Official Thread to Report Bugs, Concerns or Suggestions With The New Site Platform

Status
Not open for further replies.

tima

Industry Expert
Mar 3, 2014
5,777
6,819
1,400
the Upper Midwest
So why are US ip addresses being locked out? I fully admit to not understanding any of the jargon though.

It may not be that addresses are locked out. It might be that the DDoS Block that Steve mentioned is consuming more machine resources for that function and having less for other duties, thus appearing busy.
 
  • Like
Reactions: howiebrou

Steve Williams

Site Founder, Site Owner, Administrator
So why are US ip addresses being locked out? I fully admit to not understanding any of the jargon though.

That is the question no one seems to be able to answer

We are going to give this a few more days and if the problems continue we will remove the block. Even Julian (our admin) who lives in Spain is constantly locked out and has been blacklisted several times


I had no problems with the site yesterday
 

Steve Williams

Site Founder, Site Owner, Administrator
I've had no access for about 16 hours until just now. Browser says timeout, server is busy.
Hi Tim

I’ve had your IP address white listed

Yiu should have no further problems
 

jfrech

VIP/Donor
Sep 3, 2012
2,152
749
1,160
Austin
still having issues. seems like it takes about 15 min to get on line...
 

Steve Williams

Site Founder, Site Owner, Administrator
Here is a reply from one of the techs at our web support. I hope that what they learned from the IP addresses I reported to them has helped to relieve the problems we have all been having ............

The DDoS protection was to protect your site against all attacks from everywhere.
It was meant to help you to allow all good connections from everywhere and its doing its job. You have a lot of connections from China and Honk Kong.
Please know that your good traffic through the DDoS firewall is at 98.5% and the rest are the blocks.
So not everyone is seeing issues.

So now what we have found with the IP's you have provided.
We have gone over IP's 68.187.136.4, 207.81.8.54, 70.114.225.253 and found out that the extra protection called "Additional Security Headers added to your site" which protects against X-XSS-Protection, X-Frame-Options, X-Content-Type-Options was causing the issue with some of your users.
For instance it was seeing this:

/threads/the-irishman-netflix-coming-up.28672/add-reply
An attempted XSS (Cross site scripting) was detected and blocked

At this time the "Additional Security Headers added to your site" option with all these above have been turned off.

Time to time we need our clients help to figure out the issue.
Please do let us know without any hesitation if this has helped and we are pretty sure it will since these were the only blocks for al the IP's provided.
We are always here to assist you with all your issues and concerns.
 
  • Like
Reactions: howiebrou

Steve Williams

Site Founder, Site Owner, Administrator
still having issues. seems like it takes about 15 min to get on line...

Your IP address has been white listed. You should have no further problem BUT please let us know if things have resolved
 

accwai

Well-Known Member
Jul 26, 2012
276
175
948
Here is a reply from one of the techs at our web support. I hope that what they learned from the IP addresses I reported to them has helped to relieve the problems we have all been having ............

The DDoS protection was to protect your site against all attacks from everywhere.
It was meant to help you to allow all good connections from everywhere and its doing its job. You have a lot of connections from China and Honk Kong.
Please know that your good traffic through the DDoS firewall is at 98.5% and the rest are the blocks.
So not everyone is seeing issues.


So now what we have found with the IP's you have provided.
We have gone over IP's 68.187.136.4, 207.81.8.54, 70.114.225.253 and found out that the extra protection called "Additional Security Headers added to your site" which protects against X-XSS-Protection, X-Frame-Options, X-Content-Type-Options was causing the issue with some of your users.
For instance it was seeing this:


/threads/the-irishman-netflix-coming-up.28672/add-reply
An attempted XSS (Cross site scripting) was detected and blocked


At this time the "Additional Security Headers added to your site" option with all these above have been turned off.

Time to time we need our clients help to figure out the issue.
Please do let us know without any hesitation if this has helped and we are pretty sure it will since these were the only blocks for al the IP's provided.
We are always here to assist you with all your issues and concerns.

Fascinating... A bit of clarification please if you don't mind: My understanding is x-xss-protection, x-frame-options and x-content-type-options are HTTP response headers coming from server to browser. That's certainly the complete opposite of how we normally understanding the Web Application Firewall business. The headers are usually enabled directly on the webserver configuration. Is Sucuri saying they're adding the headers to your outgoing traffic? Also, these headers are very prevalent as almost all the major websites on the net have them one way or another. If they're causing issues for some users, should these users be bogged down everywhere else already?

It's also a little unclear what At this time the "Additional Security Headers added to your site" option with all these above have been turned off covers. The x-xss-protection header doesn't appear on my end, but the other two still do. But for what it's worth, I'm still having frequent timeouts. When that starts happening, looking at network traffic with a browser in development mode shows no response after initial browser request. So this isn't the case of the webserver sending down something that upsets the browser. In fact, WBF is set up to force HTTP traffic into HTTPS via a 301 redirect. When timeout starts happening, even the 301 won't appear, let alone the subsequent HTTPS content.

So just for fun I quickly slapped together a little webserver in my lab at home that's configured to serve out all of headers above. The server runs PHP under Nginx, very similar to WBF's technology stack. No timeout issue at all. I also put a harmless cross-site scripting vulnerability in one corner of the site and tested with Firefox, Chrome and Internet Explorer. Internet Explorer intercepted it while Firefox and Chrome let it through. But nothing freezes.

In any case, no need to do anything special for me, and especially please don't post my IP address in public. The timeout often goes away in 10-15min. That's fine for my usage of the site. As mentioned, I can actually get in by obfuscating my IP address through the Tor network. But that hasn't been really necessary.
 
