Jump to content
Jay12

My site using cloudflare is being blocked

Recommended Posts

My users have reported that malware bytes is blocking my website , the site uses cloudflare

ips reported are :

199.27.135.14

173.245.60.80

Share this post


Link to post
Share on other sites

Hi,

I also got the same IP Block, the Ip's that were blocked were:

199.27.135.184

141.101.124.185

I did reversedns on the IP's and they were linked to cloudflare.

Share this post


Link to post
Share on other sites

Heres a full list of the ip ranges:

IPv4

204.93.240.0/24

204.93.177.0/24

199.27.128.0/21

173.245.48.0/20

103.22.200.0/22

141.101.64.0/18

108.162.192.0/18

190.93.240.0/20

Also available as a IPv4 text list.

IPv6

2400:cb00::/32

2606:4700::/32

2803:f800::/32

Also available as a IPv6 text list.

Share this post


Link to post
Share on other sites
Guest

Hi,

I also got the same IP Block, the Ip's that were blocked were:

199.27.135.184

141.101.124.185

I did reversedns on the IP's and they were linked to cloudflare.

Im also recieving the exact same two IP's in my alerts, what services are using cloudflare ?

Share this post


Link to post
Share on other sites

This is being worked on, thank you.

Share this post


Link to post
Share on other sites

here is some more cloudflare ip's still being blocked:

199.27.135.243

141.101.124.244

199.27.135.22

141.101.124.232

173.245.60.121

141.101.124.136

Share this post


Link to post
Share on other sites

You don't need to post these, I'm already aware of them and am awaiting a response from CloudFlare.

Share this post


Link to post
Share on other sites

Will you update this thread when this has been resolved, thankyou.

I will, yes.

Share this post


Link to post
Share on other sites

I will, yes.

Much appreciated. Any kind of timescale i can tell my members that use Malware bytes or do we wait......

Share this post


Link to post
Share on other sites

Hello Malwarebytes smile.png

It's been a while since my last visit here. Just wanted to confirm that I am getting the same blocks.

Share this post


Link to post
Share on other sites

This is still being worked on (no time frame yet).

Share this post


Link to post
Share on other sites

We have the same problem malwaresbytes is detecting the CDN cloudflare as a suspected malware and our visitors are claiming about this

here is our ips :

141.101.124.119

199.27.135.118

thank you

Share this post


Link to post
Share on other sites

Please do not post duplicate posts (your other post has been removed).

I am aware of this and trying to work with CloudFlare to resolve the matter.

Share this post


Link to post
Share on other sites

I'm getting a similar message. I'm one of the website administrators for www (dot) occupytacoma (dot) org, and not so long ago, we were recently hacked in an attempt to take us off line. It took us nearly a couple of weeks to get back on line. Perhaps a bit of my mystery is that www (dot) occupytacoma (dot) org now redirects to a temporary mirror at www (dot) occupy-tacoma (dot) org while we're cleaning up the old SQL database. As far as I know, our ISP does not use CloudFlare, so I'm really puzzled.

I am using the "(dot)" in my messages because this is my first posting on this forum, and I did not want to look like a spammer

Here are some of the IPs:

173.245.60.81

199.27.135.15

Regards,

Alan OldStudent

Share this post


Link to post
Share on other sites

I'm getting a similar message. I'm one of the website administrators for www (dot) occupytacoma (dot) org, and not so long ago, we were recently hacked in an attempt to take us off line. It took us nearly a couple of weeks to get back on line. Perhaps a bit of my mystery is that www (dot) occupytacoma (dot) org now redirects to a temporary mirror at www (dot) occupy-tacoma (dot) org while we're cleaning up the old SQL database. As far as I know, our ISP does not use CloudFlare, so I'm really puzzled.

I am using the "(dot)" in my messages because this is my first posting on this forum, and I did not want to look like a spammer

Here are some of the IPs:

173.245.60.81

199.27.135.15

Regards,

Alan OldStudent

With the greatest of respect this thread is for reporting cloudflare related issues.

