-ID: :0.0 screens: 1 
           Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.0x11.2") 
           s-diag: 582mm (22.9") 
           Monitor-1: HDMI-0 res: 1920x1080 dpi: 82 size: 598x336mm (23.5x13.2") diag: 686mm (27") 
           OpenGL: renderer: AMD KAVERI (DRM 2.50.0 5.10.0-33-amd64 LLVM 11.0.1) 
           v: 4.5 Mesa 20.3.5 direct render: Yes 
Audio:     Device-1: AMD Kaveri HDMI/DP Audio vendor: Gigabyte driver: snd_hda_intel v: kernel 
           bus-ID: 00:01.1 chip-ID: 1002:1308 class-ID: 0403 
           Device-2: AMD FCH Azalia vendor: Gigabyte driver: snd_hda_intel v: kernel 
           bus-ID: 00:14.2 chip-ID: 1022:780d class-ID: 0403 
           Sound Server-1: ALSA v: k5.10.0-33-amd64 running: yes 
           Sound Server-2: PulseAudio v: 14.2 running: yes 
Network:   Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet vendor: Gigabyte 
           driver: r8169 v: kernel port: e000 bus-ID: 01:00.0 chip-ID: 10ec:8168 class-ID: 0200 
           IF: eth0 state: up speed: 1000 Mbps duplex: full mac: <filter> 
Drives:    Local Storage: total: 2.81 TiB used: 249.2 GiB (8.7%) 
           SMART Message: Unable to run smartctl. Root privileges required. 
           ID-1: /dev/sda maj-min: 8:0 vendor: Silicon Power model: SPCC Solid State Disk 
           size: 953.87 GiB block-size: physical: 512 B logical: 512 B speed: 6.0 Gb/s type: SSD 
           serial: <filter> rev: 4A0 scheme: GPT 
           ID-2: /dev/sdb maj-min: 8:16 vendor: Seagate model: ST2000DM001-1CH164 size: 1.82 TiB 
           block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s type: HDD rpm: 7200 
           serial: <filter> rev: CC27 scheme: GPT 
           ID-3: /dev/sdc maj-min: 8:32 type: USB vendor: SMI (STMicroelectronics) model: USB DISK 
           size: 58.59 GiB block-size: physical: 512 B logical: 512 B type: N/A serial: <filter> 
           rev: 1100 scheme: MBR 
           SMART Message: Unknown USB bridge. Flash drive/Unsupported enclosure? 
Partition: ID-1: / raw-size: 30.5 GiB size: 29.85 GiB (97.87%) used: 13.4 GiB (44.9%) fs: ext4 
           dev: /dev/sda2 maj-min: 8:2 
           ID-2: /boot/efi raw-size: 512 MiB size: 511 MiB (99.80%) used: 288 KiB (0.1%) fs: vfat 
           dev: /dev/sda1 maj-min: 8:1 
           ID-3: /home raw-size: 30.5 GiB size: 29.85 GiB (97.87%) used: 20.17 GiB (67.6%) 
           fs: ext4 dev: /dev/sda3 maj-min: 8:3 
Swap:      Kernel: swappiness: 15 (default 60) cache-pressure: 100 (default) 
           ID-1: swap-1 type: partition size: 2 GiB used: 0 KiB (0.0%) priority: -2 dev: /dev/sdb1 
           maj-min: 8:17 
Sensors:   System Temperatures: cpu: 33.0 C mobo: N/A gpu: radeon temp: 7.0 C 
           Fan Speeds (RPM): cpu: 2191 fan-2: 645 fan-3: 0 fan-4: 0 fan-5: 0 
           Power: 12v: N/A 5v: N/A 3.3v: N/A vbat: 3.17 
Repos:     Packages: 2373 note: see --pkg apt: 2367 lib: 1218 flatpak: 6 
           No active apt repos in: /etc/apt/sources.list 
           Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list 
           1: deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/debian.list 
           1: deb http://deb.debian.org/debian/ bullseye main contrib non-free
           2: deb http://security.debian.org/debian-security/ bullseye-security main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/mx.list 
           1: deb http://la.mxrepo.com/mx/repo/ bullseye main non-free
           Active apt repos in: /etc/apt/sources.list.d/extrepo_librewolf.sources 
           1: deb [arch=amd64 arm64] https://repo.librewolf.net librewolf main
Info:      Processes: 269 Uptime: 4d 14h 37m wakeups: 1 Memory: 30.31 GiB used: 3.88 GiB (12.8%) 
           Init: SysVinit v: 2.96 runlevel: 5 default: 5 tool: systemctl Compilers: gcc: 10.2.1 
           alt: 10 Client: shell wrapper v: 5.1.4-release inxi: 3.3.06 
Boot Mode: UEFI

And then again when I want to login to the forum.

This started today on all my browers, Firefox, Pale Moon and LibreWolf.

I had over 30 updates before shutting down last night.

It does it using the MX Viewer too.

https://imgur.com/1u7Bnmk.png

It also does it when the page is reloaded to see if there are any new posts. It also does it on another machine with MX-21.3.

Posted: **Sat Oct 12, 2024 3:19 pm**

Please read the announcement: viewtopic.php?p=794130

Posted: **Sat Oct 12, 2024 4:55 pm**

... Very difficult to be connected into https://forum.mxlinux.org with the Cloudflare filter (Here I am under Firefox, and without HTML5 autoplay and it is OK, but do not work with Palemoon)

"I can confirm the clearing of the cookies for the forum at least fixes the eternal loop and never getting the box to tick issue."
No enough for me.

Posted: **Sat Oct 12, 2024 5:24 pm**

Yea, when I refresh the forum page it logs me out....

Posted: **Sat Oct 12, 2024 5:26 pm**

When logging in have you ticked the keep me logged in box?

Posted: **Sat Oct 12, 2024 5:27 pm**

Yes, it's ticked.

Posted: **Sat Oct 12, 2024 5:36 pm**

Germ wrote: Sat Oct 12, 2024 5:24 pm Yea, when I refresh the forum page it logs me out....

It does that to me too if I use the page reload function in Chrome, but it doesn't if I use the Board Index button instead.

Posted: **Sat Oct 12, 2024 5:52 pm**

You need to click Board Index before starting refreshes after logging in, or it will try to reload that captcha page.

Also, if you refresh too much it'll think you are a bot.

Posted: **Sat Oct 12, 2024 6:00 pm**

OK, I'll give that a try.

Posted: **Sat Oct 12, 2024 6:38 pm**

The cloudflare captcha borks firefox on debian... possibly not a great idea for a debian based distro.

Posted: **Sat Oct 12, 2024 6:58 pm**

manyroads wrote: Sat Oct 12, 2024 6:38 pm The cloudflare captcha borks firefox on debian... possibly not a great idea for a debian based distro.

Yes ... +1

Posted: **Sat Oct 12, 2024 7:10 pm**

oops wrote: Sat Oct 12, 2024 6:58 pm
manyroads wrote: Sat Oct 12, 2024 6:38 pm The cloudflare captcha borks firefox on debian... possibly not a great idea for a debian based distro.
Yes ... +1

Plus I used a tab reloader to reload the page for me. I only login when I can help someone.

Posted: **Sun Oct 13, 2024 4:02 am**

Using Firefox,
Trying to translate to English I get:

Verifying you are human. This may take a few seconds.

apparently "a few" is more than 600 seconds...

... or never

In the compromise between security and convenience security won big.
Once I show I am human, is there no way of flagging that as 'true' for the next , say, two hours?
Edited to add: and yes, I have emptied cache, and deleted what appear to be the relevant cookies.

Posted: **Sun Oct 13, 2024 4:22 am**

C'mon, be patient.
Such attacks can't be fixed in a few hours and cause inconvenience (that's why the 'hackers' do it).

