What I will talk about in this blog is something a lot of people have been talking about on forums other than Codeforces, so I was a bit surprised that it has not been brought up on Codeforces in a visible manner yet (or the people being affected are themselves being cut off from Codeforces, so it is perhaps the perfect form of censorship).
Anyway, here are a few blogs that try to address this problem but to no avail — 1 and 2. Pretty sure that this blog will not help this cause much either.
This started out a couple of years ago — or at least long enough that I have forgotten how long it has been. The Codeforces main website, during contests, is never accessible to a few people due to Cloudflare blocking their access.
The users are completely helpless — you keep getting Cloudflare captchas on an infinite loop, without good reason. For others, it is a dead end asking people to "update their browsers because they are out of date" even when their mainstream browsers are up to date with the bleeding edge version, demonstrating a clear disrespect for certain browsers, or even just users that have ad-blocking plugins turned on. This is also sometimes a geo-blocking issue and/or an IP blocking issue.
This is not a one-off occurrence — people around the world face these issues with Cloudflare, enough that it has been branded evil by a ton of people for gatekeeping the internet.
Quoting one of the arguments against using Cloudflare in the comments:
I can be sure that they won't inject ads into my HTML pages.
But they will harass your visitors with captchas for no good reason. I also sometimes run into Cloudflare's "this website is using a protection service" with no way around; it turns out it's a geoblock because it does load just fine when I use a VPN through Germany. The internet was meant to be decentralized. The IP addresses were meant to be used for routing and for routing only, and otherwise treated equally.
A few days ago, this became much worse. What used to happen only during contests is now happening all the time. People have completely lost access to their CF accounts by virtue of not being able to access the website.
Why Codeforces has Cloudflare
The only reason I can think of is to protect itself against DDoS attacks. However, upon discussion with people who are well-versed in the internet security domain, it seems that even Cloudflare has some options that make this stuff more lenient while protecting the website sufficiently against abuse, and that the Codeforces configuration of its Cloudflare protection is just messed up.
Arguments against this nuisance
While I agree that security measures are crucial for the functionality of a website, the way they are implemented clearly makes the website unusable or frustrating for a ton of people (I estimate this number to be a sizeable chunk of all active CF users).
Here are some concrete reasons:
- Accessibility: With the initial measures in place, some people stopped doing contests altogether. One can only imagine the effect of this measure on the traffic of this website (which is something I am certain that the administrators care about).
- Uneven lag in contests: People report that Cloudflare sometimes keeps on loading for tens of minutes before they are able to even start working on the problems. This creates an unfair environment for some people.
- The purpose of an API is defeated: even the API endpoints are restricted, which does not make sense at all. All bots (Discord, competitive programming-specific IDE functionality) that help people (for example in training by choosing problems for them, or by making fetching samples more convenient) are now useless.
- Codeforces randomly lags a lot. I had been assuming that this is a server problem, but from talking to some people it seems like this is an issue with differential treatment of who is accessing CF.
What should be done
Either disable Cloudflare, or configure it properly. Earlier CF used to use a supercookie to track usage (still does), which was already pretty shady, so it is not like CF does not have a history of doing weird things.
Apart from that, I would like to invite the community to discuss other possible abuse-prevention measures that would help protect CF without all this clownery that has made it unusable. It is not unreasonable to ask for accountability when CF has become the de-facto competitive programming community website.
Tagging MikeMirzayanov for more visibility.
i got a cloudflare popup when trying to access this blog, for a second i thought it was intentional :/
Same happened with me ..lol
same here
Some great gods have already killed the competition, and I am still trying to prove that I am a 'real person'
Same.
same here
Could it be affected by Ukraine??
Now Codeforces keeps checking my browser, whatever that meant
It's literally discrimination by economic inequality and racist af. Remember when the problem statements couldn't even load on m2? How the fuck is it fair that all the high trust westerners read div2 A instantly while the "suspicious ip" southeast asians are stuck for 2 minutes on m2 codeforces because of the cloudflare wall with "Problem can't be loaded"?
