Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    krebsonsecurity.com blocked

    Scheduled Pinned Locked Moved pfBlockerNG
    6 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      py
      last edited by

      krebsonsecurity.com does not appear in any logs that I can find.
      Disabling pfblockerNG and resetting states allows krebsonsecurity.com.
      Removing pfblockerNG and resetting states also allows krebsonsecurity.com. "Keep Settings" was disabled.
      Rebooting and reinstalling pfblockerNG and going through the initial wizard with default settings blocks krebsonsecurity.com. The only non-default setting I used was TLD and I also enabled "TOP1M Whitelist" and under "Domain count" set "Top 750k". I also entered krebsonsecurity.com at the bottom of "DNSBL Whitelist".
      It is still blocked.
      A possibly relevant and interesting side note: keepass.info is also blocked by default settings, but entering it in the "DNSBL Whitelist" allows it.
      Any help greatly appreciated.

      P 1 Reply Last reply Reply Quote 1
      • GertjanG
        Gertjan
        last edited by

        @py said in krebsonsecurity.com blocked:

        krebsonsecurity com

        Can resolve just fine- with or without pfblockerng-dev
        So really see who blocks what : open the IP lists pfblockrng (the resolver) is using, and look up the IP or the network it's part off.
        Dono what lists you are using, so this one is up to you.

        But you should call them also : their web server doesn't answer on 80 or 443 : the web site is down.

        keepass works fine fr me.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        P 1 Reply Last reply Reply Quote 1
        • P
          py @Gertjan
          last edited by

          Thanks for the response,

          Can resolve just fine- with or without pfblockerng-dev
          So really see who blocks what : open the IP lists pfblockrng (the resolver) is using, and look up the IP or the network it's part off.

          I'm not sure what good that's going to do if the whitelist feature doesn't work. It doesn't seem to make sense to remove an entire list because of one false positive.

          Dono what lists you are using, so this one is up to you.

          I am using the lists enabled by default after the completion of the installation wizard.

          But you should call them also : their web server doesn't answer on 80 or 443 : the web site is down.

          I don't understand what you mean or how this helps. Again, with pfblockerNG disabled or removed krebsonsecurity.com resolves.

          Thanks,

          1 Reply Last reply Reply Quote 0
          • P
            py @py
            last edited by

            @py So another site is blocked by pfblockerNG: aheadoftheherd.com.
            Again, I don't find this in any of the firewall or pfblockerNG logs as being blocked, but disabling pfblockerNG allows the site to resolve.
            Is this a common problem or just a noob problem? Either way I really need some help in fixing this.
            THANKS!!!

            billlB 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan
              last edited by

              @py said in krebsonsecurity.com blocked:

              aheadoftheherd.com

              See it this way : you tend visit sites that happen to have a (shared ?) IP that happens to be on a list some where.

              Whitelist them ....
              Or remove the feeds that lists them.

              pfBlockerNG does nothing by default. Check for yourself : remove all the feeds and it becomes transparent.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • billlB
                billl @py
                last edited by

                @py sorry for the late reply! You may have already solved this, but perhaps this can help someone else who comes here after trying to reach krebs, or something similar.

                I expect the reason why whitelisting krebsonsecurity.com in DNSBL did not solve the problem for you is because DNSBL is not what is blocking you, your IP blocking is. Go to your Reports / Alerts tab, and see where the block is happening.
                I expect you may see that an attempt to hit krebsonsecurity.com with a browser results in:
                krebsBlock.png
                showing the block in the Deny section, and not in the DNSBL section.
                If this is the case, instead of whitelisting the domain name in DNSBL Whitelist, try adding 130.211.45.45/32 to the IP / IPv4 Suppression list.
                Works for me.

                For the record, ipinfo.io confirms that krebsonsecurity.com is among the domain names hosted at 130.211.45.45.
                krebsBlockDomains.png

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.