Posted: **Sun Oct 13, 2024 4:51 am**

Yesterday Cloudflare thing started for mxlinux.org. I have it for the CF forum as well

Posted: **Sun Oct 13, 2024 5:27 am**

If you haven't read the announcement yet: viewtopic.php?t=82297

Posted: **Sun Oct 13, 2024 5:37 am**

From https://developers.cloudflare.com/waf/r ... er-support:

...
Visitors must enable JavaScript and cookies on their browser to be able to pass any type of challenge.
...

Surely this is unacceptable?

Also, the WebGL API used by CF is not supported in quite a few JS-capable browsers in the MX repos.

Posted: **Sun Oct 13, 2024 5:59 am**

/df wrote: Sun Oct 13, 2024 5:37 am From https://developers.cloudflare.com/waf/r ... er-support:

...
Visitors must enable JavaScript and cookies on their browser to be able to pass any type of challenge.
...
Surely this is unacceptable?

Also, the WebGL API used by CF is not supported in quite a few JS-capable browsers in the MX repos.

Would you rather that we capitulate and let the DDoS take us down?

Posted: **Sun Oct 13, 2024 6:01 am**

Hi:
With Cloudflare's filtering, the dark mode of the web with the “Dark Reader” extension is not working for me.
Anybody else has this happened, any solution, due to visual problems I find it essential to see the web in dark mode....

Best regards

Posted: **Sun Oct 13, 2024 6:20 am**

Senpai wrote: Sun Oct 13, 2024 6:01 am Hi:
With Cloudflare's filtering, the dark mode of the web with the “Dark Reader” extension is not working for me.
Anybody else has this happened, any solution, due to visual problems I find it essential to see the web in dark mode....

Best regards

No issues here with dark-mode enabled librewolf, as shown in attached image;
View:

lw-dark-mode.jpg

Reply:

lw-dark-mode-reply.jpg

Posted: **Sun Oct 13, 2024 6:33 am**

I'm using Vivaldi as my standard browser, and simply pin the Forum tab and then refresh it the next time I want to check what's happening.Only works for a while...

Posted: **Sun Oct 13, 2024 6:36 am**

fehlix wrote: Sun Oct 13, 2024 6:20 am
Senpai wrote: Sun Oct 13, 2024 6:01 am Hi:
With Cloudflare's filtering, the dark mode of the web with the “Dark Reader” extension is not working for me.
Anybody else has this happened, any solution, due to visual problems I find it essential to see the web in dark mode....

Best regards
No issues here with dark-mode enabled librewolf, as shown in attached image;
View:lw-dark-mode.jpg
Reply:lw-dark-mode-reply.jpg

Well, in firefox it looks like this, only in the forum website, I'll try in Librewolf...
Greetings

Posted: **Sun Oct 13, 2024 6:55 am**

Senpai wrote: Sun Oct 13, 2024 6:36 am Well, in firefox it looks like this, only in the forum website, I'll try in Librewolf...
Greetings

You would need disable lw's rfp (resist finger printing), I have two lw profiles enabled normal-light (with lw's default protection)
and dark-mode. Normally using default light mode, but sometimes dark mode:
Access to choose profile light or dark with right-click to select profile:

lw-right-click-profiles.jpg

PS: Pale Moon seems also have no issue, sending this with PaleMoon.
++EDIT+++
To be clear, works for me with both default librewolfs profile with RFP (resist fingerprinting enabled)
and dark-mode:
Light captcha:

captach-light.jpg

Dark captcha:

captcha-dark.jpg

Posted: **Sun Oct 13, 2024 7:10 am**

j2mcgreg wrote: Sun Oct 13, 2024 5:59 am ...
Would you rather that we capitulate and let the DDoS take us down?

See (eg) xcancel.com for a captcha that would work without enabling the exact technologies that are most likely to damage users.

If no-one asks CF for a non-Web-breaking solution, they'll just keep on blocking in the same way.

Posted: **Sun Oct 13, 2024 7:20 am**

/df wrote: Sun Oct 13, 2024 7:10 am
j2mcgreg wrote: Sun Oct 13, 2024 5:59 am ...
Would you rather that we capitulate and let the DDoS take us down?
See (eg) xcancel.com for a captcha that would work without enabling the exact technologies that are most likely to damage users.

If no-one asks CF for a non-Web-breaking solution, they'll just keep on blocking in the same way.

We are not only working with Cloudflare but also our hosting service.

Posted: **Sun Oct 13, 2024 7:23 am**

/df wrote: Sun Oct 13, 2024 7:10 am
j2mcgreg wrote: Sun Oct 13, 2024 5:59 am ...
Would you rather that we capitulate and let the DDoS take us down?
See (eg) xcancel.com for a captcha that would work without enabling the exact technologies that are most likely to damage users.

If no-one asks CF for a non-Web-breaking solution, they'll just keep on blocking in the same way.

I don't see how that helps. I went to that address and it prompts for a user name and for a donation but provides no other information about their service. I would have dug deeper but there are no entry points to do so.

Posted: **Sun Oct 13, 2024 7:48 am**

With nordvpn enabled, I can't get past the cloudflare page.

see my post in the recent nordvpn page
viewtopic.php?p=794315#p794315

I was able to access another website that uses cloudflare, even with vpn on.

While it may not be a big deal for me as I don't regularly use vpn, this might impact a significant number of other users.

Posted: **Sun Oct 13, 2024 8:32 am**

we did try to lower the security level last nite. and the forum almost immediately went down.

I would settle in for the long haul. having the captcha is better than not having the forum.

also, I have zero problems with firefox and the captcha. can't say about conflicts with third-party extensions, that could happen I suppose, depending on the extension.

the time to get to forum is not related to the captcha. even with the captcha, we are still being hammered by bots and so occasionally its still going to slow down from time.

one other thing richb told me...one of the behaviors that the anti-bot tech looks for is rapid refreshes.

Posted: **Sun Oct 13, 2024 8:55 am**

Extremely Minor Issue:

My DarkReader 3rd-Party-App for Firefox is not working so well with the recent changes.

Given what's going on with the DDoS & Bot Attacks, I will wait it out and/or forgo the dark mode with DarkReader!

Stay Strong, MX

Do-ers of Evil:

MX-Team: Please let me/us know if there's anything we, simple Forum users can do to help stop the madness !

Posted: **Sun Oct 13, 2024 9:00 am**

I looked around.. found https://midnight-lizard.org on reddit as a similar thing to dark reader, some even said it was better.

Other than that, I have no experience with it other than finding it on there

Maybe that works better with CF.

Posted: **Sun Oct 13, 2024 9:02 am**

dolphin_oracle wrote: Sun Oct 13, 2024 8:32 am we did try to lower the security level last nite. and the forum almost immediately went down.

I would settle in for the long haul. having the captcha is better than not having the forum.

also, I have zero problems with firefox and the captcha. can't say about conflicts with third-party extensions, that could happen I suppose, depending on the extension.

the time to get to forum is not related to the captcha. even with the captcha, we are still being hammered by bots and so occasionally its still going to slow down from time.

one other thing richb told me...one of the behaviors that the anti-bot tech looks for is rapid refreshes.

Noted. OK, I'll leave the MX tab open in FF, instead of closing it and then having to go through CF again when I access the forum again.

Thanks, everyone dealing with the DDoS attacks on our forum!

Posted: **Sun Oct 13, 2024 9:09 am**

Eadwine Rose wrote: Sun Oct 13, 2024 9:00 am I looked around.. found https://midnight-lizard.org on reddit as a similar thing to dark reader, some even said it was better.

Other than that, I have no experience with it other than finding it on there Maybe that works better with CF.