Not to mention that all bots/extensions are completely broken because for some reason cloudflare applies to the api even when a contest isn't running. What is going on? (Oh, and what happened to "api will have trueRating"? Still not here?)
For div 2s and 3s even mine gets stuck for like 2 mins sometimes. This happened in yesterday's div 2 where I got the problem like 2 mins after the round started...
The bot that reviews Polygon problems has been off for a day because of Cloudflare. The final problem review of EPIC Institute of Technology Round August 2024 (Div. 1 + Div. 2), scheduled for yesterday, could only happen today.
I think this issue is more problematic when you also add the fact that servers in general have been very sluggish on various instances, with very long queues which take place during rounds (especially Div. 3 and Div. 4, which makes the least experienced contestants being the most affected by these structural issues) and more recently, during non contest times too.
Given the growth of the website in the last couple of years, I think it's important to assess these fundamental issues which affect the user experience as of late, because while it's nice to have a growing userbase and to boast about ever increasing records, it's not nice to have issues which occur more and more frequently with these solutions which are used here.
Personally I am willing to donate whenever the next crowdfunding session will take place assuming there are credible steps towards having Codeforces keep up with its growing userbase and I'm sure others share my sentiment too given the fact that in spite of its flaws, CF is still an excellent educational platform and the admins proved in the past that they can listen to the community.
And when exactly has a CF admin listened to the public within the last few years? Rampant cheating in every round, queues are longer than ever, statements don't load, mirrors don't work.... and what have the admins done? Oh yes, banning zh0ukangyang for having multiple accounts.
Let's look aside from the recency bias, there have been some useful features which have been added in the more far away past, for example the contest filters and the Polygon improvements (when it works at least) are some which come to my mind.
Plus if we look several years back, adding Div. 3 and Div. 4 have generally been a great success in terms of having a better experience.
It is important to criticize what is wrong (and you are right in your statement) but there have been good features added too. However, as the current blog shows, the way Cloudflare is handled here is a major issue.
In China, Cloudflare is a big speed bump. Connecting directly to the original server is much faster than using a Cloudflare CDN.
Yeah, and actually that are solutions other than cloudflare to DDos. Lots of large websites (by which I mean more than 10^6 users) use captchas when logging in.Github and Luogu are two good examples.
By the way, it took me 5 tries and about an hour to log in and make this reply
Because of the GFW, Cloudflare is blocked.
Yeah. discuss on Luogu
So real, I hope it'll be fixed
Im sick of this Cloudflare shit too. These stupid cloudflare appear on cf and lc. I hate em.
i would love to read this blog but gah damn it another captcha
Thank you for talking about this. A few contests ago something funny happened where I did a submission and it had the cloud flare mark. Now I expected it to go through, but it didn't get submitted. After submitting B I had to go to A and resubmit it.
Also many times submitting problems takes 30 sec-1 min extra. Like bruh.
It's curious that you don't remember, but few years back, Codeforces had not one, not two, but (AFAIK) at least three rounds unrated because certain participant had grievances and paid for a DDoS attack. I don't think labeling methods to prevent such attacks as ``shady'' is right.
I actually do remember that, which is why the last paragraph (and the first named section) exists in the first place. Such things are bound to happen when a community becomes too large, and there must be security measures in place for the website. My point was that it should not come at the cost of usability and user security, and such measures must be thought about very carefully.
Supercookies can be very easily used for nefarious purposes as well which is why I called it shady. They provide way too much information about the user, and if Codeforces gets hacked some day, it can have potentially devastating consequences for some users. It's not about trusting Mike or not, it's about providing only as much information as is necessary. Cloudflare was a better (but unfortunately misconfigured) step in this direction, but I find it odd that Codeforces still uses supercookies.
Wow some people hated cf so much that they paid for DDOS attack. They must have too much money.
You seem to be telling a joke.
Correct me if I am wrong but to avoid DDoS attacks, can't we show captcha to only those users who have are not logged in, or even if they create multiple fake accounts, they must be trusted participants.
