Why do I have to prove I am human before I can connect?

In December 2020 our site began to experience abnormally high connections from unknown sources. It got so high that our hosting service temporarily suspended access to all our database content until we could reduce the number of connection requests.

We hired an expert consultant to advise us. His analysis was our site was under attack from malicious actors. He suspected this was a Denial of Service attack, which would be followed by ransom demands from the malicious actors.

A Denial of Service Attack is the deliberate flooding of a network from attackers that effectively cuts off legitimate users from the websites they host. It is a malicious attack, causing problems not only for the organizations being attacked, but for the customers and online visitors who are affected. A DoS is a Denial of Service attack, originating from a single machine that launches a barrage of network requests, overwhelming their target. These are more easily executed, and can use a variety of types of requests to paralyze the target organization. A DDoS is a Distributed Denial of Service attack, meaning the incoming flood of traffic originates from hundreds of thousands of sources. This is accomplished through botnets, a series of computers that have been hijacked via malware, which are then used to remotely launch a DDoS.

Any organization is a target for DDoS or other network/application attacks. The most popular targets are often Enterprise Corporations, Internet Service Providers, K-12 schools, Higher Education, and Gaming Companies.

It looks like we became a target.

We contracted with a security service called Cloudflare to protect our content and our users.

https://www.cloudflare.com/en-gb/

This is expensive for us but we deem it necessary to keep malicious actors from ruining our user experiences. So please do consider donating to us to help us with this expense burden.

Cloudflare is a security service that attempts to eliminate malicious traffic. Part of their process is to ensure a human is trying to connect, which would eliminate all botnet (computer automation) attempts.  It asks you to prove you are human by identifying a few pictures.

This is the reason you see a screen asking you to validate you are human before you can connect to us.

Once you are validated, every request to see a page made by you automatically passes through the Cloudflare system before reaching us. This causes a few seconds delay.

It shouldn't have to be this way, but ransom demands are a $billion business and every site is at risk.