Thanks for That

Will look into it.

Posted: **Sun Oct 13, 2024 9:17 am**

@Eadwine Rose

Eadwine: "You Are My Only Hope"

Yeah, just installed it, and works right OOTB, with MANY MORE themes than Dark Reader.

Now I have more things to play with in this Digital Life

Posted: **Sun Oct 13, 2024 9:20 am**

Wow, that is awesome, good to hear it!

Posted: **Sun Oct 13, 2024 9:22 am**

My 2 Cents:

With Slimjet (Chromium based) I never see Captcha . Just verifying you're a human, that's it. Not so bad.

Posted: **Sun Oct 13, 2024 9:26 am**

Eadwine Rose wrote: Sun Oct 13, 2024 9:00 am I looked around.. found https://midnight-lizard.org on reddit as a similar thing to dark reader, some even said it was better.

Other than that, I have no experience with it other than finding it on there Maybe that works better with CF.

I've had to resort to Midnight Lizard to get the forum to display in black as Dark Reader no longer works also (LW 131.0.2-1).
The web site still works with Dark Reader.

Posted: **Sun Oct 13, 2024 9:40 am**

I can confirm the same with MX Website ("MX Blog") working with Dark Reader.
Yeah, but not the Forum-- I'm using Midnight Lizard for the Forum.

Posted: **Sun Oct 13, 2024 10:22 am**

Eadwine Rose wrote: Sun Oct 13, 2024 9:00 am I looked around.. found https://midnight-lizard.org on reddit as a similar thing to dark reader, some even said it was better.

Other than that, I have no experience with it other than finding it on there Maybe that works better with CF.

I used to use “Midnight-Lizard”, I stopped using it because it gave me some problems in Transifex, but now I have solved this problem with “Dark Reader” and the forum, thank you.

Posted: **Sun Oct 13, 2024 11:56 am**

Does this CF thing only affect the forums or the whole site?
The news/blog RSS feed appears to be not working in Thunderbird.

Posted: **Sun Oct 13, 2024 11:59 am**

Was this feed working before?

To be clear: this one, right? https://mxlinux.org/category/blog/feed/

Posted: **Sun Oct 13, 2024 12:11 pm**

It effects mxlinux.org and the forum.

Posted: **Sun Oct 13, 2024 12:21 pm**

Eadwine Rose wrote: Sun Oct 13, 2024 9:20 am Wow, that is awesome, good to hear it!

"And Loving It..."

For extra credit, name that 60s TV show quote

Posted: **Sun Oct 13, 2024 12:31 pm**

And the worry about chinese spyware LOL .Rotten cloudflare so many site you cant log in anymore.lucky7 Lucky can stil login by tor here else it one more site closed :(

Posted: **Sun Oct 13, 2024 12:50 pm**

Kermit the Frog wrote: Sun Oct 13, 2024 9:22 am My 2 Cents:

With Slimjet (Chromium based) I never see Captcha . Just verifying you're a human, that's it. Not so bad.

I see the same with Firefox ESR, haven't seen or had to do the captcha thingo, just have to allow cloudflare with uBlock Origin then click the verify you're a human checkbox.

Posted: **Sun Oct 13, 2024 12:52 pm**

That is the way it is setup, as I know. Just the verify you are human box.

Posted: **Sun Oct 13, 2024 3:15 pm**

Eadwine Rose wrote: Sun Oct 13, 2024 11:59 am Was this feed working before?

To be clear: this one, right? https://mxlinux.org/category/blog/feed/

Yes and yes.

Posted: **Sun Oct 13, 2024 4:11 pm**

hello
antix-viewer and MX-Viewer result "Please unblock challenges.cloudflare.com to proceed."

Posted: **Sun Oct 13, 2024 4:12 pm**

We cannot do that. Please read this post in this very thread.
viewtopic.php?p=794319#p794319

dolphin_oracle wrote: Sun Oct 13, 2024 8:32 am we did try to lower the security level last nite. and the forum almost immediately went down.

I would settle in for the long haul. having the captcha is better than not having the forum.

also, I have zero problems with firefox and the captcha. can't say about conflicts with third-party extensions, that could happen I suppose, depending on the extension.

the time to get to forum is not related to the captcha. even with the captcha, we are still being hammered by bots and so occasionally its still going to slow down from time.

one other thing richb told me...one of the behaviors that the anti-bot tech looks for is rapid refreshes.

Posted: **Sun Oct 13, 2024 4:48 pm**

@Kermit the Frog
"With Slimjet (Chromium based) I never see Captcha . Just verifying you're a human, that's it. Not so bad."

Same with Brave. Fairly tight security settings. Always incognito.

Posted: **Sun Oct 13, 2024 4:50 pm**

Today, it is OK with Palemoon now. So wait & see ...

Posted: **Sun Oct 13, 2024 4:58 pm**

Thanks for all of the hard work and perseverance. - i get the captcha check box all of the time but i do get to the forums quickly. so np big deal - brave browser.

thanks admins and devs

Posted: **Sun Oct 13, 2024 7:37 pm**

Seems to work OK now in Firefox and Falkon. Just get the check box in both of them.

YMMV

One thing, the forum seems to be low on the number of posts. Especially for the weekend. Some users may still be having problems but have no way to report them...

Posted: **Sun Oct 13, 2024 7:47 pm**

Germ wrote: Sun Oct 13, 2024 7:37 pm Seems to work OK now in Firefox and Falkon. Just get the check box in both of them.

YMMV

One thing, the forum seems to be low on the number of posts. Especially for the weekend. Some users may still be having problems but have no way to report them...

They can contact the Forum administrator even if not logged in by using Contact Us at the bottom of the forum.

Posted: **Sun Oct 13, 2024 7:49 pm**

logged in or not, you still have to get past cloudflare as I understand it.

Posted: **Sun Oct 13, 2024 8:06 pm**

That is correct. I do not have have statistics on typical Sunday Night (EST time) Forum posting. So it is speculation on numbers on line. Some users may still be having issues. I refer you to this by Dolphin Oracle.

we did try to lower the security level last nite. and the forum almost immediately went down.

I would settle in for the long haul. having the captcha is better than not having the forum.

also, I have zero problems with firefox and the captcha. can't say about conflicts with third-party extensions, that could happen I suppose, depending on the extension.

the time to get to forum is not related to the captcha. even with the captcha, we are still being hammered by bots and so occasionally its still going to slow down from time.

Note that measures have also been taken to mitigate the Forum slowdown issues.

Posted: **Mon Oct 14, 2024 12:05 am**

one more data point:
HOORAY!!
seems to work (one verification only, on first entry.)
Translates OK
Using vanilla Chromium

Thanks, guys!!

Edited to add: Suggest putting some notification on https://mxlinux.org/mx-linux-blog/
as it is accessible without verification

Posted: **Mon Oct 14, 2024 12:20 am**

Only Tor-Browser works now to get to this site. I was using it exclusively for this site but mx-viewer seemed to be a little quicker and simpler. Not now. Btw, for a great dark mode addon try "Darker Background Brighter Font"
addons.mozilla.org/en-US/firefox/addon/darker-bg-brighter-font/
The ddos attack is so that google can corral everyone through them. Even though I'm not blocking the cloudflare captcha in opensnitch (or any other browser for that matter), I am blocking quite a few google's which is the problem, at least for me. Google wants to be the end-all for the net.
My advice is do whatever it takes to bypass ANYTHING that requires google ANYTHING if you are actually serious about security much less any actual privacy. I actually hate using torbrowser because it has no actual google filters, but, it does go where other browsers may not, as in this case.
Chromium works? What a shocker. I have the ungoogled version appimage and never use it on purpose.

