My IP suddenly black listed - Who should I contact?

johnpoz

@prudentcircle what is your ip - send it to me in a pm and I can check the blacklist - so unless your isp changes your IP to a completely different network, if your current IP is blacklisted, it would still be blacklisted. If I know the IP range I can remove it if its on there.. And only if start seeing large amounts of spam from it again you would be fine.

MattL88

I have attempted to login to the site last night and my IP was blacklisted, can someone drop me a PM and I will send you over my IP address to have a look at it if possible?

Posting from the same ISP as I have at home just different range, I think the range at home that is been blocked was a block bought as I have had issues with it on other sites in the past.

Gertjan

@MattL88

As stated above, "not your fault".
But your ISP was elected by clients that use their IP and they got listed.
IPs are rarely blacklisted per /32, the entire /24 or even smaller will get listed.
Anyway, look outside, your neighbors, all friendly guys right ? Wrong, they do in porn, guns, drugs and other harassment. Or they were just downloading the latest Disney, and got listed.

What you can do on your side :
For ones, your famous Toctic or youtube influencer is right : get and use that VPN !
Or contact your ISP tell them they have some nasty clients doing things that are 'not allowed' (even not by them) so you have to leave them. Get a new one, one that takes care of its customers.
If you have to pay a VPN, why not paying an (other) ISP a bit more every month ?

This forum (I suppose) uses lists, exactly what pfBlockerng does : it uses lists with known bad IPs. As this forum uses NodeBB, every post get get flagged on every forum that uses NodeBB get centralized and distributed over all other NodeBB users (like Netgate, this forum).
So, again, it isn't about you, but about one or more ISP co-clients who messed up.

Whitelisting the IP (range probably) will open up this range again, and hoppa, more medoc porn guns and hateful message will get posted on other forums again ...

It's like living on a road or even village with a lot of burglars, murderers and other bad people : the entire village will have a bad name. What can you do ? Asking the local law enforcement to do something about it ? Tell these people to move away ?
No, you'll be moving .... so the problem exists as long humans exist, and it followed us also on the Internet.

Btw : I'm just a user like you, don't know nothing about this forum and how it operates. I did maintain a phpbb3 forum years ago, with just a couple of thousand active users.
Administrating this forum became very time consuming at the end. Not technically, but 'socially'.

stephenw10

You can send me your IP in chat and I'll check it.

MattL88

@stephenw10 Sent it over to you.

Sergei_Shablovsky

Need to confirm that sometimes forum ban the Cloudflare’s WARP / WARP+ public IPs that obtained on iOS devices by “1.1.1.1” official app.

Cloudflare

IP ranges

WARP IP ranges

Zero Trust not published officially.
But there are some unofficial compilations on GitHub

A little bit more about Cloudflare IPs

Sergei_Shablovsky

@stephenw10 said in My IP suddenly black listed - Who should I contact?:

You can send me your IP in chat and I'll check it.

CloudFlare public IP’s are still banned by this Netgate forum.
Is any ability to resolve this ?

P.S. But Ookla’s SpeedTest IKE2 VPN - not banned at all, in any days, at any times…

johnpoz

@Sergei_Shablovsky what IPs - please give an example of what IP was blocked.. Cloudflare owns a shit ton of IPs

Sergei_Shablovsky

@johnpoz said in My IP suddenly black listed - Who should I contact?:

@Sergei_Shablovsky what IPs - please give an example of what IP was blocked.. Cloudflare owns a shit ton of IPs

Thank You for attention and replying!

Today not banned, so when I catch the issue -> immediately sending to You in PM.

But, anyway, what the reason not adding the CloudFlare’s public IPs to white list of the forum site server ?
8*This banning not secure Your forum site server**, but only create the difficulties to users.

johnpoz

@Sergei_Shablovsky the ip you sent me 192.0.2 is not valid public IP, its a documentation range - and the IPv6 you sent is not on blacklist.

The IP you sent is part of CLOUDFLAREWARP, which is a vpn - vpns are used by bad people to spam.. But that IP is not currently blocked, but 2a09:bac5::0/32 is and the IP I show you connecting from that is IPv6 is 2606:4700 also cloudflare but not blocked

I am sorry that bad people use vpns to do spam stuff.. Don't use them if you want to post on the forum is the only thing I can suggest.

When we see spammers using a known vpn network, or something that is not a normal user connection IP, like digital ocean or any other sort of hosting site - they normally get added to the block list, to prevent them or their buddies from using that network in the future to add more spam.

Tell you what - we will remove all the blocklists if you agree to watch the forums 24/7 and delete all the spam the minute its posted ;)

It sucks that we have to do this - but I don't think the typical user understands the amount of spam this site gets.. And how much more possible spam is prevented by the block list. If didn't clean it up and delete it as soon as seen or reported.. Nobody would want to use this forum, because it wouldn't be nothing but spam!

If you are having with a legit normal user ISP network, please let us know and be happy to remove the block and deal with some extra spam.. But known vpn type IPs are just spam networks.. We do not go out of our way to block them - but when we see spam coming from them, yes they are added to the block list..

Sergei_Shablovsky

@johnpoz said in My IP suddenly black listed - Who should I contact?:

I am sorry that bad people use vpns to do spam stuff.. Don't use them if you want to post on the forum is the only thing I can suggest.

When we see spammers using a known vpn network, or something that is not a normal user connection IP, like digital ocean or any other sort of hosting site - they normally get added to the block list, to prevent them or their buddies from using that network in the future to add more spam.

Tell you what - we will remove all the blocklists if you agree to watch the forums 24/7 and delete all the spam the minute its posted ;)

It sucks that we have to do this - but I don't think the typical user understands the amount of spam this site gets.. And how much more possible spam is prevented by the block list. If didn't clean it up and delete it as soon as seen or reported.. Nobody would want to use this forum, because it wouldn't be nothing but spam!

If you are having with a legit normal user ISP network, please let us know and be happy to remove the block and deal with some extra spam.. But known vpn type IPs are just spam networks.. We do not go out of our way to block them - but when we see spam coming from them, yes they are added to the block list..

I understand and agree with most that You wrote here. And appreciate the passion, customer care and patience!

But anyway, there would be more and more peoples who using true VPNs or proxy-VPNs (like CloudFlare) to secure or speed up their internet connection.
And the same time more and more spammers using cloud-based platforms like Amazon, Azure to create VPS server with spamming bots, acting thru the 3rd side VPN services/proxies, and than kill this virtual VPS server. They create hundreds of thousands in a day.
Automatically, by schedule, with help of orchestration tools like Ansible, Terraform, k8,… for a very small amount of money.

What You doing with this automated enemy giant as user forum Security Admin?
Banning all Amazon S3 public IPs? Banning all CloudFlare public IPs? Doing this day-by-day manually by tweaking Snort/Suricata paid rules?

May be better to:

• cut off all non-democracy countries (like Iran, china, russia, etc…);
• use Suricata/Snort payed rules;
• upgrade forum engine to recognize the bots and make permanent block (even Joomla & Wordpress have a lot of extensions to automate this procedure);

Instead of banning any addresses from most famous service provider, like CloudFlare. (Here I need to note, that Netgate already have a numbers of blog post’s about integration pfSense & CloudFlare. So, this legitimate CloudFlare as trusted service for pfSense users. And of course many of them sometime starting to use WARP/WARP+ service from the CloudFlare. And…ups! Unwanted banned on official pfSense user forum…).

Is this a right way of “world's leading firewall, router, and VPN solution for network edge and cloud secure networking. With millions of installations worldwide…” as Netgate wrote in their blog?

Where am I wrong? :)