• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Google forcing ReCAPTCHA on all searches from my HE assigned IPv6 address

Started by cshilton, May 31, 2023, 01:58:14 PM

Previous topic - Next topic

doktornotor

#metoo again - and yeah, the IPv6 no-AAAA hack still works.

Sigh.

supergvozd


Jenick

If it helps, HE.net support told me to change my LAN side networks to my /48 routed, not the /64 default they hand you when you first created your tunnel.  However, if you're running pfSense and pfBlockerNG you can give this a try... https://github.com/pahtzo/hurricane-tunnel-dohdot The main issue I believe is chromium based browsers have their own built-in DNS client which automatically goes for DOH-DOT by default and maybe not even against your system based DNS servers.  I've disabled my pfBlockerNG no-AAAA for google.com and www.google.com but retained my Windows 10 registry settings to disable the built-in DOH-DOT in Brave, Chrome, and Edge.  Still working just fine.

supergvozd



micalizzi



quite

We began getting goog recaptchas maybe a week ago. Have one routed /64 from the allocated /48 network in use at home. And... just now I got a abuse complaint from HE, forwarding a goog complaint stating "We are seeing automated scraping of Google Web Search from a large number of your IPs/VMs.". No, none such going on.

ChrisDos

Has HE been working with Google on this?  I have a couple of customers using 6in4 and this is very annoying.  Why can't Google see the benefits of this.

Edit: Still not working of December 27th.  Uggg.

quite

I'm "guessing" that HE is not working on it more than forwarding the complaint to the users, hoping that the few accounts that perhaps were actually causing problems take steps to correct themselves. And then the big machine in the sky might stop the captchas... Uh.

I've had to stop using the HE IPv6 Tunnel Broker at home for now.

Pentium4User

Quote from: quite on December 28, 2023, 11:42:55 PMI'm "guessing" that HE is not working on it more than forwarding the complaint to the users, hoping that the few accounts that perhaps were actually causing problems take steps to correct themselves. And then the big machine in the sky might stop the captchas... Uh.
I notice that from 2001:470::/32 some scans occur and I contacted he's abuse desk.
I dunno if a relevant of abusers use their AS to query the Google search.

Although, Google is a company that doesn't care about the users if only a small amount of them is affected by their decisions.

I use another search engine (4get.plunked.party) that can also show results from Google.

cholzhauer


cecilspiqwuc

I first noticed this issue with Google search also, then it slowly spread across all Google Services, and now I basically find that the entire 2001:470:: address space, or maybe the entire HE.NET domain, is basically blacklisted. 

I no longer get Captcha challenges, I am immediately met with HTTP 403 - Forbidden everywhere I go regardless of the browser, app, device, or operating system.
Netflix, Microsoft, Google, Apple, Samsung, Github, mozilla, live.com, Amazon, banks, paypal, ticketmaster, walmart, etc. I even get 403 errors in the browser console from advertising networks. Then things got worse, basically any site/app that uses cloudflare or AWS gives me a 403 error.  Now I even get 403 errors from major DNS services - CloudFlare, GooglePublic DNS, SafeDNS, OpenDNS, Quad9 are all blocking DNS requests of any type from my he.net tunnel. 

Disabled the tunnel and all problems immediately disappear. Re-enable tunnel and problems return.

I tried deleting my tunnel then creating a new tunnel to different North American site with both /64 and /48 networks in order to obtain a new prefix. I have tried tunnels to Seattle/Beaverton, Fremont, Ashville, Denver, and Phoenix.  They worked at first but all ended up the same after the first few hours.

Then add insult to injury I also found I could not create a AAAA DNS record that contained a he.net tunnel address because the DNS service provider said the address space is prohibited.

I finally just gave up and disabled IPv6 on my connection, then deleted my HE.NET tunnels in my account and I'm just going to let the account fade away.
Whatever.....

ChrisDos

Quote from: cecilspiqwuc on January 25, 2024, 01:19:24 AMI first noticed this issue with Google search also, then it slowly spread across all Google Services, and now I basically find that the entire 2001:470:: address space, or maybe the entire HE.NET domain, is basically blacklisted. 

I no longer get Captcha challenges, I am immediately met with HTTP 403 - Forbidden everywhere I go regardless of the browser, app, device, or operating system.
Netflix, Microsoft, Google, Apple, Samsung, Github, mozilla, live.com, Amazon, banks, paypal, ticketmaster, walmart, etc. I even get 403 errors in the browser console from advertising networks. Then things got worse, basically any site/app that uses cloudflare or AWS gives me a 403 error.  Now I even get 403 errors from major DNS services - CloudFlare, GooglePublic DNS, SafeDNS, OpenDNS, Quad9 are all blocking DNS requests of any type from my he.net tunnel. 

Disabled the tunnel and all problems immediately disappear. Re-enable tunnel and problems return.

I tried deleting my tunnel then creating a new tunnel to different North American site with both /64 and /48 networks in order to obtain a new prefix. I have tried tunnels to Seattle/Beaverton, Fremont, Ashville, Denver, and Phoenix.  They worked at first but all ended up the same after the first few hours.

Then add insult to injury I also found I could not create a AAAA DNS record that contained a he.net tunnel address because the DNS service provider said the address space is prohibited.

I finally just gave up and disabled IPv6 on my connection, then deleted my HE.NET tunnels in my account and I'm just going to let the account fade away.
Whatever.....

Boy, I had not idea it had gotten that bad.  I was waiting for it to clear up again before re-enabling it, but based on what you were saying, I don't think that is going to happen.

Time to look to see if there is another provider of of IPv6 tunnels.  It sure is a lot of work on my end to switch everything over if an alternative exists.

papamidnight

This has started again, and with a vengeance at that.

For the "select image" reCAPTCHA prompts, they present and will fail regardless of whether or not you answer them correctly. Likewise, the reCAPTCHA v2 prompts that are put in the background of other websites are outright failing without presenting any option.

This is on both /64 and /48 tunnels.