krebsonsecurity.com blocked

py

krebsonsecurity.com does not appear in any logs that I can find.
Disabling pfblockerNG and resetting states allows krebsonsecurity.com.
Removing pfblockerNG and resetting states also allows krebsonsecurity.com. "Keep Settings" was disabled.
Rebooting and reinstalling pfblockerNG and going through the initial wizard with default settings blocks krebsonsecurity.com. The only non-default setting I used was TLD and I also enabled "TOP1M Whitelist" and under "Domain count" set "Top 750k". I also entered krebsonsecurity.com at the bottom of "DNSBL Whitelist".
It is still blocked.
A possibly relevant and interesting side note: keepass.info is also blocked by default settings, but entering it in the "DNSBL Whitelist" allows it.
Any help greatly appreciated.

Gertjan

@py said in krebsonsecurity.com blocked:

krebsonsecurity com

Can resolve just fine- with or without pfblockerng-dev
So really see who blocks what : open the IP lists pfblockrng (the resolver) is using, and look up the IP or the network it's part off.
Dono what lists you are using, so this one is up to you.

But you should call them also : their web server doesn't answer on 80 or 443 : the web site is down.

keepass works fine fr me.

py

Thanks for the response,

Can resolve just fine- with or without pfblockerng-dev
So really see who blocks what : open the IP lists pfblockrng (the resolver) is using, and look up the IP or the network it's part off.

I'm not sure what good that's going to do if the whitelist feature doesn't work. It doesn't seem to make sense to remove an entire list because of one false positive.

Dono what lists you are using, so this one is up to you.

I am using the lists enabled by default after the completion of the installation wizard.

But you should call them also : their web server doesn't answer on 80 or 443 : the web site is down.

I don't understand what you mean or how this helps. Again, with pfblockerNG disabled or removed krebsonsecurity.com resolves.

Thanks,

py

@py So another site is blocked by pfblockerNG: aheadoftheherd.com.
Again, I don't find this in any of the firewall or pfblockerNG logs as being blocked, but disabling pfblockerNG allows the site to resolve.
Is this a common problem or just a noob problem? Either way I really need some help in fixing this.
THANKS!!!

Gertjan

@py said in krebsonsecurity.com blocked:

aheadoftheherd.com

See it this way : you tend visit sites that happen to have a (shared ?) IP that happens to be on a list some where.

Whitelist them ....
Or remove the feeds that lists them.

pfBlockerNG does nothing by default. Check for yourself : remove all the feeds and it becomes transparent.

billl

@py sorry for the late reply! You may have already solved this, but perhaps this can help someone else who comes here after trying to reach krebs, or something similar.

I expect the reason why whitelisting krebsonsecurity.com in DNSBL did not solve the problem for you is because DNSBL is not what is blocking you, your IP blocking is. Go to your Reports / Alerts tab, and see where the block is happening.
I expect you may see that an attempt to hit krebsonsecurity.com with a browser results in:

showing the block in the Deny section, and not in the DNSBL section.
If this is the case, instead of whitelisting the domain name in DNSBL Whitelist, try adding 130.211.45.45/32 to the IP / IPv4 Suppression list.
Works for me.

For the record, ipinfo.io confirms that krebsonsecurity.com is among the domain names hosted at 130.211.45.45.