Jump to content
Jay12

My site using cloudflare is being blocked

By Jay12, in Website Blocking

Recommended Posts

Jay12   

Jay12
Posted

My users have reported that malware bytes is blocking my website , the site uses cloudflare

ips reported are :

199.27.135.14

173.245.60.80

Share this post

Link to post
Share on other sites

Somethngcreative   

Somethngcreative
Posted

Hi,

I also got the same IP Block, the Ip's that were blocked were:

199.27.135.184

141.101.124.185

I did reversedns on the IP's and they were linked to cloudflare.

Share this post

Link to post
Share on other sites

Jay12   

Jay12
Posted

Heres a full list of the ip ranges:

IPv4

204.93.240.0/24

204.93.177.0/24

199.27.128.0/21

173.245.48.0/20

103.22.200.0/22

141.101.64.0/18

108.162.192.0/18

190.93.240.0/20

Also available as a IPv4 text list.

IPv6

2400:cb00::/32

2606:4700::/32

2803:f800::/32

Also available as a IPv6 text list.

Share this post

Link to post
Share on other sites

Guest   

Guest
Posted

Hi,

I also got the same IP Block, the Ip's that were blocked were:

199.27.135.184

141.101.124.185

I did reversedns on the IP's and they were linked to cloudflare.

Im also recieving the exact same two IP's in my alerts, what services are using cloudflare ?

Share this post

Link to post
Share on other sites

MysteryFCM   

MysteryFCM
Posted

This is being worked on, thank you.

Share this post

Link to post
Share on other sites

JordanElliott   

JordanElliott
Posted

here is some more cloudflare ip's still being blocked:

199.27.135.243

141.101.124.244

199.27.135.22

141.101.124.232

173.245.60.121

141.101.124.136

Share this post

Link to post
Share on other sites

MysteryFCM   

MysteryFCM
Posted

You don't need to post these, I'm already aware of them and am awaiting a response from CloudFlare.

Share this post

Link to post
Share on other sites

MysteryFCM   

MysteryFCM
Posted

Will you update this thread when this has been resolved, thankyou.

I will, yes.

Share this post

Link to post
Share on other sites

Jay12   

Jay12
Posted

I will, yes.

Much appreciated. Any kind of timescale i can tell my members that use Malware bytes or do we wait......

Share this post

Link to post
Share on other sites

_Rich   

_Rich
Posted

Hello Malwarebytes smile.png

It's been a while since my last visit here. Just wanted to confirm that I am getting the same blocks.

Share this post

Link to post
Share on other sites

MysteryFCM   

MysteryFCM
Posted

This is still being worked on (no time frame yet).

Share this post

Link to post
Share on other sites

Karim   

Karim
Posted

We have the same problem malwaresbytes is detecting the CDN cloudflare as a suspected malware and our visitors are claiming about this

here is our ips :

141.101.124.119

199.27.135.118

thank you

Share this post

Link to post
Share on other sites

MysteryFCM   

MysteryFCM
Posted

Please do not post duplicate posts (your other post has been removed).

I am aware of this and trying to work with CloudFlare to resolve the matter.

Share this post

Link to post
Share on other sites

alan_oldstudent   

alan_oldstudent
Posted

I'm getting a similar message. I'm one of the website administrators for www (dot) occupytacoma (dot) org, and not so long ago, we were recently hacked in an attempt to take us off line. It took us nearly a couple of weeks to get back on line. Perhaps a bit of my mystery is that www (dot) occupytacoma (dot) org now redirects to a temporary mirror at www (dot) occupy-tacoma (dot) org while we're cleaning up the old SQL database. As far as I know, our ISP does not use CloudFlare, so I'm really puzzled.

I am using the "(dot)" in my messages because this is my first posting on this forum, and I did not want to look like a spammer

Here are some of the IPs:

173.245.60.81

199.27.135.15

Regards,

Alan OldStudent

Share this post

Link to post
Share on other sites

Jay12   

Jay12
Posted

I'm getting a similar message. I'm one of the website administrators for www (dot) occupytacoma (dot) org, and not so long ago, we were recently hacked in an attempt to take us off line. It took us nearly a couple of weeks to get back on line. Perhaps a bit of my mystery is that www (dot) occupytacoma (dot) org now redirects to a temporary mirror at www (dot) occupy-tacoma (dot) org while we're cleaning up the old SQL database. As far as I know, our ISP does not use CloudFlare, so I'm really puzzled.

