UK Vintage Radio Repair and Restoration Powered By Google Custom Search Vintage Radio and TV Service Data

Go Back   UK Vintage Radio Repair and Restoration Discussion Forum > Other Discussions > Forum Announcements and Comments

Notices

Forum Announcements and Comments Announcements about forum changes will be made in this section. All new threads here now require moderator approval.

Closed Thread
 
Thread Tools
Old 18th Jun 2022, 1:21 pm   #21
Paul Stenning
Administrator
 
Paul Stenning's Avatar
 
Join Date: Dec 2002
Location: Cardiff
Posts: 9,057
Default Re: Forum access problem

Reply from the hosting company, I'll just post it in full rather than explaining myself:

Quote:
Hi

Whilst I can't see anything from that IP, I do see something at a very similar time as the post activity, from the same VPN subnet:

/var/log/apache2/domlogs/vrforum/vintage-radio.net-ssl_log:185.54.228.21 - - [18/Jun/2022:06:47:50 +0100] "GET /favicon.ico HTTP/2" 403 699 "https://www.vintage-radio.net/forum/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0"

I suspect that the following happened:
-User connects to VPN
-User requests forum site and gets 403
-User disconnects from VPN and reloads website and gets 200 OK
-User reconnects VPN and continues to receive 200 OK from the website.
-User checks IP address

The act of disconnecting and then reconnecting to the VPN will have meant the IP address they received from the VPN provider probably changed.

The original 403 from the same VPN subnet IP of 185.54.228.21 was being blocked by our firewall.

This type of blocking occurs when multiple requests to wp-login.php which is the wp-admin login page, are called by a single IP without a successful login being made. Once a successful login is made, the IP is whitelisted for a longer period of time against this blocking.

We monitor requests like this across our platform so if multiple wp-login page loads are made to either a single site, or multiple sites on any one of our servers, if a successful login hasn't been made recently, the IP will become blocked. These requests do not actually have to be login attempts, simply loading the wp-admin (ie wp-login.php) page without having logged in, multiple times is enough to trigger the block).

Due to the extended nature of this type of blocking, it may have been on either this server or another of our servers, and won't necessarily have been because of any requests made today (or even particularly recently).

In short, other VPN users are using the VPN's IPs to attack our servers and as a result the IPs are being blocked. The VPN evidently cycles IPs for users regularly who end up receiving previously blocked IPs.

Please let us know if we can clarify further.

Best regards,

GURU Support - L2
The paragraph ending "In short,..." summarises it well.

Although the reply mentions wp-login.php and wp-admin which are Wordpress, the same will apply to other login systems.

Maybe you should find a different VPN that isn't used as extensively by hackers. Otherwise you will have to keep putting up with these issues.
__________________

Paul Stenning
Forum Admin/Owner and BVWS Webmaster
Paul Stenning is online now  
Old 18th Jun 2022, 2:03 pm   #22
paulsherwin
Moderator
 
paulsherwin's Avatar
 
Join Date: Jun 2003
Location: Oxford, UK
Posts: 27,740
Default Re: Forum access problem

It may help if you use a different address pool than Melbourne. Try pretending to be in Sydney (or New York or London, it doesn't really matter.)
Attached Thumbnails
Click image for larger version

Name:	Screenshot_2022-06-18-14-07-47.jpg
Views:	29
Size:	62.0 KB
ID:	259263  
paulsherwin is online now  
Old 18th Jun 2022, 3:30 pm   #23
Paul Stenning
Administrator
 
Paul Stenning's Avatar
 
Join Date: Dec 2002
Location: Cardiff
Posts: 9,057
Default Re: Forum access problem

In a further message the hosting company said:

Quote:
I would concur with your thoughts regarding the user and their use of this VPN - it is clear the VPN provider is allowing abusive traffic by its users.
This was in response to my comment which was:

Quote:
I think the user will just have to put up with it, or maybe choose a better VPN than Avast.
__________________

Paul Stenning
Forum Admin/Owner and BVWS Webmaster
Paul Stenning is online now  
Old 18th Jun 2022, 3:52 pm   #24
paulsherwin
Moderator
 
paulsherwin's Avatar
 
Join Date: Jun 2003
Location: Oxford, UK
Posts: 27,740
Default Re: Forum access problem

To be fair, this problem may recur with any VPN provider, and even with non VPN users with dynamic IPAs. The solution adopted by the hosting company isn't ideal. I appreciate their priority is to defend their servers though.
paulsherwin is online now  
Old 19th Jun 2022, 1:27 am   #25
Terry_VK5TM
Nonode
 
Terry_VK5TM's Avatar
 
Join Date: Oct 2010
Location: Tintinara, South Australia, Australia
Posts: 2,321
Default Re: Forum access problem

Thanks for the info, knowing that it's not actual "something is faulty" problem, I can work around it.
__________________
Terry VK5TM
https://www.vk5tm.com/
Terry_VK5TM is online now  
Old 19th Jun 2022, 8:50 am   #26
Nuvistor
Dekatron
 
Nuvistor's Avatar
 
Join Date: Aug 2013
Location: Wigan, Greater Manchester, UK.
Posts: 9,424
Default Re: Forum access problem

Mod please delete if thought inappropriate.

Some thoughts on VPN and encryption



VPN’s

They are useful if there is no trust between the client and the path to the VPN server, a reason large companies have their own private VPN servers. Using a Public WiFi is another possible reason for using one of the commercial VPN services.

Misconceptions of using a commercial VPN provider, be aware the traffic is only encrypted up to the VPN server, after that it’s carried exactly as it it sent from the client, say encrypted with SSL (HTTPS etc) or unencrypted.

Using the VPN service to hide the client IP address can be useful in some circumstances but the trust then passes to the VPN provider, they have complete access to the traffic and logs. There is no control over that information by the client, available to be sold, given away etc similar to your ISP.

Other internet traffic.
Most Web traffic is encrypted by SSL in some way between the client and server, it has its problems but on the whole quite robust. Email using IMAP or a Web client and server using HTTPS is encrypted, beware though that the path between email servers is generally not encrypted, unless progress as been made in that area.

Full encryption between sender and receiver use something like PGP, or a commercial product of the same technology, I have never used it but can understand its need in some circumstances.
__________________
Frank
Nuvistor is online now  
Old 20th Jun 2022, 11:01 pm   #27
paulsherwin
Moderator
 
paulsherwin's Avatar
 
Join Date: Jun 2003
Location: Oxford, UK
Posts: 27,740
Default Re: Forum access problem

Now we know what's been going on, it's time to close this thread.
paulsherwin is online now  
Closed Thread

Thread Tools



All times are GMT +1. The time now is 12:47 pm.


All information and advice on this forum is subject to the WARNING AND DISCLAIMER located at https://www.vintage-radio.net/rules.html.
Failure to heed this warning may result in death or serious injury to yourself and/or others.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Copyright ©2002 - 2023, Paul Stenning.