If someone is using their real account for such things, that's a big risk but still if someone does that, we can have limits in place, like whatever happens no one can send more than 100 requests per second, if someone does that, take him to captcha page and all.
In Div4,this situation is very obvious,I submit mycode and I need wait 20~30min to get results.
It becomes difficult to access the website at the time of the competition. I have to use special means.
div3 also toooo
This brings me to mention the last time in Div4. I had finished writing problem D, and only then did the evaluation for problem A come out.
Div2 also tooooooo
I stuck in the Login part for 10min waiting for cloudflare checking my browser. That was annoying.
I think it would be better if every Codeforces contestant had to write their code by hand. I’m not talking about typing it into a text editor, but physically taking a pen to paper, scrawling out every line of code, and then mailing it to MikeMirzayanov himself.
The first and most obvious benefit would be an immediate and permanent end to DDoS attacks on Codeforces. Think about it: if everyone’s submissions had to be mailed in, there would be no servers to overload with a flood of online requests. Every would-be attacker would need a ridiculous number of stamps and envelopes to carry out their plans, and even if they did manage to send in a few hundred thousand pieces of mail, the sheer physical labor involved would deter most script kiddies.
If MikeMirzayanov had to read each submission by hand, contestants would suddenly care a lot more about the readability of their code. The thought of a real person (especially someone as respected as Mike) struggling through a mess of obfuscated variables and convoluted logic would be enough to make anyone think twice before submitting some random garbage. Cleaner, more thoughtful code would emerge, and who knows, maybe we’d all become better programmers as a result.
With submissions being processed by a human, the playing field would level out in terms of the speed at which solutions are evaluated. Everyone’s code would be subject to the same careful scrutiny, removing any advantage gained from fast internet connections or high-end hardware. The contest would become less about how quickly you can type and more about how accurately you can think, which is arguably closer to the spirit of competitive programming.
Seems like a good idea, but Mike is in Russia, and mailing submissions from USA to Russia is not possible because of the war and airline restrictions. I have a few ideas for how to fix this:
number 7 lmaooo
Number 10 the best(just kidding)
I think Number 5 isn't so great. A website like that will also be attack by DDoS. Mike should use his brain to check the code and give results.
This seems unrealistic.
genius
I just crawled exactly one API. I'm just looking at Luogu's Remote Judge. I just opened the console.
And I saw:
For example, in China, people used to do codefors on luogu by submitting remotely, but now, due to the enhancement of the CF mechanism of codeforces in the past two days, luogu no longer has access to the review information of codeforces, which makes it impossible for people to submit on luogu, and this is very inconvenient for people to use the customary This makes it very inconvenient for people to use some of the supporting functions that people are used to in luogu, and it also makes it inconvenient for people and coaches to keep good statistics on their work and training. I just want to reflect the bad influence on luogu now!
Yes, it can be a real headache for many people, but submitting directly on Codeforces is also a good option.
ni shi zhizhang ma Why do you choose to support Codeworks to strengthen the CloudFlare mechanism? This not only makes it difficult for Chinese people to use their familiar local online Judge for evaluation, but also makes it impossible for them to submit on Codeforces to check the browser. Then people are unable to accurately track their problem-solving progress, which also affects their problem-solving speed and results in an extremely poor problem-solving experience. Do you choose support just because you can exercise English? In fact, on Chinese websites, you can also choose English test questions. I think supporting CloudFlare through these aspects is very one-sided and irrational
Okay, you're right.
Because of Cloud Fare, Chinese Online Judges like Luogu&Vjudge often can't remote judge codeforces.
But Vjudge is Japanese Online Judge.
But its author is acturally Chinese?
Maybe you could check out the QQ group of vjudge users:)
But vjudge can remote judge if you provide your cookie JSESSIONID to vjudge.
I know,but sometimes it will fail.
it always happened to me when i tried to enter a contest or in random times, i am using firefox in the latest version, but a solution i found is use another browser, i dont know why, but always i have the cloudflare trouble, i use waterfox (alternative version of firefox), so i can allow to do contest.
if disable cloudflare, then ddos will totally break the website down, then nobody can enter the contest, it's worse than using cloudflare
So is there a way to prevent ddos attack and not affect normal visit at the same time?