Posted: **Mon Oct 14, 2024 4:21 am**

Richb over the forum down issue ,and the suggestions from a Cloudflare community team member. Ensure cookies are enabled in your browser settings.Disable Ad-blocker or any privacy-related extensions temporarily. I am not familiar with all of your extensions, a good approach is to disable all of them, try to access the site, if successful, enable 1 by 1 to isolate the one causing the conflict. Check if JavaScript is enabled.
Sadly that's all that make your computer unsafe,Specially javascripts,the forget that are programs executed on your computer.

Posted: **Mon Oct 14, 2024 5:22 am**

@Be OK
Then do not do any of it. I was just passing the information on, not sanctioning it.

Posted: **Mon Oct 14, 2024 10:47 am**

Be OK wrote: Mon Oct 14, 2024 4:21 am Richb over the forum down issue ,and the suggestions from a Cloudflare community team member. Ensure cookies are enabled in your browser settings.Disable Ad-blocker or any privacy-related extensions temporarily. I am not familiar with all of your extensions, a good approach is to disable all of them, try to access the site, if successful, enable 1 by 1 to isolate the one causing the conflict. Check if JavaScript is enabled.
Sadly that's all that make your computer unsafe,Specially javascripts,the forget that are programs executed on your computer.

Yeah, I have seen those suggestions. Unfortunately in FF I had to have JavaScript enabled to get in (but then I always do so.) But, I tun DuckDuckGo Privacy Extension as well as uBlock Origin and those seem just fine with teh CF captcha

Posted: **Mon Oct 14, 2024 11:20 am**

As a further data point, formerly the CF challenge JS was such that recent SeaMonkey (eg) could handle it, with the usual pictures of US fire hydrants and school buses at worst. Now it needs something else: the console shows WebGL errors. Either this is introduced because of the protection level in use here, or (I expect) CF changed how the challenge(s) is/are presented.

If, as posted here, PaleMoon works, that should be a hint as to what is missing in SM.

Posted: **Mon Oct 14, 2024 11:24 am**

@operadude
@Eadwine Rose

Hi Folks:
Just a friendly mention.
The https://midnight-lizard.org/ site does say that there is 3rd party data collection with the add-on.
Thanks all.

Posted: **Mon Oct 14, 2024 12:01 pm**

Oh yeah. I meant to ask:

Why in the H would hackers target the site of MX, or any other good linux distribution?

Posted: **Mon Oct 14, 2024 12:13 pm**

Could be fanboys of other distros, or random forum user that might got pissed at us for some reason (maybe they were put in their place by our awesome mods)

Posted: **Mon Oct 14, 2024 12:37 pm**

@Adrian Thank you :-)

Posted: **Mon Oct 14, 2024 12:40 pm**

jj 5117 wrote: Mon Oct 14, 2024 11:24 am @operadude
@Eadwine Rose

Hi Folks:
Just a friendly mention.
The https://midnight-lizard.org/ site does say that there is 3rd party data collection with the add-on.
Thanks all.

Thanks for the heads-up

Just wondering: Would it help that I have a VPN running?

Posted: **Mon Oct 14, 2024 1:02 pm**

Adrian wrote: Mon Oct 14, 2024 12:13 pm Could be fanboys of other distros, or random forum user that might got pissed at us for some reason (maybe they were put in their place by our awesome mods)

or some random a-holes testing their botnet on an easy target or or or...
who knows?

ps: yeah mods!

Posted: **Mon Oct 14, 2024 1:22 pm**

Thank you to the team for your dedication and the awesome job to do!

Posted: **Mon Oct 14, 2024 2:17 pm**

jj 5117 wrote: Mon Oct 14, 2024 11:24 am @operadude
@Eadwine Rose

Hi Folks:
Just a friendly mention.
The https://midnight-lizard.org/ site does say that there is 3rd party data collection with the add-on.
Thanks all.

I use Firefox across 4 machines all with Sync enabled. I only view this forum on my phone AND one of those PCs. Thus my daily driver PC is excluded from running Midnight Lizard.

In the Firefox Setting Sync tab I unchecked 'Addons' and 'Settings'. My 'goal' with sync was to keep bookmarks up to date on all, including my phone.

Posted: **Mon Oct 14, 2024 2:50 pm**

Midori 11.3 32 bit gets on here OK.

https://astian.org/midori-browser/download/

In preferences I picked I choose when to update.

Posted: **Mon Oct 14, 2024 3:22 pm**

jj 5117 wrote: Mon Oct 14, 2024 11:24 am @operadude
@Eadwine Rose

Hi Folks:
Just a friendly mention.
The https://midnight-lizard.org/ site does say that there is 3rd party data collection with the add-on.
Thanks all.

That's not what I read. Midnight Lizard Web-Extension Privacy Policy https://midnight-lizard.org/extension-privacy

Midnight Lizard web-extension does not collect any of your personal information, browsing history, IP addresses, etc.

Also it does not sell or transfer your personal information to advertisers or other third-parties.

Posted: **Mon Oct 14, 2024 3:54 pm**

/df wrote: Mon Oct 14, 2024 11:20 am...
If, as posted here, PaleMoon works, that should be a hint as to what is missing in SM.

Palemoon works here too, but not everyday , at this time Palemoon does'nt work again ;-) I am under FF-ESR now.

Posted: **Mon Oct 14, 2024 3:59 pm**

Palemoon must be a lady. They're so fickle!

Posted: **Mon Oct 14, 2024 4:05 pm**

Eadwine Rose wrote: Mon Oct 14, 2024 3:59 pm Palemoon must be a lady. They're so fickle!

lol ... probably (here I have the lady: v33.4.0.1 GTK2 amd64 )
https://www.palemoon.org/releasenotes.shtml

Posted: **Mon Oct 14, 2024 4:20 pm**

oops wrote: Mon Oct 14, 2024 4:05 pm
Eadwine Rose wrote: Mon Oct 14, 2024 3:59 pm Palemoon must be a lady. They're so fickle!
lol ... probably (here I have the lady: v33.4.0.1 GTK2 amd64 )
https://www.palemoon.org/releasenotes.shtml

Pale Moon 33.4.0.1 works for me and I am using it to post this.

Posted: **Mon Oct 14, 2024 4:23 pm**

towwire wrote: Mon Oct 14, 2024 4:20 pm
oops wrote: Mon Oct 14, 2024 4:05 pm
Eadwine Rose wrote: Mon Oct 14, 2024 3:59 pm Palemoon must be a lady. They're so fickle!
lol ... probably (here I have the lady: v33.4.0.1 GTK2 amd64 )
https://www.palemoon.org/releasenotes.shtml
Pale Moon 33.4.0.1 works for me and I am using it to post this.

One or two hours ago, me too. ;-)

Posted: **Mon Oct 14, 2024 6:18 pm**

Its been working for awhile now without any problem

Posted: **Mon Oct 14, 2024 7:51 pm**

manyroads wrote: Sat Oct 12, 2024 6:38 pm The cloudflare captcha borks firefox on debian... possibly not a great idea for a debian based distro.

Who is supposed to believe that? This works without any problems with Firefox beta in MX21.

I have also installed the latest Seamonkey browser, unfortunately this Cloudflare-CAPTCHA does not work there. If I remember correctly, Seamonkey is the default browser in Antix. Because Antix is the partner-system/partner-site, I think it is important that Antix users have access. That's why I suggest changing the Cloudflare CAPTCHA to Turnstile: => https://www.cloudflare.com/products/turnstile/

Posted: **Mon Oct 14, 2024 8:02 pm**

Eadwine Rose wrote: Mon Oct 14, 2024 3:59 pm Palemoon must be a lady. They're so fickle!

