Am I being blocked?


RobJ

Recommended Posts

I'm not a networking expert, would like to hear from others, as this is the first time something like this has ever happened to me.

 

Sometime on Monday November 21, 2016, around 2pm EST, I checked my wiki user page and got a "403 Forbidden" notice instead.  I was a bit shocked, but figured I'd made a simple mistake somewhere.  The forum pages were fine, so it wasn't the LimeTech servers... but a few minutes later nothing on lime-technology.com was reachable, not the wiki pages, or forum boards, or even the main LimeTech site.  I figured the servers had gone down.  I tried pinging them (lime-technology.com, 216.119.154.106) and no response.  Checked a few things on my end, just to make sure no issues on my end, and everything was fine.  And I had no issues reaching anything else.  Checked the domain to see if it had 'inadvertently' expired, and no problems there.  Felt a bit empty without my unRAID fix ...  Kept pinging it, expecting it to come back up, but no dice.

 

Then I received an email notifying me of a reply on a forum thread!  And another!  Yet my pings were still failing.  That meant the LimeTech server was up and working, but I couldn't reach it.  So I checked more things, found nothing, logged into the router, found no issues, then used its tools to ping (thinking maybe it's my machine has been hacked), and the router's ping failed too.  I then noticed that there was a router update, with 2 or 3 security vulnerabilities fixed, so updated it ... and suddenly I could reach lime-technology.com!  My user page was still "403 Forbidden" but the other wiki pages were fine, and the forum pages were fine ... for about 15 minutes!  Then just as suddenly nothing worked again, no response to pings even from the router.  I tried tracert's, and got past Frontier, past Level3, and into gtt.net, but there it died, every time.  Finally, thinking about what was different and what to test, realized that when it rebooted after the update, I was given a new IP by Frontier.  Obviously, the idea that someone was blocking my IP was ridiculous, but I try to be thorough, so tested it by rebooting the router again ... and it worked, again!  Still forbidden on my user page, but full access everywhere else.  This time, access lasted about an hour, before it was gone again.  I'm writing this offline now, so I can post it quickly once reconnected with still a newer IP.

 

Here are 2 tracert's and pings.  The first is when it worked, the second is when didn't.  Both are typical.

C:\Windows\system32>tracert lime-technology.com

 

Tracing route to lime-technology.com [216.119.154.106]

over a maximum of 30 hops:

 

  1    <1 ms    <1 ms    <1 ms  192.168.1.1

  2    4 ms    4 ms    3 ms  47.200.96.1

  3    9 ms    6 ms    6 ms  172.99.43.94

  4    9 ms    9 ms    9 ms  ae8---0.scr02.mias.fl.frontiernet.net [74.40.3.73]

  5    10 ms    9 ms    9 ms  ae1---0.cbr01.mias.fl.frontiernet.net [74.40.1.126]

  6    *        9 ms    9 ms  lag-101.ear3.Miami2.Level3.net [4.15.156.29]

  7    8 ms    9 ms    9 ms  GTT-level3-40G.Miami2.Level3.net [4.68.127.154]

  8    23 ms    24 ms    24 ms  xe-9-2-0.atl12.ip4.gtt.net [89.149.128.110]

  9    23 ms    24 ms    24 ms  as32780.ae6-108.cr2.atl1.us.as4436.gtt.net [198.47.120.26]

10    23 ms    24 ms    24 ms  atl-d-10.cloudsites.vps.net [216.119.154.106]

 

Trace complete.

 

C:\Windows\system32>ping lime-technology.com

 

Pinging lime-technology.com [216.119.154.106] with 32 bytes of data:

Reply from 216.119.154.106: bytes=32 time=25ms TTL=52

Reply from 216.119.154.106: bytes=32 time=24ms TTL=52

Reply from 216.119.154.106: bytes=32 time=23ms TTL=52

Reply from 216.119.154.106: bytes=32 time=25ms TTL=52

 

Ping statistics for 216.119.154.106:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 23ms, Maximum = 25ms, Average = 24ms

That looked good.  This one doesn't.

C:\Windows\system32>tracert lime-technology.com

 

Tracing route to lime-technology.com [216.119.154.106]

over a maximum of 30 hops:

 

  1    <1 ms    <1 ms    <1 ms  192.168.1.1

  2    4 ms    4 ms    4 ms  47.200.96.1

  3    6 ms    7 ms    7 ms  172.99.43.94

  4    9 ms    9 ms    9 ms  ae8---0.scr02.mias.fl.frontiernet.net [74.40.3.73]

  5    21 ms    9 ms    9 ms  ae1---0.cbr01.mias.fl.frontiernet.net [74.40.1.126]

  6    *        9 ms    9 ms  lag-101.ear3.Miami2.Level3.net [4.15.156.29]

  7    8 ms    9 ms    9 ms  GTT-level3-40G.Miami2.Level3.net [4.68.127.154]

  8    23 ms    24 ms    23 ms  xe-9-2-0.atl12.ip4.gtt.net [89.149.128.110]

  9    25 ms    24 ms    24 ms  as32780.ae6-108.cr2.atl1.us.as4436.gtt.net [198.47.120.26]

10    *        *        *    Request timed out.

11    *        *        *    Request timed out.

12    *        *        *    Request timed out.

13    *        *        *    Request timed out.

14    *        *        *    Request timed out.

15    *        *        *    Request timed out.

