Got cut off the forums

Status
Not open for further replies.
Hi,

My previous IP address (A.B.C.D mod: IP address removed) somehow got firewalled on forums.freebsd.org. I didn't renew lease for some time but I didn't check forums either. I am 100% sure I didn't abuse anything to cause this.

Then I had to read some documentation on the forums and couldn't access. It seems that firewall cuts off IP address for a long time, since I can't access for over 24 hours.

It takes ton of testing to even figure out that it is result of firewall action on the other side, including using w3m on my Linode server, just to confirm that forums are not down. It certainly doesn't help that https://forums.freebsd.org/misc/contact is hosted on the same domain, being cut off and trying to report about that won't past the firewall causing initial problem.

Just before I used ssh/proxy tunnel to access forums from my server in another country I rebooted ISP modem, which in turn changed my IP address. Fine, it now works. No idea for how long will 109.93.x.x be firewalled but it doesn't seem like good idea.

My point is:

It is very bad user experience to firewall IP address for such a long time. I don't know why it was firewalled but I know I didn't do anything to cause that. User wanting to read anything on the forums and hitting the wall is going to cause user not to return -- almost happened to me. It took over 70 minutes to test and figure everything out, using not so common knowledge level. Somebody less experienced can't even think of solving this.

Question:

Can we please somehow figure out what happened and prevent this from happening to other users? See point above.
 
I don't know why it was firewalled
There's really only one reason why this would happen at all, and that's because we received lots of spam or other abuse from either that specific IP or the whole range. I'm not saying you were responsible for that spam/abuse, just that we detected a lot from the same range (talk to your ISP) or that specific IP and you just got caught in the middle.
 
There's really only one reason why this would happen at all, and that's because we received lots of spam or other abuse from either that specific IP or the whole range. I'm not saying you were responsible for that spam/abuse, just that we detected a lot from the same range (talk to your ISP) or that specific IP and you just got caught in the middle.

Thanks. Of course I understand why firewall kicks in (no wasn't me), but it seems drastic that it lasts for even an hour. Cutting off IP range is even worse, I don't think that so blunt tool ever gives any results (apart from frustrating normal users).

If it was single IP address my only explanation is that my wifi renewed lease with already banned IP, which is horrible enough multiplied with what seems indefinite ban. If it is range of addresses then I don't have to explain how bad user experience that is, for 99% of normal users.

I will write email to my ISP but I don't expect many results. If you can help with any specifics about abuse that I can forward to them that might help.
 
Of course I understand why firewall kicks in (no wasn't me), but it seems drastic that it lasts for even an hour.
Spammers and other abusers are surprisingly resilient. Blocking them for half an hour barely makes a dent in their attempts. But note that this isn't done automatically, the firewall is a last resort and mostly managed by hand.

Cutting off IP range is even worse, I don't think that so blunt tool ever gives any results (apart from frustrating normal users).
You're absolutely correct, it's a very blunt tool. We really only do this if there's no other way. Some ISPs are just cesspools.
 
Weird, I host fleet of servers on Linode, in two different countries, and I never get any abuse from my country. I don't remember seeing any local address being firewalled ever (I am using pf and sshguard).

That ISP is one of two existing ISPs in the country so it is not like there is much choice. If you ban that ISP address ranges you have banned 60% of the country population which means some seven or so million people.

I have no doubt you have valid reasons but I am surprised that anybody can push any kind of abuse using relatively slow local ISP connections.

Anyway I won't bug you with this any more. I am willing to push this issue with my ISP but I need more data if you are willing to share any: IP addresses, what happened, etc, so I can present proper case. You also have my contact email if needed.
 
Wait for DutchDaemon to respond, he's usually the one that manages the firewall. He'll be able to tell what the reason for the block was. I can really only check if it's indeed blocked (which I haven't done yet), what I stated above were reasons why it may have been blocked (more generalized explanation).
 
  • Thanks
Reactions: dpx
The IP address was blocked in February because of a malicious vulnerability probe on a server under my administration. This was probably done by someone who held this (dynamic) IP address earlier. I've set the IP to expire from the firewall.
 
  • Thanks
Reactions: dpx
Status
Not open for further replies.
Back
Top