Posted: **Mon Oct 14, 2024 9:10 pm**

aika wrote: Mon Oct 14, 2024 7:51 pm
manyroads wrote: Sat Oct 12, 2024 6:38 pm The cloudflare captcha borks firefox on debian... possibly not a great idea for a debian based distro.
Who is supposed to believe that? This works without any problems with Firefox beta in MX21.

I have also installed the latest Seamonkey browser, unfortunately this Cloudflare-CAPTCHA does not work there. If I remember correctly, Seamonkey is the default browser in Antix. Because Antix is the partner-system/partner-site, I think it is important that Antix users have access. That's why I suggest changing the Cloudflare CAPTCHA to Turnstile: => https://www.cloudflare.com/products/turnstile/

Actually, Firefox ESR is the default browser in antiX just fyi....
I also like the Turnstile option. It may just be a better alternative and allow more users with different browsers easier access. Thanks for sharing!

Posted: **Mon Oct 14, 2024 9:32 pm**

@aika wrote:

Who is supposed to believe that? This works without any problems with Firefox beta in MX21.

Have you tried reading a post in a non-English language by using
Right-click --> Translate this page ?
Updated FF goes into a loop (at least it does for me, on two separate distros)

Posted: **Mon Oct 14, 2024 9:53 pm**

MikeR wrote: Mon Oct 14, 2024 9:32 pm...
Have you tried reading a post in a non-English language by using
Right-click --> Translate this page ...

Yes, but not with right click. The Google translation option at the top of the forum page works well.

Posted: **Mon Oct 14, 2024 10:23 pm**

aika wrote: Mon Oct 14, 2024 9:53 pm
MikeR wrote: Mon Oct 14, 2024 9:32 pm...
Have you tried reading a post in a non-English language by using
Right-click --> Translate this page ...
Yes, but not with right click. The Google translation option at the top of the forum page works well.

@aika
You are so right!!! Kudos and thanks!!

Back to using FF

Mike

Posted: **Mon Oct 14, 2024 11:19 pm**

I'm no longer getting the CAPTCHA screen. The forum loads right up. LibreWolf 131.0.2-1.
I am still having to use Midnight Lizard to get the forum black as Dark Reader still does not work but that's fine. I just activate ML when I visit the forum and turn it off when I leave.

Posted: **Mon Oct 14, 2024 11:37 pm**

siamhie wrote: Mon Oct 14, 2024 11:19 pm I am still having to use Midnight Lizard to get the forum black as Dark Reader still does not work

I noticed that Dark Reader had stopped working over the weekend along with most everyone else. I've simply changed my Dark Reader settings for the forum from "Dynamic" to either "Filter", "FIlter+", or "Static". All continue to operate as expected and redraw the pages of the forum in a dark mode without needing any extra effort on my part.

Posted: **Tue Oct 15, 2024 12:57 am**

DukeComposed wrote: Mon Oct 14, 2024 11:37 pm I've simply changed my Dark Reader settings for the forum from "Dynamic" to either "Filter", "FIlter+", or "Static". All continue to operate as expected and redraw the pages of the forum in a dark mode without needing any extra effort on my part.

+1
Thanks @DukeComposed. That worked perfectly and I have gotten rid of Midnight Lizard.

I selected filter+ and set my contrast to +15 so that I could still see the usernames and quoted posts and set DR to save those settings just for the forum.
All other sites are set to dynamic with the contrast set to +50.

The forum feels back to normal again.

Posted: **Tue Oct 15, 2024 1:06 am**

"feels back to normal" with palemoon asks less often the challenge page seems remembered.

Now on mx_kde with browser angelfish through cloudflare challenge and remembers permission like palemoon does. low ram. clean look.

Posted: **Tue Oct 15, 2024 5:04 am**

T3KN05H4M4N wrote: Mon Oct 14, 2024 9:10 pm ...
Actually, Firefox ESR is the default browser in antiX just fyi....
I also like the Turnstile option. It may just be a better alternative and allow more users with different browsers easier access. Thanks for sharing!

I believe that Turnstile is the "captcha" technology being used. CF no longer uses recaptcha.net, a G front known for educating users across the world in the characteristics of the US streetscape, but which was the recommended way to use G's Captcha without requiring the G .com site to be enabled for JS. hcaptcha.com is a non-G (apparently) alternative. At xcancel.com (a Twitter front-end), you are prompted to enter a number from a graphic challenge generated with CSS.

The CF bouncer has a suite of checks that might be applied to your innocent forum access. It's not clear how JS crashes are seen by the bouncer. Perhaps if some core JS fails in the challenge procedure, you lose but if an individual challenge crashes another will be tried; or perhaps any JS crash disqualifies the access. The former assumption could explain why some browsers only fail occasionally.

Posted: **Tue Oct 15, 2024 11:20 am**

/df wrote: Tue Oct 15, 2024 5:04 am
T3KN05H4M4N wrote: Mon Oct 14, 2024 9:10 pm ...
Actually, Firefox ESR is the default browser in antiX just fyi....
I also like the Turnstile option. It may just be a better alternative and allow more users with different browsers easier access. Thanks for sharing!
I believe that Turnstile is the "captcha" technology being used. CF no longer uses recaptcha.net, a G front known for educating users across the world in the characteristics of the US streetscape, but which was the recommended way to use G's Captcha without requiring the G .com site to be enabled for JS. hcaptcha.com is a non-G (apparently) alternative. At xcancel.com (a Twitter front-end), you are prompted to enter a number from a graphic challenge generated with CSS.

The CF bouncer has a suite of checks that might be applied to your innocent forum access. It's not clear how JS crashes are seen by the bouncer. Perhaps if some core JS fails in the challenge procedure, you lose but if an individual challenge crashes another will be tried; or perhaps any JS crash disqualifies the access. The former assumption could explain why some browsers only fail occasionally.

Yeah I only glanced at the features at the time, but when I had more time to research it, I realized that was what was already being used lol. By the way, I'm still having to do the prove that I'm human thing. I'm using FF. I'm also using a VPN and I have FF configured a certain way so that could be why I don't know. I'll have to look further into it later because I see that many people are not having to do that much anymore to access the forum. However, I don't actually mind it asking me to prove I'm human. Helps weed out the bots

Posted: **Tue Oct 15, 2024 11:22 am**

Now if i use the quick reply or a link to a other page ,it go many times to "the onion site disconnected". and that are no onion links, so thanks cloudfare. .

Posted: **Tue Oct 15, 2024 12:15 pm**

siamhie wrote: Mon Oct 14, 2024 3:22 pm
jj 5117 wrote: Mon Oct 14, 2024 11:24 am @operadude
@Eadwine Rose

Hi Folks:
Just a friendly mention.
The https://midnight-lizard.org/ site does say that there is 3rd party data collection with the add-on.
Thanks all.

That's not what I read. Midnight Lizard Web-Extension Privacy Policy https://midnight-lizard.org/extension-privacy

Midnight Lizard web-extension does not collect any of your personal information, browsing history, IP addresses, etc.

Also it does not sell or transfer your personal information to advertisers or other third-parties.

Hi siamhie,

I thought the extension sounded great and gave it a quick assessment for myself. I guess that my brain weighted this part of that page:
"Midnight Lizard web-extension has links to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies."

I translated the legalese without any intentional deliberation. Depending on the Type of links and sites, it could be OK, I suppose.

Your correction is correct, but the way it automatically registered in my head may also be correct. :)

Thanks.

Posted: **Tue Oct 15, 2024 12:50 pm**

operadude wrote: Mon Oct 14, 2024 12:40 pm
jj 5117 wrote: Mon Oct 14, 2024 11:24 am @operadude
@Eadwine Rose

Hi Folks:
Just a friendly mention.
The https://midnight-lizard.org/ site does say that there is 3rd party data collection with the add-on.
Thanks all.
Thanks for the heads-up

Just wondering: Would it help that I have a VPN running?

