When I’m doing HTB boxes, most of the time I do them at a coffee shop, but sometimes I do them at my home too. Logging into HTB’s SSO using a coffee shop’s Wi-Fi pretty much never causes me any problems, but when I try to log in from my home’s internet connection, I keep getting an error saying “We think you might be a bot, please try again submitting the form!”. Trying to log in repeatedly only gives me the same error message over and over. I’m guessing at some point a captcha should pop up, but even disabling uBlock Origin altogether on the login page, none shows up. Sometimes I get through and successfully login from home, but the reason why is not clear.
I’m guessing that the anti-botnet defenses get triggered because I’m trying to log in from an IP address I don’t usually use, but I don’t get why HTB’s backend is more lenient towards coffee shop IPs than home IPs. Nevertheless, this is a serious pain. When this error would appear, wouldn’t it be better to e.g. send an email or SMS asking the user to confirm the login from that IP address?