We started getting a Google Captcha for our web searches this morning. Does anyone have contact info for Google so that I can contact them and figure out where the traffic is coming from on my side or what service it is going to so that I can track down the users?
Thanks,
Joe Jenkins
909.636.2097
We had that problem too, it was only happening to computers with a NATed v4
address. Connecting to Google over IPv6 made the problems go away.
Thank you,
- Nich
We started getting a Google Captcha for our web searches this morning. Does anyone have contact info for Google so that I can contact them and figure out where the traffic is coming from on my side or what service it is going to so that I can track down the users?
Out of curiosity: Is this happening with IPv6-capable hosts? We've had instances where Google flags our dual stack hosts and pops up Captcha's like you're reporting when connecting via v6, but where we've never had problems accessing their services from the same host(s) over v4. Flipping the affected host's browser over to using v4 using a browser extension let's them access Google services again.
https://support.google.com/websearch/answer/86640?hl=en is too generic/vague to give any specifics of why Google decided the user's v6 IP is put on the nasty list (or even whether it's their IP specifically or something larger like a /64).
It's done per /32 I believe. Do you have a lot of NATed users?
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
I have about a 600 users. We aren’t dual stick only ipv4 at this point. Someone contacted me off list and gave me some insight as to what to key on.
Joe
You may get captcha if you are using popular open dns services. At least
this is what I've seen.
You may get captcha if you are using popular open dns services. At least
this is what I've seen.
pardon, what?
When I've started using DNS from unotelly service, captcha starts
appears from time to time. If I change DNS to something else, catcha
gone immediately.
Its probably related to DNS geo-locating to decide what records serve to
client
Hi Nikolay,
The "popular open dns services" you refer to appear to be Proxy/VPN
services that also provide DNS to get around region blocking. These
services proxy and/or NAT users behind a single IP address to make it
look like you are coming from a different country.
I may be biased, but when I think of popular open DNS services I think
of OpenDNS or Google DNS, and you should *never* see a captcha as a
result of using OpenDNS. Disclaimer: I work for OpenDNS, and while I
can't speak to Google DNS, I have never heard of this behaviour with
their service either.
Just wanted to clarify.
- Chris
Hi Chris,
Yeah I probably should worded that differently not 'open dns services',
sorry about that. In my case there is no proxy/vpn service (i know they
can do that), just DNS changes. For some reason that cause
false-positive detection in google from time to time.
I think those types of DNS services are so-called "Smart DNS".
Mark.
'smart' ... I can't imagine that the DNS server you use would matter
to Google, from a 'send to captcha' perspective. I CAN imagine that
the DNS server you use could lie to you about the right RR to send
back, and then push you through some proxy for all manner of good/bad
reasons.
Don't use DNS servers that lie.
Chris: as you correctly note, this can only happen if the DNS provider
returns falsified records to hijack traffic and MITM it through their own
proxies. But it sounds like you're unaware of the dark past of OpenDNS
where they did exactly that, and their users got Google captchas as a
result (they don't do this anymore).
To answer the other questions/comments on the list:
- You're responsible for all the traffic that comes from your IP. Joe,
if you put 600 users behind an IPv4/32 you'd better make sure you have
controls in place to keep malware (and shady browser extensions) off their
machines.
- The obvious way to avoid needing to share a NAT address is to switch to
IPv6 if possible, as Nich said.
- Google looks at an IPv4/32 or IPv6/64 by default (may be /56 or /48 for
some hosting providers). If you have significant numbers of users sharing
a /64, please explain why? Is it because you hate your users? 
Damian
it's in wikipedia, so ... someone did 
But yea, don't use dns
servers that lie to you UNLESS you understand very well what that lie
is going to be and under what conditions you'll get the lie.
Well, there is a ton of them offering pay-for services online that seem
to work for millions of people globally.
I suppose those folk are okay with the "lies" those resolvers tell - but
there is a specific use-case for those, as you may know...
Mark.
Yes, people also jump out of perfectly good airplanes... we can't fix
all the things 
my point really is you assume some risk when you do odd things with
basic plumbing on the internet, if you don't actually know what you
are doing you're going to get burned.
Quoted from Wikipedia:
"Dangers of Use[edit]
The dangers of using an unknown IP as a Smart DNS are similar to any
other rogue DNS server preforming DNS hijacking in that the user is
not aware which parts of his traffic are redirect and intercepted."
-chris
No arguments from me there...
Mark.
We had an IP flagged where a new hire in our Marketing dept was doing some kind of SEO and was hammering Google's servers with API requests in the hundreds per minute. Google flagged it as malicious, got the captcha for all users behind that IP. After we found and stopped him, it returned to normal after a few hours.
Ian Mock