Several sites blocked on Cool Ideas

cobuskruger

Well-Known Member
Joined
Sep 21, 2009
Messages
184
@PBCool I'm using the TP Link router I got from Cool Ideas. I was asked this morning to update the firmware and do a factory reset. I'll do that.

Meanwhile, also after a suggestion from support, I downloaded Eset Internet Security and ran it on all three PCs, and I booted all the phones from the network (thanks to lockdown we all have lots of carried-over data ;) ). One PC is still running, but Eset found nothing of note on the other two. I previously did the same thing with MalwareBytes, so I'm not holding my breath.

Also, I've done the test multiple times, where I disconnected all the other devices and restarted the ONT to get a new IP. Around half the time, the IP is already blocked on Steam when it's assigned to me. I'm not aware of any cases (though I could be wrong) where a site was accessible the morning, and blocked the afternoon/evening. I would be able to monitor that, if I could find out which blacklist is at play.
 

cobuskruger

Well-Known Member
Joined
Sep 21, 2009
Messages
184
Edit: I see support has already been in contact with you and it appears that each new IP you receive eventually gets blacklisted on Spamhaus.
You have been misinformed. It's possible that there is something I have yet to find causing the Steam block, but the situation with Spamhaus is different.

You can verify this by looking at the Spamhaus blocklists here:

Not listed (today's IP, and not in the 102 range):

Listed (IP I had on 15 December):

This is the listing:

Clear as daylight, it says, "102.132.128.0/18 is listed on the Policy Block List (PBL)"

Clearly that is the entire range, not the IP.
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
76,934
You have been misinformed. It's possible that there is something I have yet to find causing the Steam block, but the situation with Spamhaus is different.

You can verify this by looking at the Spamhaus blocklists here:

Not listed (today's IP, and not in the 102 range):

Listed (IP I had on 15 December):

This is the listing:

Clear as daylight, it says, "102.132.128.0/18 is listed on the Policy Block List (PBL)"

Clearly that is the entire range, not the IP.
Generally, dial up ranges are blocked on dnsbls.
There's no reason to send direct to mx mail from a client computer.
 

RonSwanson

Executive Member
Joined
May 21, 2018
Messages
6,768
You have been misinformed. It's possible that there is something I have yet to find causing the Steam block, but the situation with Spamhaus is different.

You can verify this by looking at the Spamhaus blocklists here:

Not listed (today's IP, and not in the 102 range):

Listed (IP I had on 15 December):

This is the listing:

Clear as daylight, it says, "102.132.128.0/18 is listed on the Policy Block List (PBL)"

Clearly that is the entire range, not the IP.
Are you running an SMTP server?
 

cobuskruger

Well-Known Member
Joined
Sep 21, 2009
Messages
184
Generally, dial up ranges are blocked on dnsbls.
There's no reason to send direct to mx mail from a client computer.
I mentioned Spamhaus because it was the only blacklist picked up. From what I understand, it shouldn't be used by web servers, so I don't think it's related to my actual problem.
 

TheRoDent

Cool Ideas Rep
Joined
Aug 6, 2003
Messages
5,654
You have been misinformed. It's possible that there is something I have yet to find causing the Steam block, but the situation with Spamhaus is different.

You can verify this by looking at the Spamhaus blocklists here:

Not listed (today's IP, and not in the 102 range):

Listed (IP I had on 15 December):

This is the listing:

Clear as daylight, it says, "102.132.128.0/18 is listed on the Policy Block List (PBL)"

Clearly that is the entire range, not the IP.
The PBL is simply a list of dialup IP's that shouldn't directly send email on port 25.

Most ISP's list their consumer IP's in the PBL. You can read up about it on the Spamhaus site.

It doesn't really correlate with web activity, or why certain sites including our site which uses a central database should block you.

My hunch is still that something on your network is being detected by cloudflare or other WAF systems as unusual activity.

We can give you as many IP's we want but something is clearly wrong.
 

cobuskruger

Well-Known Member
Joined
Sep 21, 2009
Messages
184
The PBL is simply a list of dialup IP's that shouldn't directly send email on port 25.

Most ISP's list their consumer IP's in the PBL. You can read up about it on the Spamhaus site.

It doesn't really correlate with web activity, or why certain sites including our site which uses a central database should block you.

My hunch is still that something on your network is being detected by cloudflare or other WAF systems as unusual activity.

We can give you as many IP's we want but something is clearly wrong.
I only mentioned Spamhaus because it was the only detected blacklist, and I agree it should play no part in web traffic.

Yesterday, on the advice of one of your support guys, I scanned al the computers on the network with Eset, which found nothing of note, and I booted all the phones off the Wi-Fi. Also on his advice, I tried to flash new firmware on the router, but messed it up and bricked it. I'll see if I can get that living again, but for now I'm using a completely different router with stock DLink firmware, on which I did a factory reset before connecting it.

I don't really see what more can be done from my end, and I'll report back if I'm still having issues.
 

abudabi

Expert Member
Joined
Aug 7, 2007
Messages
3,785
Do you have any ghost machines active on your network that you can see in DHCP getting leases but not account for as your own?
 

cobuskruger

Well-Known Member
Joined
Sep 21, 2009
Messages
184
OP never to be seen again. Perhaps he's banned from mybroadband now :unsure:
Lol. No, OP gave it a rest for Christmas and then The Wife mandated weeks of catching up on DIY that I've been putting off.

I didn't check this between Christmas and new year, but since the beginning of January I have only had IPs in the 155 range - not one of them was blocked. This still matches with my previous observations. I'm checking daily now, to see if I get another 102 range IP.

Do you have any ghost machines active on your network that you can see in DHCP getting leases but not account for as your own?
No, I did this check when I first encountered the issue. Every device was accounted for.
 

Jade @ Absolute Hosting

Absolute Hosting Representative
Company Rep
Joined
Nov 17, 2015
Messages
1,157
A bit late in the response to this so forgive me. I haven’t seen this type of behavior with any of my cool ideas assigned ip addresses so quite odd.
CISP should be able to tell exactly why that IP was blocked if they’re using the premium / paid for version of wordfence - and if they can’t see why then a ticket to wordfence support will reveal why that ip triggered a block.

for future blacklist checks use the following http://multirbl.valli.org/lookup/
 

cobuskruger

Well-Known Member
Joined
Sep 21, 2009
Messages
184
The conclusion of this: The problem went away. For a few weeks I only received 155 IP addresses, all of which worked (like all the other 155 addresses). I have had a few 102 addresses in the last week or so, and none of them was in the range where I had trouble before. And no more blocking. Since nothing changed on my end since I last had the problem, I assume it was fixed on Cool Ideas' end. If not, then it's a real mystery.
 
Top