Cant Access my site from work

[p337x10h]

Hi Team

After the botnet changes made this week, I can no longer access my free web hosting webpage at work.
(www.p337.x10host.com/site/) [i currently have nothing hosted on the root. hence the "site" sub dir]

I can connect to my website normally from home, and on my phone


We use our own, managed, work related proxy at work.
is there a way I can get my work's proxy server whitelisted from the new bot net software, our external IP address is always the same.

My works IP address is found within this dropbox text file for security - https://dl.dropboxusercontent.com/u/23555385/work_IP_Address.txt

Please see the error the proxy server gives: "host failed to respond" this is compeltely different to a block screen
https://dl.dropboxusercontent.com/u/23555385/18-12-2014 9-20-56 AM.png
Please note I am on the IT team and have unrestricted web access, additionally all proxy changes come past my desk,
My website was working up until the changes made to the botnet protections update yesterday.

Edit: I did a tracert, see my comment below

Thanks again.

 

[p337x10h]

Ive just noticed a post from a prime account member saying that someones IP might be on the x10hosting firewall
(post in question - https://community.x10hosting.com/threads/my-site-wont-open.195470/)

My site works at home, but not at work

I think this is also my case, I need my works network approved for the x10hosting firewall which I am happy to provide.

 

[caftpx10]

There's a bit of doubt that X10 would block proxies to access sites hosted on their servers, I could be wrong in a way about it though.
Is the unrestricted proxy blocking any ports?
Is the firewall blocking anything?
Some proxies can't access sites due to certain ports or some other thing making it fail to obtain a full on connection (like not being supported).
I'm just guessing out questions here as I'm not so sure why the request from the browser is not getting a response from the server and I'm not an expert on proxy servers.

 

[p337x10h]

Thanks for the reply,
My website worked up untill 2 days ago, when they put in this botnet change
There have been no changes to my works proxy settings or firewall. those change requests come through me.
Please see the below quote from the x10hosting status page: status.x10hosting.com/

Security Updates 22 hours ago
FREE HOSTING
We have been rolling out new security measures across free hosting the past couple of days including blocks to some major botnets and known spamming IPs (Forum\Comment spam). Tonight we are implementing a new set of mod security rules for Apache to further protect our customers against known and unknown exploits. So far we are seeing upwards of 10,000 requests per minute stopped by these new changes and hope to increase that even more with some fine tuning.

If you have any issues on your website or issues accessing your website please open a thread on the free hosting forum so we can investigate. The mod security rules should be showing a 403 if you inadvertently trigger a rule but it may not in some cases so please report to the forums just in case.

 

[p337x10h]

Please see my tracert - https://dl.dropboxusercontent.com/u/23555385/Temp/x10host/15-12-2014 11-49-52 AM.png

if it helps at all

 

[Ohso]

No wonder. Seeing less hits to my own forum protection but that's even better that they implement it on their own end. kudos.

 

[p337x10h]

Hi, I agree that its a well needed feature. but Its blocking my ability to host at work.

I just need my works IP added to the allow list, as I host a few things for colleagues.

 

[leafypiggy]

Looking into this for you. Your entire work's IP address CIDR is on a spamhaus blacklist... working with our management team to find a solution.

 

[p337x10h]

Thanks Neil for looking into this, I have had a quick search for my works IP on spamhaus, but it didnt seem to be flagged.
https://dl.dropboxusercontent.com/u/23555385/Temp/x10host/18-12-2014 4-15-34 PM.png
Let me know if I need to provide anything else.

 

[leafypiggy]

Hi @p337x10h

I've looked through this with our management team, and your IP address is on a spam blacklist. It was listed on 11/22/14 for a thirty day block. The block will clear on 12/22/2014, and your sites will again be accessible. Unfortunately there is no way to override this. You might want to speak with your IT department at work so they can identify the spammer.

 

[p337x10h]

Thanks for the response.
But I am the IT department.
We dont run any botnets in our office...
But 400 people share the same IP address. Only 10 people absolute maximum would look at my site.
Bit annoying this is the outcome.

 

[leafypiggy]

Unfortunately there is nothing we can do to remove the block at this time.