I am using the "(dot)" in my messages because this is my first posting on this forum, and I did not want to look like a spammer

Here are some of the IPs:

173.245.60.81

199.27.135.15

Regards,

Alan OldStudent

With the greatest of respect this thread is for reporting cloudflare related issues.

If you have issues that are not cloudflare related as yours appear not to be, then maybe you should start a new thread.

Share this post

Link to post
Share on other sites

MysteryFCM   

MysteryFCM
Posted

There is some sort of answer at Wilders: http://www.wildersse...ad.php?t=321912 (#10)

Yep, basically, as far as they're concerned, they're not the host so aren't responsible for whatever their "customers" get up to (the argument being it just pushes the problem to someone else's lap). However, it is their service being mis-used, which whether they like it or not, makes them responsible too, and means they need to enforce their AUP/ToS.

Yes, they did block a few URLs (and even then, not until after the IPs were blocked - they refused to do anything prior to that, regardless of the fact they'd been given evidence to show what was happening in those cases), but again, that's not good enough as all the bad guys need to do is change the filenames or stick the malicious code in other files - something they've already done, and are in the process of doing in two on-going cases (dedicated drive-by sites).

And this is just a small part of a much larger issue with them (not going into that yet however).

Their last e-mail to me was Thu 12/04/2012 00:07, and whilst I've replied, there's been nothing from them since. Put simply, unless their attitude towards abuse changes, it is highly unlikely they'll be unblocked any time soon.

Share this post

Link to post
Share on other sites

MysteryFCM   

MysteryFCM
Posted

With the greatest of respect this thread is for reporting cloudflare related issues.

If you have issues that are not cloudflare related as yours appear not to be, then maybe you should start a new thread.

It is related.

Share this post

Link to post
Share on other sites

Jay12   

Jay12
Posted

As far as I know, our ISP does not use CloudFlare, so I'm really puzzled.

Regards,

Alan OldStudent

I read this and assumed he meant that his hosting was not usinfg cloudflare.

Share this post

Link to post
Share on other sites

alan_oldstudent   

alan_oldstudent
Posted

With the greatest of respect this thread is for reporting cloudflare related issues.

If you have issues that are not cloudflare related as yours appear not to be, then maybe you should start a new thread.

I appreciate your concern and dislike off-topic posts as much as you do too. Perhaps I did not express myself as clearly as I could have.

My point was that the reference to CloudFlare mystified me as I think it is not being used by either of our ISPs. So why would MWB throw up a warning about CloudFlare when one goes to my site?

Regards,

Alan OldStudent

Share this post

Link to post
Share on other sites

tomoz   

tomoz
Posted

Yep, basically, as far as they're concerned, they're not the host so aren't responsible for whatever their "customers" get up to (the argument being it just pushes the problem to someone else's lap). However, it is their service being mis-used, which whether they like it or not, makes them responsible too, and means they need to enforce their AUP/ToS. Put simply, unless their attitude towards abuse changes, it is highly unlikely they'll be unblocked any time soon.

I understand your position but I wonder what the consequence is for the end-user? In my case I notice these alerts primarily when I go to my banking site and ignore it. However if the impression is that these alerts can pop up "nilly-willy" affecting bad sites as well as good sites, then how much am I supposed to value them? It seems to me that not due to Malwarebytes fault, the module may not be as useful or usable as originally planned. In a way it is like blocking all US sites by domain because a lot of bad sites are hosted in the US - I think that approach would not fly.

Share this post

Link to post
Share on other sites

MysteryFCM   

MysteryFCM
Posted

Whilst I appreciate the problem, I'm actually a little concerned that a bank would be calling a site that is using CloudFlare to begin with, as this isn't something a bank should be doing.

The problem here is one of risk factors, and the risk of leaving it unblocked is far higher than the potential inconveniences of blocking it. I realize this sounds harsh, and blocking CDNs is not something I do lightly, but CloudFlare were given many chances prior to the block being put in place - alot more than I'd normally give.

Share this post

Link to post
Share on other sites

tomoz   

tomoz
Posted

Interesting - so do I take it that irrespective of the lack of cooperation in this case you do not "believe" in their marketing that they are actually providing security apart from speed enhancements?

https://www.cloudflare.com/features-security

I am not savvy enough to judge this but I know if I started to talk to my bank about this issue, I would get nowhere. :unsure:

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept