This was for querying package delivery status. I finally got one right after many attempts. The layout, layers, colors change after every attempt so good luck on figuring out which letters count.
This was for querying package delivery status. I finally got one right after many attempts. The layout, layers, colors change after every attempt so good luck on figuring out which letters count.
With browser extensions and other programs becoming tunnels for AI scrapers, consumer IPs are becoming less and less trustworthy. I receive bots from just about every Brazilian consumer ISP. All it takes is one person on your network with a shitty app/extension installed and your home becomes indistinguishable from a bot farm. It’s extra bad if you’re behind CGNAT so you can’t even influence your IP’s reputation.
Nobody wants these CAPTCHAs, but they’re still pretty effective, even with AI image interpretation. Plus, it still beats remote attestation in terms of Linux friendliness, and that’s the inevitable next step in the war against scrapers.
the problem isn’t captcha as a concept, it’s how it’s executed
there are good captchas that aren’t obviously making you train an AI model and which seem like they’d actually be effective at identifying humans, like dragging a circle over a specific feature of an image.
@skullgiver@popplesburger.hilciferous.nl @A_norny_mousse@feddit.org
Greetings. Brazilian here.
I can confirm that a lot of websites unexpectedly block my access with a pretty opaque “403 Forbidden”. No Captchas, no Anubis-like man-in-the-middle, just an invisible and ruthless Gandalf digitally yelling “you shall not pass”.
I have read similar stories about how Brazilian IP addresses seem to be infested with bots. It’s often Brazil: it’s odd how people rarely complain about other countries on this matter… Not pointing fingers towards you, specifically, but I wonder how much of geofencing against Brazilian IP addresses stems from prejudice and xenophobia of foreign webmasters.
It’s worth mentioning that bots have no borders and aren’t restricted to a specific country, but the vast majority of Brazilians (myself included) are restricted to an entire biological existence within Brazilian territory, with hundreds of millions of people never having set foot on an airplane or cruise ship.
Webmasters of the world should think about this before geofencing entire countries. Not just Brazil, but any country out there. Because living beings can’t choose where they’re born and humans often can’t even afford to travel and/or reside elsewhere.
(My sincere apologies for my outburst, but it resonates with the community’s name: being blocked from websites just because of nationality is not just Mildly Infuriating: it can be totally infuriating sometimes, and this exact phenomenon happened earlier today while I tried to access a psychology website)
It’s not just Brazil. China and Huawei’s Singapore datacenter are common bots for me too, but I have less of a problem blocking those off for most services, as I only have a few applications running where server-to-server traffic makes sense. There are a few Indian CGNAT exit points that sometimes show up as well, but their traffic is low enough that it doesn’t stand out. When spam traffic is coming from local (European) sources, it’s almost always from server IP blocks. Not a lot of domestic ISPs in my spam logs from most countries.
For some reason, Brazillian consumer ISPs just seems infested with certain strains of malware. It’s probably a brand of cheap IP cameras or routers that keeps getting infected, I remember Mirai hitting Brazil pretty badly. But I also get the feeling that Brazilian ISPs care even less about their networks’ security than the ones I’m used to with how much infected customers find their way to my servers. I would’ve expected similarly populous countries like the USA and India to hit my servers at a similar rate, but Brazil seems to stand out for some reason.
I don’t tend to block countries directly (they have too many IP ranges for me to bother, to be honest), not that I have anything that they’d be interested in anyway. I do get waves of Brazilian IP addresses trying to submitp spam to my mail server, though. I haven’t seen those coming from other countries yet. I know it’s not Brazilians themselves sending those, but that doesn’t make the spam any less annoying. For larger websites, I can see why they block IP ranges so aggressively.
I don’t think of ISPs in terms of nationality per se. I block per ISP, not per country, with the exception of China whose great firewall should probably “protect” their citizens from my websites anyway, and there I’m probably missing a whole bunch of ASNs anyway. It’s up to ISPs to maintain the reputation of their networks and to stop their infected customers from bothering everyone else, and if they don’t do it, I block their networks. In fact most filters that throw up blockades and CAPTCHAs and fail2ban blocks are doing this entirely automatically, if countries get blocked out it’s usually for legal reasons rather than anti bot protection.
If you get a lot of these blocks, it’s possible you’re in the same subnet as someone with a hacked device or shitty VPN app and got hit as collateral damage. I got that for a while after switching to an ISP that had just bought a block of IP addresses from a Ukrainian ISP. It’s just an unfortunate side effect of the modern Internet that you must either figure out how to get a new IP or hope the malware on your IP neighbours gets cleaned up. I don’t have enough time and energy to protect the innocent from the guilty when it comes to my small, insignificant websites, and I shouldn’t be needing to take such aggressive action against these IP ranges in the first place.
In a similar vein, I get a lot of 403 errors when browsing websites like Reddit because news websites still block off GDPR countries. I know how annoying it can be.