  • Like
Reactions: djsina2

Steve Williams

Site Founder, Site Owner, Administrator
Fascinating... A bit of clarification please if you don't mind: My understanding is x-xss-protection, x-frame-options and x-content-type-options are HTTP response headers coming from server to browser. That's certainly the complete opposite of how we normally understanding the Web Application Firewall business. The headers are usually enabled directly on the webserver configuration. Is Sucuri saying they're adding the headers to your outgoing traffic? Also, these headers are very prevalent as almost all the major websites on the net have them one way or another. If they're causing issues for some users, should these users be bogged down everywhere else already?

It's also a little unclear what At this time the "Additional Security Headers added to your site" option with all these above have been turned off covers. The x-xss-protection header doesn't appear on my end, but the other two still do. But for what it's worth, I'm still having frequent timeouts. When that starts happening, looking at network traffic with a browser in development mode shows no response after initial browser request. So this isn't the case of the webserver sending down something that upsets the browser. In fact, WBF is set up to force HTTP traffic into HTTPS via a 301 redirect. When timeout starts happening, even the 301 won't appear, let alone the subsequent HTTPS content.

So just for fun I quickly slapped together a little webserver in my lab at home that's configured to serve out all of headers above. The server runs PHP under Nginx, very similar to WBF's technology stack. No timeout issue at all. I also put a harmless cross-site scripting vulnerability in one corner of the site and tested with Firefox, Chrome and Internet Explorer. Internet Explorer intercepted it while Firefox and Chrome let it through. But nothing freezes.

In any case, no need to do anything special for me, and especially please don't post my IP address in public. The timeout often goes away in 10-15min. That's fine for my usage of the site. As mentioned, I can actually get in by obfuscating my IP address through the Tor network. But that hasn't been really necessary.


The site seems to be working just fine since they made their changes

Thanks for your thoughts
 

NorthStar

Member
Feb 8, 2011
24,305
1,323
435
Vancouver Island, B.C. Canada
I was wondering about the safety of posting publicly an IP address. Some are dynamic IP addresses, and in this world of Internet security and privacy are priorities everyone respect and protect.

"It's not safe to share the IP address of your computer on public Internet, particularly with strangers. It is possible to hack a computer, provided that the hacker knows the IP address of the victim's computer. ... There are several ways to hide one's own IP address, such as Network Address Translation, VPNs, etc." - Jun 14, 2018

I'm no expert on computers, others who are can share ...
 

djsina2

Well-Known Member
May 30, 2019
1,125
964
213
I was wondering about the safety of posting publicly an IP address. Some are dynamic IP addresses, and in this world of Internet security and privacy are priorities everyone respect and protect.

"It's not safe to share the IP address of your computer on public Internet, particularly with strangers. It is possible to hack a computer, provided that the hacker knows the IP address of the victim's computer. ... There are several ways to hide one's own IP address, such as Network Address Translation, VPNs, etc." - Jun 14, 2018

I'm no expert on computers, others who are can share ...

First off, nobody has a public IP on their computer. It’s on your home firewall, which by default denies all inbound connection attempts.
 

accwai

Well-Known Member
Jul 26, 2012
276
175
948
The site seems to be working just fine since they made their changes

As mentioned I'm still getting frequent timeouts. And this just happened while I was trying to login to post an answer to the classical music listening thread:



By the way, IDS = Intrusion Detection System
 

Attachments

  • wbf_ids.jpg
    wbf_ids.jpg
    80.7 KB · Views: 2

Steve Williams

Site Founder, Site Owner, Administrator
You asked not to do anything with your IP address as you like to use the Tor route which allows obfuscating the real thing

In any case, no need to do anything special for me, and especially please don't post my IP address in public. The timeout often goes away in 10-15min. That's fine for my usage of the site. As mentioned, I can actually get in by obfuscating my IP address through the Tor network. But that hasn't been really necessary.

I have had no complaints other than from you in the past few days
 

jfrech

VIP/Donor
Sep 3, 2012
2,152
749
1,160
Austin
Your IP address has been white listed. You should have no further problem BUT please let us know if things have resolved

Hi 15 min or so to log on last night and today. Last night I gave up and missed the whole no politics thread :oops:. I agree with what you want to do btw on that topic. This am after trying the web site for about 15 min, I get in and can post, read, etc with seemingly normal browsing times. Just that initial 15 min...
 

Steve Williams

Site Founder, Site Owner, Administrator
Hi 15 min or so to log on last night and today. Last night I gave up and missed the whole no politics thread :oops:. I agree with what you want to do btw on that topic. This am after trying the web site for about 15 min, I get in and can post, read, etc with seemingly normal browsing times. Just that initial 15 min...

Not sure why so I resubmitted a ticket asking them to look into it again
 

NorthStar

Member
Feb 8, 2011
24,305
1,323
435
Vancouver Island, B.C. Canada
Here's a solution that works for me ...
• When access is difficult I switch browser, or I refresh it, or I use another highway for my browser.
It works 99.999% of the time.

But these are rare occurences, particularly more recently.
 
Status
Not open for further replies.

About us

  • What’s Best Forum is THE forum for high end audio, product reviews, advice and sharing experiences on the best of everything else. This is THE place where audiophiles and audio companies discuss vintage, contemporary and new audio products, music servers, music streamers, computer audio, digital-to-analog converters, turntables, phono stages, cartridges, reel-to-reel tape machines, speakers, headphones and tube and solid-state amplification. Founded in 2010 What’s Best Forum invites intelligent and courteous people of all interests and backgrounds to describe and discuss the best of everything. From beginners to life-long hobbyists to industry professionals, we enjoy learning about new things and meeting new people, and participating in spirited debates.

Quick Navigation

User Menu

Steve Williams
Site Founder | Site Owner | Administrator
Ron Resnick
Site Co-Owner | Administrator
Julian (The Fixer)
Website Build | Marketing Managersing