You're certainly welcome. You might see my above reply to siamhie for clarification.
A VPN (set properly) should hide your IP Address from everyone, hide your connections from your ISP, and encrypt all traffic to/from your device.
But to break anonymity, only about 5 or 6 seemingly obscure data points are needed... If someone (like an AI program) were looking to do so. So don't be too confident in a VPN... or anything else... :-)

Posted: **Tue Oct 15, 2024 2:51 pm**

jj 5117 wrote: Tue Oct 15, 2024 12:15 pm
Hi siamhie,

I thought the extension sounded great and gave it a quick assessment for myself. I guess that my brain weighted this part of that page:
"Midnight Lizard web-extension has links to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies."

The Midnight Lizard web page and extension does not collect information on you but when you open the settings window for ML, there are several links to their social media pages (Facebook, X, ect.) at the bottom left corner.
That is what they mean by "external sites".

Posted: **Tue Oct 15, 2024 3:58 pm**

DukeComposed wrote: Mon Oct 14, 2024 11:37 pm I noticed that Dark Reader had stopped working over the weekend along with most everyone else. I've simply changed my Dark Reader settings for the forum from "Dynamic" to either "Filter", "FIlter+", or "Static". All continue to operate as expected and redraw the pages of the forum in a dark mode without needing any extra effort on my part.

Maybe I'm having an old guy brain lapse but in Firefox I'm having difficulty locating these settings. In Add-ins Manager for Dark Reader I have: "Details", "Permissions", and "Release Notes" tabs. Nothing to click on there.

Firefox 131.0.2 on MX 23 KDE.

Posted: **Tue Oct 15, 2024 4:27 pm**

FullScale4Me wrote: Tue Oct 15, 2024 3:58 pm Maybe I'm having an old guy brain lapse but in Firefox I'm having difficulty locating these settings. In Add-ins Manager for Dark Reader I have: "Details", "Permissions", and "Release Notes" tabs. Nothing to click on there.

Select your language of choice from https://darkreader.org/help/ . "Toobar Icon" explains how to access the Dark Reader settings and beneath that you'll eventually get to the section about the "More Tab" where it will go into more detail about picking a theme.

Posted: **Wed Oct 16, 2024 8:13 am**

Some diagnostics for SeaMonkey:. I managed, eventually, to get it to load the MX site.

Relevant basic settings:

accept cookies for session, do not allow third-party cookies (SM Privacy and Security>Cookies)
user tracking prevention enabled (SM Privacy and Security)
JS disabled, except whitelist (NoScript)

Let's add these:

enable JS for mxlinux.org, challenges.cloudflare.com (NoScript)
permit (Allow since Allow for Session seems to fail) Set Cookies for https://challenges.cloudflare.com (SM DataManager>Permissions)

When the challenge has first loaded you see a page like this:

Code: Select all

[Icon]mxlinux.org
Verify you are human by completing the action below.
[whitespace]
mxlinux.org needs to review the security of your connection before proceeding.
Ray ID: [whatever]
Performance & security by Cloudflare

Now, if you disable site styles, an <iframe> is shown that contains the "Verify you are human" widget, with the checkbox that can be clicked, as shown in FireFox. Notes:

the network traffic is that the original GET request gets 403, followed by several GET/POST requests to the site and challenges.cloudflare.com; then, as promised in the console log, the challenge provokes 401
if you leave it for a minute or so, the page refreshes itself, with the same network traffic; you then need to enable and disable styles to show the widget
the iframe is not shown in the browser dev tools Inspect tab, but can be seen in the DOM Inspector
the widget has an error block with a (non-clickable) link, but that may just be revealed by the absence of site styles.

After clicking the checkbox, the challenge is sent and the page says that it's redirecting to the MX site. You may then get the challenge page back as if it had refreshed, and need to repeat the process, possibly a few times.

On success, the cf_clearance cookie is set in the POST to MX.

Some people might derive consolation by rigging the "Verify you are human" checkbox to something that can be operated by their cat, dog, parrot, or whatever.

Posted: **Wed Oct 16, 2024 7:10 pm**

/df wrote: Wed Oct 16, 2024 8:13 am... Now, if you disable site styles, an <iframe> is shown that contains the "Verify you are human" widget, with the checkbox that can be clicked ...

... the iframe is not shown in the browser dev tools Inspect tab, but can be seen in the DOM Inspector
... the widget has an error block with a (non-clickable) link, but that may just be revealed by the absence of site styles.

How I can disable site style in Seamonkey-2.53.19 ?

Cloudflare sloppiness or bad iframe-HTML? ... Iframes are deprecated, please do not use iframes for interactive content ...

aika wrote: Sun Oct 20, 2024 7:27 am...
Addendum:
I researched deeper and found that iframe was not the source of the error. I tested the simple Cloudflare CAPTCHA variant on my static homepage:
Code: Select all
...
<script type="text/javascript" src="https://challenges.cloudflare.com/turnstile/v0/api.js" defer></script>

</head>
<body>
<div class="cf-turnstile" align="center" data-sitekey="0x4xxxxxxxx679Ch5iQqioki" data-callback="javascriptCallback"></div>
...
With this code, Seamonkey displays a white area without content as a CAPTCHA-symbol. That's not really any better, is it? I haven't tested all Cloudflare configuration-options.
=> https://www.avoris-media.com/howtocaptchaen.html

Posted: **Wed Oct 16, 2024 8:30 pm**

aika. seamonkey Menu Bar >View >Use Style

Posted: **Wed Oct 16, 2024 8:39 pm**

i_ri wrote: Wed Oct 16, 2024 8:30 pm... seamonkey Menu Bar >View >Use Style

Thank you. Now I can see the CAPTCHA and click them. But the forwarding doesn't work, a loop is created.

Addendum:
At this point I would like to warn against private debugging experiments with this Cloudflare CAPTCHA. After some tests with my Seamonkey browser, I now had to request deletion from the Spamhaus blacklist.

Posted: **Thu Oct 17, 2024 2:45 am**

aika wrote: Wed Oct 16, 2024 8:39 pm Thank you. Now I can see the CAPTCHA and click them. But the forwarding doesn't work, a loop is created.

If this is an issue still, try clearing your forum cookies.

Posted: **Thu Oct 17, 2024 8:03 am**

Eadwine Rose wrote: Thu Oct 17, 2024 2:45 am... If this is an issue still, try clearing your forum cookies.

Yes, I tried everything and was put on the Spamhaus blacklist as punishment.

Posted: **Thu Oct 17, 2024 7:49 pm**

Anybody who is fooled by midnight lizard or dark reader should not worry about their privacy because neither of them worry about yours either. I saw that a mile off. Never installed either ever.

Posted: **Fri Oct 18, 2024 1:22 am**

davidy wrote: Thu Oct 17, 2024 7:49 pm Anybody who is fooled by midnight lizard or dark reader should not worry about their privacy because neither of them worry about yours either. I saw that a mile off. Never installed either ever.

Glad it is solved for you.

Posted: **Fri Oct 18, 2024 3:09 am**

well, if you're *really* worried about privacy:
https://youtu.be/7eIUOUfhoJ8

Posted: **Fri Oct 18, 2024 5:30 am**

MikeR wrote: Fri Oct 18, 2024 3:09 am well, if you're *really* worried about privacy:
https://youtu.be/7eIUOUfhoJ8

I KNEW IT

My suspicions have now been confirmed

Moving Off-the-Grid to Cabin-in-the-Woods

Posted: **Fri Oct 18, 2024 7:11 pm**

Can't see the forest for the trees. Google's SOP of giving everyone fewer and fewer choices. The best joke ever!

