Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Getting around CloudFlare to open and edit own forum threads on LET
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Getting around CloudFlare to open and edit own forum threads on LET

mxp13mxp13 Member
edited June 2017 in Tutorials

Hi!

Thank you to @teamacc for their initial inquiry about the matter on my post about OpenVPN and @seanho for his encouraging comment that inspired this guide!

Introduction

Opening up a thread (plus editing it) and perhaps posting a comment in a certain way on this site will result in a protection system called CloudFlare (CF) [1] to kick in and ask you to complete a CAPTCHA challenge [2] before allowing the post to be accepted by the forum system. It has to be said that I have not identified the "certain ways" definitively which certainly trigger CF but I think posts that have links and listing of computer commands on them might influence such a behaviour. Unfortunately, the integration between LET forum system and CF is rather broken in the sense that once we click "post/submit" on the thread submission page, we will be presented with an erroneous CF CAPTCHA challenge which renders the whole page kaput.

I faced it when posting my recent thread about OpenVPN [3] and was unquestionably irritated by it. However, I managed to get past it when I realised that the error must be stemming from some JavaScript (JS) errors (I am not well versed in web development but I am guessing it has something to do with it) in trying to render the site. So, I figured if I tinker with the enabling and disabling of JS during certain stages, I will be able to accomplish it. And I was right. The following is the documentation of the processes I went through.

Steps

  1. Identify ways we can disable and enable JS at will using either browser settings or extensions. Since I know that Firefox has a wide-ranging selections of extensions, I opted for the latter. I installed the NoScript extension [4] [5].

  2. After installation, go to LET. By default, NoScript is set to disable JS on all sites, so we need to enable it until we get to the post submission page. Click on the "S" icon somewhere on the far right side of Firefox address bar (in my case it is just beside the Options menu ["three horizontal lines"]), and choose "Allow lowendtalk.com". The page will reload (it will do this every time we change from Allow to Forbid, and vice versa). Login to LET and head to "New Discussion".

  3. Here we need to disable JS once more. Click the "S" icon and choose "Forbid lowendtalk.com". We will be presented with a basic version of the page with text manipulation buttons not working at all. Set the category, the discussion title and the post contents. We can use external programs that provide in-browser or offline Markdown editors such as StackEdit [6] to format our post. Once done, click "Post discussion".

  4. Instead of the broken CF popup we will get if we had JS turned on, we will now be taken to a basic (and non-working as well) CF CAPTCHA challenge page. Here, we re-enable the JS ("Allow lowendtalk.com"), and in trying to automatically refresh the page, the browser will ask you to confirm the re-submission of the page (the contents of our post). Allow/OK it, and the CF page will reload normally. Solve the challenge, and we will then find that our post has been successfully submitted.

  5. To edit the forum post, follow the same steps. Please ensure you have JS turned on first before wishing to edit it as the Edit menu is only visible from JS script menu.

That is it! Happy posting and I look forward to seeing posts that otherwise would not have been possible due to the CF error.

Have a nice day. :)


References:

[1] https://www.cloudflare.com/
[2] https://en.wikipedia.org/wiki/CAPTCHA
[3] https://www.lowendtalk.com/discussion/117694/openvpn-with-public-ipv6-for-clients-port-forwarding-and-https-encapsulation
[4] https://noscript.net/
[5] https://addons.mozilla.org/en-US/firefox/addon/noscript/
[6] https://stackedit.io

Thanked by 2Frecyboy seanho

Comments

  • NekkiNekki Veteran

    That sounds like a lot of work just to post a large ascii penis.

  • WHTWHT Member

    Cloudflare scans the text for

     ' " malware flood hack hacked ddos 

    etc.

    Thanked by 1mxp13
  • mxp13mxp13 Member

    Aha. Some might find it worth their effort just to do things of similar nature, @Nekki. :)

  • hanoihanoi Member

    I'm using uMatrix instead NoScript or any adblock

  • Cheers for making this, but let's be honest - This shouldn't be necessary.

    I'll check in with Jarland and Nick to see if there's a possible solution on the horizon.

  • raindog308raindog308 Administrator, Veteran

    Wait a minute...this vaunted Cloudflare protection relies entirely on Javascript that runs on the client browser, and which the client can change at will?

    Thanked by 1dwtbf
  • @raindog308 said:
    Wait a minute...this vaunted Cloudflare protection relies entirely on Javascript that runs on the client browser, and which the client can change at will?

    No, the CF captcha works without JavaScript, only the integration with Vanilla is totally broken. Also had this issue a few weeks ago when accessing from a shared mobile IP.

Sign In or Register to comment.