Cant Access my site from work

Status
Not open for further replies.

p337x10h

New Member
Messages
22
Reaction score
0
Points
1
Hi Team

After the botnet changes made this week, I can no longer access my free web hosting webpage at work.
(www.p337.x10host.com/site/) [i currently have nothing hosted on the root. hence the "site" sub dir]

I can connect to my website normally from home, and on my phone


We use our own, managed, work related proxy at work.
is there a way I can get my work's proxy server whitelisted from the new bot net software, our external IP address is always the same.

My works IP address is found within this dropbox text file for security - https://dl.dropboxusercontent.com/u/23555385/work_IP_Address.txt

Please see the error the proxy server gives: "host failed to respond" this is compeltely different to a block screen
https://dl.dropboxusercontent.com/u/23555385/18-12-2014 9-20-56 AM.png
Please note I am on the IT team and have unrestricted web access, additionally all proxy changes come past my desk,
My website was working up until the changes made to the botnet protections update yesterday.

Edit: I did a tracert, see my comment below

Thanks again.
 
Last edited:

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
There's a bit of doubt that X10 would block proxies to access sites hosted on their servers, I could be wrong in a way about it though.
Is the unrestricted proxy blocking any ports?
Is the firewall blocking anything?
Some proxies can't access sites due to certain ports or some other thing making it fail to obtain a full on connection (like not being supported).
I'm just guessing out questions here as I'm not so sure why the request from the browser is not getting a response from the server and I'm not an expert on proxy servers.
 

p337x10h

New Member
Messages
22
Reaction score
0
Points
1
Thanks for the reply,
My website worked up untill 2 days ago, when they put in this botnet change
There have been no changes to my works proxy settings or firewall. those change requests come through me.
Please see the below quote from the x10hosting status page: status.x10hosting.com/

Security Updates 22 hours ago
FREE HOSTING
We have been rolling out new security measures across free hosting the past couple of days including blocks to some major botnets and known spamming IPs (Forum\Comment spam). Tonight we are implementing a new set of mod security rules for Apache to further protect our customers against known and unknown exploits. So far we are seeing upwards of 10,000 requests per minute stopped by these new changes and hope to increase that even more with some fine tuning.

If you have any issues on your website or issues accessing your website please open a thread on the free hosting forum so we can investigate. The mod security rules should be showing a 403 if you inadvertently trigger a rule but it may not in some cases so please report to the forums just in case.
 

Ohso

Member
Prime Account
Messages
114
Reaction score
4
Points
18
No wonder. Seeing less hits to my own forum protection but that's even better that they implement it on their own end. kudos.
 

p337x10h

New Member
Messages
22
Reaction score
0
Points
1
Hi, I agree that its a well needed feature. but Its blocking my ability to host at work.

I just need my works IP added to the allow list, as I host a few things for colleagues.
 

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
Looking into this for you. Your entire work's IP address CIDR is on a spamhaus blacklist... working with our management team to find a solution.
 

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
Hi @p337x10h

I've looked through this with our management team, and your IP address is on a spam blacklist. It was listed on 11/22/14 for a thirty day block. The block will clear on 12/22/2014, and your sites will again be accessible. Unfortunately there is no way to override this. You might want to speak with your IT department at work so they can identify the spammer.
 

p337x10h

New Member
Messages
22
Reaction score
0
Points
1
Thanks for the response.
But I am the IT department.
We dont run any botnets in our office...
But 400 people share the same IP address. Only 10 people absolute maximum would look at my site.
Bit annoying this is the outcome.
 