 

[bdistler]

But I am the IT department...Bit annoying this is the outcome.

IMO there is a 'other' issue
you know that you - and those that use the same IP - are blocked from your site (account) at x10hosting
but you do not know who else is being blocked - do to not having log files for your x10hosting account

reading this thread - and recent other threads - in this forum - it looks to me - that a large part of the Internet is now being blocked
by IP - and whatever else makes x10hosting servers think you - and others - might be "Spamming" your site

EDIT - to try and make this post easier to follow

 

[p337x10h]

Hi bdistler,
the direction of your comment is hard to follow.

Yeah, we dont really keep tight logging on our proxy, and its not worth my time to look into it, because its not our proxy that has changed, its these botnet rules.
its not like my company runs a botnet service, that is designed with the sole purpose of hammering the x10hosting network's infrastructure.
Its legitimate traffic being blocked.

I dont really have any leverage to complain, as x10hosting generously provides hosting free of charge for many members,
but if these botnet rules are going to stay overzealous and restrictive.
you should change the name of free hosting to "X10 limited hosting"

EDIT: Additionally, There appears to be no proof that it wont just re-block my companies IP address once the current block is over.
I dont really see "wait up your unrightful ban" as an adequate solution. can a mod pull some stats to prove to me that my company really has been DDoSing X10 hosting sites?

 

[bdistler]

...the direction of your comment is hard to follow

Sorry about that - I have made a edit of that post

 

[leafypiggy]

This has nothing to do with botnets.

Your IP is listed by an independent third party for spam. Not by us.

The changes we made were made so that the constant stream of spambots we receive is greatly reduced. For example, before the change, we were getting 1000+ hits per second on various script's login pages from bots attempting to break in. Now, that is reduced by more than ~50% (Still fully collecting the logs on it).

I apologize that the change affected your work's IP address, however we have no control over it being on a spam list.

 

[AngusThermopyle]

Your IP is listed by an independent third party for spam. Not by us.

...

we have no control over it being on a spam list.

You have no control, but the third party does.

Why don't you tell p337x10h who the third party is so that he can contact them and
1) see why his IP is listed
2) how to get it unlisted
3) prevent it from getting relisted

 

[Corey]

The IP you're trying to connect with is listed on multiple blacklists including SORBs and Barracuda. This would be considered a "bad" IP address, for how we weigh it and the other blocklists we're using you should be able to connect again after the 22nd assuming additional malicious traffic does not show up from the IP in question.

Overall we went fairly lenient with the block lists, we've seen a huge reduction in spam and malicious attempts at compromising websites already.

 

[Corey]

IMO there is a 'other' issue
you know that you - and those that use the same IP - are blocked from your site (account) at x10hosting
but you do not know who else is being blocked - do to not having log files for your x10hosting account

reading this thread - and recent other threads - in this forum - it looks to me - that a large part of the Internet is now being blocked
by IP - and whatever else makes x10hosting servers think you - and others - might be "Spamming" your site

EDIT - to try and make this post easier to follow

What recent other threads? As far as I know we have not had any false positives yet.

These steps are necessary to try and keep our users safe, we're now being proactive and blocking the botnets that not only spam but compromise user's websites, especially out of date ones. Just look at this thread posted earlier in the week: http://community.x10hosting.com/thr...rough-wordpress-plug-in-vulnerability.195468/

The average user does not keep their site, addons, plugins, themes, etc up to date.. this leads to their site becoming a haven for spam or being compromised with phishing pages or other illegal activity being carried out from their account. There is no reason to allow thousands of requests per second from bots trying to make spam posts or attempting to exploit everyone's blog to make it through to the web server when we have the ability to block it in advance.

If for some reason false positives do end up showing themselves we will add in the ability to whitelist IPs, but for the IP specific to this thread I do not see the need to at the moment since the IP has clearly been used for some malicious activities and is actively listed on multiple blacklists.

 

[bdistler]

Why don't you tell p337x10h who the third party is so that he can contact them and
1) see why his IP is listed
2) how to get it unlisted
3) prevent it from getting relisted

[ p337x10h ] and others - can get some information - by drilling down through the data - at [ http://www.blacklistalert.org/ ]