Am I a human? - TTLG Forums

baeuchlein on 24/8/2025 at 16:32

For me, this security measure backfires. No matter how fast or slow I check the mark to show I am a human, Cloudflare asks the same thing over and over again, preventing me from accessing TTLG.COM. The last incident lasted several days.

Al_B on 25/8/2025 at 20:27

Sorry to hear that - it's not something I'm aware of others reporting. Have you tried a different browser or device just to check if it's a local issue?

baeuchlein on 26/8/2025 at 10:27

So far not. I'll try to remember it if the problem comes up again.

taffernicus on 26/8/2025 at 11:38

This "zip bomb" troll could be a reasonable detterent but i heard it can be easily mitigated by the bot operator : (https://idiallo.com/blog/zipbomb-protection)

"Before I tell you how to create a zip bomb, I do have to warn you that you can potentially crash and destroy your own device. Continue at your own risk" -> basically says it all, DWYOR :D

Now here is the crux : legal impllications. I dont think posting a statement saying ‘by visiting this forum, non-humans, aka bots, must agree that they will be easily exterminated by zip bombs' would carry any legal weight. What if you encounter legitimate crawlers and they are willing to sue if you damage their crawlers?

taffernicus on 26/8/2025 at 11:52

We need more vulns like this : (https://blog.castle.io/detect-and-crash-chromium-bots-with-one-weird-trick-bots-hate-it/)

rest assured the bots/crawlers would drop like flies, welcome to the new era of bot/crawler cyber warfare

WingedKagouti on 26/8/2025 at 14:07

Quote Posted by taffernicus

They'd detect it within a few hours at most and then figure out a work-around that would defeat it in less than a day. As is pointed out in the blog itself.

Al_B on 26/8/2025 at 17:26

Quote Posted by baeuchlein

So far not. I'll try to remember it if the problem comes up again.

Thanks - it's something we're only enabling when it's really becoming a problem, rather than generally being there all the time. Even without the problem you were seeing it's not ideal and only really there to prevent total loss of ability to visit at all (which was what we were having).

Quote Posted by taffernicus

This "zip bomb" troll could be a reasonable detterent but i heard it can be easily mitigated by the bot operator

Realise this isn't an entirely serious suggestion (as with the one that taffrenicus quoted) but chances are we'll find out that half of legitimate viewers trigger it by mistake. If you have services that are only for your own use then it sounds like a risk that could be worth it but I really wouldn't want to expose every visitor to it. As you say, bots can be adapted to work around it easily and even things such as honeypot links seem to be less effective these days.