The only time I still get asked to click motorcycles is not Cloudflare, it's Google. They absolutely hate when you try to do a search in an incognito window and will give you an unpassable captcha until you give up and use DDG instead.
The shorter the average interaction with the site, the worse the burden cloudflare becomes. E.g. looking up a definition is usually a 5-10 second job, Cloudflare can make it take almost an order of magnitude longer.
In defence of motorcylces and traffic lights, those captchas are annoying too, but they do help humanity in a tiny, tiny way. By contrast, watching a cloudflare loading spinner is stupefyingly useless.
(apologies for ranting. I find it disproportionately irritating even though it's only a few minutes per day, possibly due to the sheer repetition involved).
This may be one reason:
https://blog.cloudflare.com/ddos-threat-report-2025-q3/
Top 10 largest sources of DDoS attacks: 2025 Q3
1. Indonesia
2. Thailand
3. Bangladesh
Vietnam and Singapore also make it into the top 10. The latter is a bit of an outlier being rich and having a small population.
What's the better solution? I certainly don't know.
using a less retarded system, perhaps? forcing a max difficulty recaptcha upon the first (!!!) request from client_IP to server_IP in hours/days/ever makes no fucking sense whatsoever.
Cloudflare is a piece of shit, and people only use it because it's free.
Spam, antisocial behaviour, DDoS…
Yeah, right.
I've got my own reality check on this just few days ago, when I did a manual review of spam/scan/other garbage hitting my server, and it turned out half of it comes from an interesting subset of IPs: registered in UK, US, Belarus, Seychells, etc. and yet according to ping latency and BGP data, most of those IPs are hosted in my home country (Nethernalds).
"IP location" was never an easy task, and it got way worse in recent years.
Network operators declaring intentionally fake location is so mainstream now that majority VPN providers use that (search for "virtual location").
Even sites that I manage with Cloudflare, I see the same. Even if I use relaxed mode on, If I visit the site via mobile, it can trigger the Cloudflare human validation.
binaryturtle•1h ago
It's also the entire blockage of older or less mainstream systems that no longer can access, sometimes critical, websites at all when the Cloudflare check blocks things entirely because the "browser is out of date" or not on their whitelist. Therefore causing excessive discrimination of poorer folks that can't afford upgrading to never/ other systems that still are legible to pass Cloudflare's "grace".
inferiorhuman•30m ago
azalemeth•12m ago