Posted: **Thu Oct 24, 2024 1:28 am**

aika. trial again View, Style, None workaround method for
challenges checkbox seamonkey;
not spinning now;
seamonkey passes through cf turnstile to mxlinux.org.

Posted: **Thu Oct 24, 2024 1:37 am**

I tried the suggestions on posts 5 and post 8 from @Eadwine Rose
Since then seems all good accessing forum
Hopefully Helps

Posted: **Thu Oct 24, 2024 2:59 am**

Glad to hear that :)

Posted: **Mon Oct 28, 2024 3:48 am**

Do you want moment to moment feedback?
At this moment, mx-viewer and antix-viewer visit mxlinux.org as will every other browser
without challenges from mxlinux.org/.

Posted: **Mon Oct 28, 2024 9:29 am**

And my RSS feeds are working again. I presume that a more lenient or more specific anti-DDOS tactic has been enabled.

Posted: **Mon Oct 28, 2024 9:38 am**

/df wrote: Mon Oct 28, 2024 9:29 am And my RSS feeds are working again. I presume that a more lenient or more specific anti-DDOS tactic has been enabled.

That is correct.

Posted: **Fri Nov 01, 2024 4:08 am**

The ddos attack, the kernel dev ban, and the distrowatch review attack. Hmm. Nope not suspicious at all. Nothing to see here.

Posted: **Fri Apr 25, 2025 5:57 am**

Back again?

But now CF has tuned the Turnstile challenge so that it actually hangs SeaMonkey with no chance to reach the human checkbox.

Posted: **Fri Apr 25, 2025 6:14 am**

@richb

It is that or no forum, for now. When attacks lessen we can lift the thing again.

Posted: **Fri Apr 25, 2025 6:32 am**

No problem with Firefox, Pale Moon or google-chrome with this recent CAPTCHA that started on 25 April 2025, but Waterfox will hang on the CAPTCHA window and never get to the square for a green checkmark.

This did not happen with the last CAPTCHA on MX Linux months ago...

Edit: Pale Moon was out of date but tested okay with up to date version.

Posted: **Fri Apr 25, 2025 6:35 am**

We are evaluating other options that may be effective in mitigating the attack. For now the captcha is necessary to keep the Forum working .

Posted: **Fri Apr 25, 2025 6:51 am**

Somehow bots doing hacking is not so fun as when hacktivists do it themselves.... skynet might not be coming for the meatbags as yet but it does seem to be coming for their communication systems.

Posted: **Fri Apr 25, 2025 7:44 am**

I belong to another forum had to use the same thing, wish these hackers would get a life.

Posted: **Fri Apr 25, 2025 1:21 pm**

Stuart_M wrote: Fri Apr 25, 2025 6:32 am No problem with Firefox, Pale Moon or google-chrome with this recent CAPTCHA that started on 25 April 2025, but Waterfox will hang on the CAPTCHA window and never get to the square for a green checkmark.

This did not happen with the last CAPTCHA on MX Linux months ago...

Edit: Pale Moon was out of date but tested okay with up to date version.

How did it get out of date? I upgraded it in the main repos a week or two ago. Browsers should always be updated ASAP.

Posted: **Fri Apr 25, 2025 3:10 pm**

Stevo wrote: Fri Apr 25, 2025 1:21 pm How did it get out of date? I upgraded it in the main repos a week or two ago. Browsers should always be updated ASAP.

Because all the browsers I tested were on my primary (daily-used) MX-19.4 Xfce. Waterfox and Pale Moon were the only two browsers of the four that I have installed that were not able to get past the CAPTCHA test on my MX-19.4 Xfce installation. So I went to my MX-21.3 Xfce "evaluation" installation ("evaluation" can be interpreted any way you want) where Waterfox and Pale Moon have the latest MXPI versions. Pale Moon passed the CAPTCHA just fine. Waterfox was "the problem child". While it did a little better than it did on MX-19 using version 2021.04.1, it still hung up on the CAPTCHA in MX-21.3 ("little better" meaning that the CAPTCHA in MX-21 at least displayed the square (without the green checkmark) but still had a never-ending circular progress wheel).

None of my browsers are up to date, much less with the latest versions even though it would be VERY simple and fast for me to get the latest versions in MX-19.4 for Firefox (manual installation) and google-chrome (MXPI automatic installation). I'm good where I'm at.

I have Firefox at 128.0 because that is the minimum version for the Firefox root certificate to verify signed content and add-ons. I could easily (manually) install the latest version (137.0.2) on my MX-19.4 but have no interest. Firefox is my primary and daily-used browser that I have had zero problems with. If/when a problem occurs with an out-of-date Firefox I'll just manually update it like I did updating to 128.0 a few months ago. I know many will call that just plain stupid, etc. but they are not me and I am not them...I don't care.

Chrome is on 133.0.6943.101 on my MX-19 and even though the google-chrome updates keep coming (monthly or more often) through the MXPI almost a year after the MXPI stopped updating packages, I put a "hold" on updating Chrome because, based what Chrome has recently done in the past few months, I believe that Chrome will soon permanently (!) disable uBlockOrigin from that browser (the mentioned Chrome version disabled it just a couple months ago but Chrome did not entirely disable it or remove it; I just re-activated uBo). If I ever have a browser where uBo no longer works then I will stop using that browser. I use Chrome mainly because it does a better job at translating web pages than Firefox and the extension that uses. I copy the URL from Firefox and then paste it in Chrome to view.

Waterfox is rarely used and so it is not worth manually updating on MX-19.

Ditto for Pale Moon.

I have no desire to update any browser I have at this point. I am aware of the risks, potential problems, recommendations, etc. etc. I'll take the risk(s) thank you.

Posted: **Fri Apr 25, 2025 4:20 pm**

Stuart_M wrote: Fri Apr 25, 2025 3:10 pm
Stevo wrote: Fri Apr 25, 2025 1:21 pm How did it get out of date? I upgraded it in the main repos a week or two ago. Browsers should always be updated ASAP.
Because all the browsers I tested were on my primary (daily-used) MX-19.4 Xfce.
[...]
None of my browsers are up to date, much less with the latest versions even though it would be VERY simple and fast for me to get the latest versions in MX-19.4 for Firefox (manual installation) and google-chrome (MXPI automatic installation). I'm good where I'm at.
[...]
I have no desire to update any browser I have at this point. I am aware of the risks, potential problems, recommendations, etc. etc. I'll take the risk(s) thank you.

Man after my own heart. If it ain't broke, don't fix it.

Posted: **Sun Apr 27, 2025 4:03 pm**

Seems like careful tuning by the techs at CF has turned the Turnstile challenge into a complete DoS for SeaMonkey 2.53.20, which could break into the site last time despite their best efforts, but they haven't yet completely succeeded with FF (128ESR).

Posted: **Mon Apr 28, 2025 3:56 am**

Stuart_M wrote: Fri Apr 25, 2025 3:10 pm
Stevo wrote: Fri Apr 25, 2025 1:21 pm How did it get out of date? I upgraded it in the main repos a week or two ago. Browsers should always be updated ASAP.
Because all the browsers I tested were on my primary (daily-used) MX-19.4 Xfce. Waterfox and Pale Moon were the only two browsers of the four that I have installed that were not able to get past the CAPTCHA test on my MX-19.4 Xfce installation. So I went to my MX-21.3 Xfce "evaluation" installation ("evaluation" can be interpreted any way you want) where Waterfox and Pale Moon have the latest MXPI versions.

None of my browsers are up to date, much less with the latest versions even though it would be VERY simple and fast for me to get the latest versions in MX-19.4 for Firefox (manual installation) and google-chrome (MXPI automatic installation). I'm good where I'm at.