Look at this. https://pypi.org/project/cloudscraper/
I think there's a new browser checker, bc I don't see cloudflare loading anymore
I always get cloudflare popped up to check if I am a human.Sometimes it even takes me more than 10 minutes to access the problems.It really ruined my mood to compete in the contest!
Cloudflare has bullying/scammer sales practices which CF will eventually run into, at which point CF will look for a different provider during downtime. Best to look for a different provider ahead and quietly to avoid the downtime.
Dammit, cloudflare is back
Chinese are especially pissed…… LOL
Just hope mike can fix it ...
I even cannot use cf-tool to submit my code when the contest is running , causing much waste of time.
I wasn't even verified from the start of the race to the end of the race, so I had no choice but to use m1.codeforces.com and m3.codeforces.com (I'm in China)
A famous OnlineJudge in China called Luogu have to close the 'RemoteJudge' service to CF because of Cloudflare. www.luogu.com
Yep,we all need a better place of codeforces(no ddos),not stupid cloudflare never stop killing our tries to premote our ability ... I really hate it.
Easy to understand the reason,but possibly there is something that was made to hack Cloudflare captchas and was shown in public. https://pypi.org/project/cloudscraper/ I hope it's legal to use it.
MikeMirzayanov Look at this. https://pypi.org/project/cloudscraper/
I think you are right. The remotejudge on LuoGu won't work if Codeforces add this.
It stopped working already. I tried to submit and it gave an error. LuoGu is trying to fix this issue...
I want to know why vjudge works well
我想知道为什么vjudge能正常提交
Probably because it's got a better bot(?
Perhaps it's because that vjudge has the JSESSIONID cookie and it's just like the __client_id cookie in LuoGu, so Cloudflare has no impact on it
Luogu may fix RMJ in a minute, may not fix it.
洛谷交不了题目很烦。
The current situation of Codeforces has led to a decrease in its traffic, and many APIs are not working, such as Luogu in China. This is undoubtedly regrettable.
The problem is that Chinese coders cannot quickly access cloud flare:(
It's sad of that.Using Cloudflare is completely a mistake,and it may be the biggset mistack since Codeforces founded.Famous Chinese Onlinejudge Luogu and Hydro often return UKE(Unknown Error) because of connecting unsuccessfully.I think because of that,Codeforces will lose almost half of users.
Codeforces is a Cloudflare with competition.
CF should rename itself to Cloudflare instead of Codeforces.
UpVote Guys , Please!!!
henghengaa
The CloudFlare also blocks luogu's RemoteJudge :(
qp,endorse
Does it need to grab qp (
this is the real reason why many of my bra lost points in competitions
Really a bad thing to hear,I suggest you to use m1.codeforces.com next time.
But sometimes it is also useless,especially during Div.4.
You can say that again.
Last month when I want to register a contest at 22:25 (UTC+8:00),Cloudflare made me wait until 22:32 (UTC+8:00) which let me couldn't register it before registration closing.It is lucky that I register it through extra registration.
After that,I had to register contest before 22:20 (UTC+8:00) to make sure I can get rating.
shit cloudflare
no wonder you use m1.codeforces.com or mirror.codeforces.com, you will be checked by the shit
I want contribution
What a pity! We might have to build a mirror site by ourselves.
Without knowing the source IP hiding behind Cloudflare, we couldn't do anything to bypass that man-in-the-middle.
this title was so clever but imo it was kinda tarnished by the many paragraphs below it
In China the bigest online judge luogu. but they can't access CodeForces too.
I think we should sent an email to Mike to submits.
I think so.The Cloudflare is really a bad thing.It's now very hard to get to CF in other countries.I really hate it.And it also take a lot of time to submit.It's very stupid and silly!
In my memories, there is a selction to change how strong is the Cloudflare shield. Codeforecs may choose
strong
?Change to weaker shield will solve the problems easily: Just click some selectboxes.