If you have issues that are not cloudflare related as yours appear not to be, then maybe you should start a new thread.

Share this post


Link to post
Share on other sites

There is some sort of answer at Wilders: http://www.wildersse...ad.php?t=321912 (#10)

Yep, basically, as far as they're concerned, they're not the host so aren't responsible for whatever their "customers" get up to (the argument being it just pushes the problem to someone else's lap). However, it is their service being mis-used, which whether they like it or not, makes them responsible too, and means they need to enforce their AUP/ToS.

Yes, they did block a few URLs (and even then, not until after the IPs were blocked - they refused to do anything prior to that, regardless of the fact they'd been given evidence to show what was happening in those cases), but again, that's not good enough as all the bad guys need to do is change the filenames or stick the malicious code in other files - something they've already done, and are in the process of doing in two on-going cases (dedicated drive-by sites).

And this is just a small part of a much larger issue with them (not going into that yet however).

Their last e-mail to me was Thu 12/04/2012 00:07, and whilst I've replied, there's been nothing from them since. Put simply, unless their attitude towards abuse changes, it is highly unlikely they'll be unblocked any time soon.

Share this post


Link to post
Share on other sites

With the greatest of respect this thread is for reporting cloudflare related issues.

If you have issues that are not cloudflare related as yours appear not to be, then maybe you should start a new thread.

It is related.

Share this post


Link to post
Share on other sites

As far as I know, our ISP does not use CloudFlare, so I'm really puzzled.

Regards,

Alan OldStudent

I read this and assumed he meant that his hosting was not usinfg cloudflare.

Share this post


Link to post
Share on other sites

With the greatest of respect this thread is for reporting cloudflare related issues.

If you have issues that are not cloudflare related as yours appear not to be, then maybe you should start a new thread.

I appreciate your concern and dislike off-topic posts as much as you do too. Perhaps I did not express myself as clearly as I could have.

My point was that the reference to CloudFlare mystified me as I think it is not being used by either of our ISPs. So why would MWB throw up a warning about CloudFlare when one goes to my site?

Regards,

Alan OldStudent

Share this post


Link to post
Share on other sites

Yep, basically, as far as they're concerned, they're not the host so aren't responsible for whatever their "customers" get up to (the argument being it just pushes the problem to someone else's lap). However, it is their service being mis-used, which whether they like it or not, makes them responsible too, and means they need to enforce their AUP/ToS. Put simply, unless their attitude towards abuse changes, it is highly unlikely they'll be unblocked any time soon.

I understand your position but I wonder what the consequence is for the end-user? In my case I notice these alerts primarily when I go to my banking site and ignore it. However if the impression is that these alerts can pop up "nilly-willy" affecting bad sites as well as good sites, then how much am I supposed to value them? It seems to me that not due to Malwarebytes fault, the module may not be as useful or usable as originally planned. In a way it is like blocking all US sites by domain because a lot of bad sites are hosted in the US - I think that approach would not fly.

Share this post


Link to post
Share on other sites

Whilst I appreciate the problem, I'm actually a little concerned that a bank would be calling a site that is using CloudFlare to begin with, as this isn't something a bank should be doing.

The problem here is one of risk factors, and the risk of leaving it unblocked is far higher than the potential inconveniences of blocking it. I realize this sounds harsh, and blocking CDNs is not something I do lightly, but CloudFlare were given many chances prior to the block being put in place - alot more than I'd normally give.

Share this post


Link to post
Share on other sites

Interesting - so do I take it that irrespective of the lack of cooperation in this case you do not "believe" in their marketing that they are actually providing security apart from speed enhancements?

https://www.cloudflare.com/features-security

I am not savvy enough to judge this but I know if I started to talk to my bank about this issue, I would get nowhere. :unsure:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.