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
Unfortunately there is nothing we can do to remove the block at this time.
 

bdistler

Well-Known Member
Prime Account
Messages
3,534
Reaction score
196
Points
63
But I am the IT department...Bit annoying this is the outcome.
IMO there is a 'other' issue
you know that you - and those that use the same IP - are blocked from your site (account) at x10hosting
but you do not know who else is being blocked - do to not having log files for your x10hosting account

reading this thread - and recent other threads - in this forum - it looks to me - that a large part of the Internet is now being blocked
by IP - and whatever else makes x10hosting servers think you - and others - might be "Spamming" your site

EDIT - to try and make this post easier to follow
 
Last edited:

p337x10h

New Member
Messages
22
Reaction score
0
Points
1
Hi bdistler,
the direction of your comment is hard to follow.

Yeah, we dont really keep tight logging on our proxy, and its not worth my time to look into it, because its not our proxy that has changed, its these botnet rules.
its not like my company runs a botnet service, that is designed with the sole purpose of hammering the x10hosting network's infrastructure.
Its legitimate traffic being blocked.

I dont really have any leverage to complain, as x10hosting generously provides hosting free of charge for many members,
but if these botnet rules are going to stay overzealous and restrictive.
you should change the name of free hosting to "X10 limited hosting"

EDIT: Additionally, There appears to be no proof that it wont just re-block my companies IP address once the current block is over.
I dont really see "wait up your unrightful ban" as an adequate solution. can a mod pull some stats to prove to me that my company really has been DDoSing X10 hosting sites?
 
Last edited:

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
This has nothing to do with botnets.

Your IP is listed by an independent third party for spam. Not by us.

The changes we made were made so that the constant stream of spambots we receive is greatly reduced. For example, before the change, we were getting 1000+ hits per second on various script's login pages from bots attempting to break in. Now, that is reduced by more than ~50% (Still fully collecting the logs on it).

I apologize that the change affected your work's IP address, however we have no control over it being on a spam list.
 

AngusThermopyle

Active Member
Messages
319
Reaction score
52
Points
28
Your IP is listed by an independent third party for spam. Not by us.

...

we have no control over it being on a spam list.

You have no control, but the third party does.

Why don't you tell p337x10h who the third party is so that he can contact them and
1) see why his IP is listed
2) how to get it unlisted
3) prevent it from getting relisted
 

Corey

I Break Things
Staff member
Messages
34,551
Reaction score
204
Points
63
The IP you're trying to connect with is listed on multiple blacklists including SORBs and Barracuda. This would be considered a "bad" IP address, for how we weigh it and the other blocklists we're using you should be able to connect again after the 22nd assuming additional malicious traffic does not show up from the IP in question.

Overall we went fairly lenient with the block lists, we've seen a huge reduction in spam and malicious attempts at compromising websites already.
 

Corey

I Break Things
Staff member
Messages
34,551
Reaction score
204
Points
63
IMO there is a 'other' issue
you know that you - and those that use the same IP - are blocked from your site (account) at x10hosting
but you do not know who else is being blocked - do to not having log files for your x10hosting account

reading this thread - and recent other threads - in this forum - it looks to me - that a large part of the Internet is now being blocked
by IP - and whatever else makes x10hosting servers think you - and others - might be "Spamming" your site

EDIT - to try and make this post easier to follow

What recent other threads? As far as I know we have not had any false positives yet.

These steps are necessary to try and keep our users safe, we're now being proactive and blocking the botnets that not only spam but compromise user's websites, especially out of date ones. Just look at this thread posted earlier in the week: http://community.x10hosting.com/thr...rough-wordpress-plug-in-vulnerability.195468/

The average user does not keep their site, addons, plugins, themes, etc up to date.. this leads to their site becoming a haven for spam or being compromised with phishing pages or other illegal activity being carried out from their account. There is no reason to allow thousands of requests per second from bots trying to make spam posts or attempting to exploit everyone's blog to make it through to the web server when we have the ability to block it in advance.

If for some reason false positives do end up showing themselves we will add in the ability to whitelist IPs, but for the IP specific to this thread I do not see the need to at the moment since the IP has clearly been used for some malicious activities and is actively listed on multiple blacklists.
 
Status
Not open for further replies.
Top