Codeforces
+1
This problem really exists
Although I don't know why I feel that the loading speed is much faster than before under normal circumstances (not participating in competitions and submitting evaluations), I still get angry in many cases due to slow evaluation feedback
It's not unfair
As a participant,I am robot and I couldn't pass cloudflare check :(.
The most f__king part: Many Remote Judge APIs in China are disabled due to Cloudflare. It's quite annoying.
MikeMirzayanov should say sorry to us.
It's almost impossible to submit CF problems in China
indeed it should lol
if i use vpn to connect cf,i wont be checked by cloudflare.
but if i dont use vpn,cloudflare will keep on check my connection.
idk why,but seem like very funny.
sympathy
Yes I agree. And also, can Codeforces allow the Remote-Judge require from other OJs, so that their users can submit CF's problems on their OJ?
For example, the Remote-Judge submissions to codeforces from (luogu) these days, were banned by Cloudflare, so those submissions all shows "Unknown Error" on luogu, although they had been submitted to CF and also had the submission on CF.
I agree!
last competition i cant submit my code in codeforces because codeforces is keeping testing whether i'm a robot!
I can't use the RemoteJudge of Luogu. What a pity!
Good night, CodeForces.
Same happend with me
luogu's reaction: https://www.luogu.com.cn/discuss/598533
Translate: The problem crawl has been restored, and it is still difficult to solve the submission problem in a short time. Codeforces recently strengthened Cloudflare's defense service, which prevented luogu crawlers from successfully crawling commit records. Again, the stability of the RemoteJudge service is not guaranteed, it is intended to make it easier for people to submit foreign OJs. However, for various reasons, we cannot guarantee the stability of this service. For more details please refer to: https://help.luogu.com.cn/manual/luogu/problem/remote-judge upd: Codeforces recently added submitted daily limit of 250 times daily limit, short time is difficult to solve this problem. At present, the submission process has been run, but the submission speed is extremely unsatisfactory, and it is often easy to trigger the forced cooling of the CF shield. The Codeforces RemoteJudge service cannot be reopened at this time. We are looking at other options, but it will take time. Codeforces' current normal user access itself is very easy to trigger the CF shield, and the results are slow after normal submission of the evaluation. Codeforces users are also complaining about this. https://codeforces.me/blog/entry/132500, given the current Codeforces can use the server in the short term is difficult to scale, the situation in solution.
The real person verification is extremely annoying, usually takes several minutes, and is a huge waste of time.
I never realize there are so many Luogu users on Codeforce...
I feel the same.I'm a Chinese OIer,and we used luogu to practise everyday.The Cloudflare made us unable to hand in the code by luogu,so we had to register the codeforce too see if our code is accepted or not.Truly speaking,the Cloudflare made us less convenient to have lesson and so on
I think you can show it to codeforces.
I am worry about that,too.
I am trying to fetch the API and it yielded 403, when pasting the URL into a browser, boom captcha. What's the purpose of an API if it's behind captcha?
I'm a Chinese OIER, and a pupil.We can have submitted CF problems in luogu before. But lately can't. This is very inconvenienttt!!!!
not only submit,even loading page was congestion too
I'm a robot,so I can't pass cloudflare check.
Maybe Codeforces can organize a group that allows other OJs to use api.
This is really annoying, in China, most programmers using Luogu(洛谷) can not normally use Luogu submit CF evaluation, I save a lot of CF problems here but can not use Luogu submit.
(not that I don't want to use CF to submit, my CF ID can not submit the problem (I don't know why))
Yes,I think,too. I like use luogu,but I can't use know!!! Why!Why!Why!
Now I can't even open this website without getting cloudflare-d every second click. GG
/api/ also requires captcha for some reason? Anyone having the same issue?
not only the Cloudflare but also the long queue effect us (especially Chinese OIers) even at a Codeforces Round a lot
image u r attending a Codeforces Round , when u submit a problem u want to know the result to make sure u accept it.
Then u found u r waiting for queue
so u try to refresh and u will find u have to prove u r a human XD
Is there some way one can contribute to codeforces backend codebase?
看不懂一点