16    *    ^C

C:\Windows\system32>ping lime-technology.com

 

Pinging lime-technology.com [216.119.154.106] with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

 

Ping statistics for 216.119.154.106:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

My IP's:

- 47.200.107.174  (the starting one)

- 47.200.104.16  (worked for about 15 minutes)

- 47.200.96.122  (worked for about an hour)

- 47.200.96.122  (current one, access came back! same IP! ???)

 

Anyone have any ideas?  My packets are getting as far as gtt.net, so it's either gtt.net, vps.net, or lime-technology.com that's blocking/dropping them.  When I get a new IP, everything is reachable, for a time.  And then there's the 'forbidden' problem, might be a separate issue but happened at about the same time.

 

One concern of mine is that lately I've been banning Russian spammers like crazy, off the unRAID forums.  I'm not normally a paranoid person, but it does look like I've been targeted.  Lately, we've been under attack by a major Russian outfit, owning hundreds maybe thousands of IP's, and most of their spam has been blocked before appearing on the boards.  (Yes I know a few have gotten through, but we hadn't seen the particular IP's, user names, and emails these used.)

 

Well, access came back on the same IP!  Now I'm completely confused!  Let's see how long this access lasts.  Still forbidden though.

Link to comment

Lost access again after another hour, and had trouble getting a new IP, finally got one now, not sure for how long.  ISP kept giving me the same one.

 

I've a new theory.  I checked other wiki user pages, and they are all forbidden ("403 Forbidden" page returned).  Then shortly after doing that, I lost access and that IP could never again ping lime-technology.com.  So perhaps it's a change in the wiki configuration that results in the User pages being Forbidden, and if you visit them then the web site or hosting software automatically 'forbids' your IP.  I suppose someone could test that theory, but if you do and *if* this theory is correct, then you don't want to do that with a static IP, or even with a dynamic IP unless you are *sure* you can get a new one, or you won't be able to visit lime-technology.com.  For now, I'll avoid the user pages and see what happens, but that's an inconvenience as I used mine as a start page, with links to most every wiki page I wanted to get back to or had worked on.

 

VPN: good idea, but no, I never have used one yet.  And I don't do anything illegal or even shady, no reason at all to be blocked.

 

My ISP is now Frontier, they bought up the Verizon accounts around here.  Router load appears light, very normal as far as I know.  My router is an ASUS RT-AC66W, up to date firmware.  Someday I want to try Merlin on it, but haven't yet.

 

I do appreciate the kind responses, really wish this thing was over!

 

Edit: I mistakenly called the User pages 'talk' pages

Link to comment

Is this all happening from one workstation on your network?

 

Do you have a different machine or laptop you can check?  Something new and malicious might be on that PC?

 

I would rule out local workstation issues first.

 

That's why I went to the router, and used its tools to ping and tracert.  Its results have been identical.  That removed any compromised workstation effects.  Then I upgraded the firmware, which generally has a high probability of removing any current hacks and malware from the router.  As it is, once I get a new IP, access is regained, which seems to rule out local malware, which shouldn't care what my IP is.  And if you look above, you can see in the tracert reports, where my packets are getting far beyond the local network, far beyond the local regions even, all the way to gtt.net servers.  It's at that last leg that the failure happens, so I can see no other conclusion but that an end server (or very near the end) is making the decision to pass or block my packets based on their IP.

 

Since I've avoided going to any unRAID wiki user pages, my IP has been fine, so my last theory is still holding up.  To confirm it, I need to either have someone else with a disposable IP go to a user page and see if they are quickly blocked from lime-technology.com, or figure out how to do it on my smart phone using its data link (just need to figure out how to do pings and tracert's on it when I have time).

 

My own User page is:  http://lime-technology.com/wiki/index.php/User:RobJ

Another is:  http://lime-technology.com/wiki/index.php/User:limetech

 

Just remember that if my theory is correct, if you try this you will be blocked from accessing lime-technology.com(!), and will have to get a new IP.  Be sure you know how to do that!

 

Edit: I mistakenly called the User pages 'talk' pages

Link to comment

Since I've avoided going to any unRAID wiki talk pages, my IP has been fine, so my last theory is still holding up.  To confirm it, I need to either have someone else with a disposable IP go to a talk page and see if they are quickly blocked from lime-technology.com, or figure out how to do it on my smart phone using its data link (just need to figure out how to do pings and tracert's on it when I have time).

 

Just tried and get the 403 forbidden but can still access the forum after.

Link to comment

Just tried and get the 403 forbidden but can still access the forum after.

 

I get the same via an IP that is behind the Chinese Great Firewall that is CG Natted.  (every 48 hours the IP address changes anyway so it would self heal) If I can get out from China, most anywhere else is easy.

 

This is via a Netgear R6300V2 router that is running DD-WRT v3 r28600M.

Link to comment

I appreciate the testing!  I've just tried with my phone, and it's still working too.

 

Well ... nuts!  Now I don't know what happened, and still unsure I want to try again with my main machine.

 

The problem began about the same time the talk user pages became "403 Forbidden".  I know because I often monitor for wiki changes, and I do that through my talk user page.  It suddenly was forbidden, and a few minutes later, I lost my access to lime-technology.com.  I don't have any more ideas ...

 

Edit: My apologies, somehow I got user pages and talk pages mixed up.  My talk page is fine, so now I'm using it instead.

Link to comment
  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.