I have Firefox at 128.0 because that is the minimum version for the Firefox root certificate to verify signed content and add-ons. I could easily (manually) install the latest version (137.0.2) on my MX-19.4 but have no interest.

I have no desire to update any browser I have at this point. I am aware of the risks, potential problems, recommendations, etc. etc. I'll take the risk(s) thank you.

MX-19.4 Xfce EOL
Dont update browser tru MXPI
Direct download firefox , Waterfox and Pale Moon from browser own website
minimum version of latest Firefox is ESR 115.x
https://www.mozilla.org/en-US/firefox/all/desktop-esr/

Posted: **Mon Apr 28, 2025 7:12 am**

richb wrote: Fri Apr 25, 2025 6:35 am We are evaluating other options that may be effective in mitigating the attack. For now the captcha is necessary to keep the Forum working .

The Arch Wiki uses Anubis for their mitigations: https://github.com/TecharoHQ/anubis
This is hosted locally and uses proof-of-work to check whether it's a real browser or not, no captcha presented, just need to enable JavaScript for the domain being protected so it can operate correctly (like you do with cloudflare in the current situation).

That said the tool was designed to impede AI bots.

Posted: **Mon Apr 28, 2025 7:32 am**

AK-47 wrote: Mon Apr 28, 2025 7:12 am
richb wrote: Fri Apr 25, 2025 6:35 am We are evaluating other options that may be effective in mitigating the attack. For now the captcha is necessary to keep the Forum working .
The Arch Wiki uses Anubis for their mitigations: https://github.com/TecharoHQ/anubis
This is hosted locally and uses proof-of-work to check whether it's a real browser or not, no captcha presented, just need to enable JavaScript for the domain being protected so it can operate correctly (like you do with cloudflare in the current situation).

That said the tool was designed to impede AI bots.

In most cases, you should not need this and can probably get by using Cloudflare to protect a given origin. However, for circumstances where you can't or won't use Cloudflare, Anubis is there for you.

We use Cloudlare. And are fine tuning it to block regions.

Posted: **Tue May 06, 2025 12:05 pm**

I can no longer log in to the forums in my area. Changing devices to log in results in the same thing.
The site says “Sorry you have been blocked . You are unable to access mxlinux.org”.
Cloudflare Ray ID:93b96bf2ca072b53
How can I solve this problem?

Posted: **Tue May 06, 2025 12:15 pm**

TOMCAT wrote: Tue May 06, 2025 12:05 pm I can no longer log in to the forums in my area. Changing devices to log in results in the same thing.
The site says “Sorry you have been blocked . You are unable to access mxlinux.org”.
Cloudflare Ray ID:93b96bf2ca072b53
How can I solve this problem?

The Captcha is disabled. Obviously you were able to access the Forum as you posted. Your IP indicates a country that has been blocked due to high bad BOT access to the Forum. I suggest a VPN.

Posted: **Tue May 27, 2025 10:15 pm**

Cloudflare blocks my FF 128.11.0esr from accessing forum.mxlinux.org.
I have to use Windows Edge to visit this site.
Cloudflare is diabolical.

Posted: **Wed May 28, 2025 2:00 am**

@kreemoweet

Attacks.
FF 139.0 (64 bit), updated by MX gets right in, but LibreWolf 138.04 choked on Cloudfare. I'm on here with Brave which also gets right in.

Posted: **Wed May 28, 2025 3:02 am**

jj 5117 wrote: Wed May 28, 2025 2:00 am Attacks.
FF 139.0 (64 bit), updated by MX gets right in, but LibreWolf 138.04 choked on Cloudfare. I'm on here with Brave which also gets right in.

It's one thing to suggest that one browser works and another doesn't; it's another thing entirely to point out that the forum's RSS feed has been offline for a few days. Since my RSS[0] reader and the browser I use to access the forum are different things, it makes sense to correlate that browsers needing to pass through an extra validation layer and RSS going offline are related.

[0] RSS is Really Simple Syndication. It doesn't allow for solving CAPTCHAs because it's supposed to be completely automated.

Posted: **Wed May 28, 2025 3:31 am**

We need to protect the forum from going down, as we are under bots attack, again. Unfortunately Cloudflare is a necessary consequence of that so we can keep things up and running.

At least you can use the workaround and still access the forum.

Posted: **Wed May 28, 2025 5:31 pm**

Debian sites have also been under attack for months now; both official and the user forums.

Posted: **Wed May 28, 2025 5:57 pm**

It seems to be a burgeoning problem. Many sites I frequent regularly, or one time have captchas prior to getting in. The ones that are particularly annoying for example are "click all images that have stairs" or some such object".

Posted: **Wed May 28, 2025 6:01 pm**

"Which one is not a cake" and then having images so blurry everything looks like one.

More and more are indeed incorporating the CF protection.

Posted: **Thu Jun 05, 2025 8:12 am**

If the forum can live with whatever CF (I assume) settings StackExchange gets, that would be great. The settings here break SeaMonkey's somewhat antiquated JS but even FF 128ESR has trouble sometimes. At SE sites I never get the "human" checkbox and the challenge always succeeds, though no doubt RSS would still fail.

Even better if the challenge-passed cookie lasted longer.

Posted: **Thu Jun 05, 2025 8:23 am**

We can set the setting to lower when attack frequency allows. So.. basically.. all we all can do is suck it up. It sucks, but it is that or no forum at all.

Posted: **Thu Jun 05, 2025 12:17 pm**

DukeComposed wrote: Wed May 28, 2025 3:02 am
It's one thing to suggest that one browser works and another doesn't;

Yup. It was that one thing.

Posted: **Thu Jun 05, 2025 12:23 pm**

richb wrote: Wed May 28, 2025 5:57 pm It seems to be a burgeoning problem. Many sites I frequent regularly, or one time have captchas prior to getting in. The ones that are particularly annoying for example are "click all images that have stairs" or some such object".

Stairs I'm fair with, motorcycles, not so much.

Posted: **Fri Jun 06, 2025 4:51 am**

For this post, I shall temporarily take my dev hat off for a moment, to speak solely on behalf of AK-47, ie. not on behalf of the dev team and definitely not on behalf of the mod/admin/website team (which I will not do even with the dev hat on), these are solely my perspective and experience with the situation.

I certainly sympathise with the many concerns people have raised about Cloudflare, and even on regular Firefox (ie. non-ESR, official version) I get the Cloudflare stuff. I am probably going to set my forum stuff up in a VM just to access the forum, but yes there are reasonable concerns with how it operates. And just because more people use it doesn't mean it's a good idea all the time either.
That said, having been an admin of a small private forum myself, I can also appreciate the troubles admins and mods have to go through to block spam and other bots. As Eadwine Rose said, would you rather not have a forum at all?

From that experience, perhaps an answer to the original question "Why Cloudflare CAPTCHAs to even see the forum??" The reason is, protection mechanisms such as Cloudflare cannot distinguish between a page that requires a login and one that doesn't, without some heavy logic. It protects websites, not user accounts. There is nothing on the market that can protect just logged in users, and bots don't discriminate either (many of which aren't logged in).

I actually suggested an alternative to Cloudflare further up, which is used by the Arch Wiki. "However, for circumstances where you can't or won't use Cloudflare, Anubis is there for you." But again, can completely appreciate if it turns out not to be suitable, it's up to the admins to decide.

Now that I'm done, dev hat back on. Cue dancing with a cane to "Hello my baby, hello my honey, ..."

Posted: **Fri Jun 06, 2025 8:40 am**

Asked and answered. Topic locked.

MX Linux Forum

Why Cloudflare CAPTCHAs to even see the forum??

Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??

Re: Why Cloudflare CAPTCHAs to even see the forum??