SOLVED:inability to log into forum-false positives vs blacklisted: on security

[vjeko]

ive been enduring some trouble logging in to pclinuxos.com forum and even the main page, in a way that even if i log in and set as

not logged in indefinitely and ask for password every 60 minutes only, if i remember the session, later on during firefox restore session im not allowed to access the forum, saying access not allowed, apache warning on a white page, while if i try accessing the www.pclinuxos.com, i get the apache under routine maintenance/server experiencing trouble, please try again later or contact the site administrator. i thought that 60 minutes log in time out would reset the block, but often even 12 hrs pass till i get allowed to connect at all.
btw, it would be much better security wise that the default log in option is stay logged in only 60 minutes, instead of the presently set stay logged in indefinitely, for various reasons.

even if i log out manually on one tab, while having more forum tabs open, i can not log in later on, even if i clear all the history, cookies, whatever there is.

ive got more than one modem network access points with different ISPs, mostly using a single NIC on both (my laptop), rarely another computer.

ive tried clearing the cache, restarting my connection by acquiring the new ip, i tried using the private browsing option, and still the trouble persist. im not even sure that changing the ISP works (using a different modem which are located in few different physical locations and thats not convenient due to working hours, present schedule, etc- irrelevant).

seems that there is a two way communication/authentication checking, so not only the local cache with the cookies and saved password/session authorisation, but also pclos.com server authorisation checking against logged either IP or the lowest common denominator in terms of MAC filtering or something similar, and then implementing the firewall/authorisation policy, thus disabling me the log in option and accessing the main site www.pclinuxos.com as any regular common user roaming around, getting the install iso, magazine or just reading on the interest.

so, to summarise, there is some strange magic going on, im aware of the thread saying trouble connecting and saying of new security/connection/authorisation management, its a great thing its there and it definitely has to be, but this is a clear example of a false positive.

so, id like the admins/powers that be to get me some clear instructions how to avoid the described condition occurring again, or try amending the policies, cause this is really annoying and is a big deterant for me.

i wonder if there were more folks with the similar problem, how you solved it, so anyone ideas please

thanks    

[Old-Polack]

V:

I've just checked the ban and error logs, and there is nothing to indicate that your problems are caused by our settings. Possibly your problem arises from your DNS server, or some setting on your browser. When a user tries to log in, and fails, an error is logged, and the reason for the error spelled out. There are no errors of any kind associated with your user name, IP, or mail address, which are the only things that can trigger a denial from our side. 

[vjeko]

thanks for the follow up and prompt response, op.

to specify even further, as goes:

im mostly using two different ISPs with two different modems:

1) same computer using windows one ISPs

2) same computer under linux, with a second ISPs

using both, i could and have accessed both the forum and the main page without trouble (especially linux, i have not noticed
log in problem i was experiencing).

using any of the two access points, each time i connect i get a different IP, since any ISP is charging extra for having the
user assigned the static IP address, as if there were no dynDNS.com , so the only common thing during usage of both places is
the computers NIC MAC address, since that ip is NOT static.

as forced to use windows in case 1, there is a certain driver i have to keep that makes my comp die (bsod- the most famous m$
advertisement during the decades of their sorry existence), and when that happens, i cant get back to the forum.

i ll specify the actions once again:

1.if restore session used, locally stored cookies with the data from the previous session is used withing the log in time,
          for example 60 or 120 minutes ---- not possible to log in and access denied to both the forum and the main page

2. if i do a new firefox session, clear the cache and history, passwords and all there is to clear, and even if i try the private
          browsing mode after doing that, it still dont let me access the sites

3. what ive noticed is that the trouble goes away on its own after irregular amount of time, sometimes its 6 hours, sometimes 12 or
          more, so i have not managed to discover what it could be related to

4. one thing im a bit surprised with is the fact that if i forget to log off while in linux, i have to log in while in windows,
          and vice versa, even if i manage to get in and log in, roam around and later on log out, the session (was set like that
          in the past, to indefinite- forever) that remained open in linux under different ip address is automatically logged in,
          like i never left and session cookies never expired.

so, i largely doubt that it has any to do with my net settings, dns or any, cause i have managed to connect successfully, but after
a session breakdown, i get the shov off warning, eg cant get in and the page shows the apache default page.

having all layed down, could you please follow up and propose action in order to avoid this in the future.

my action so far is to log in and set logged in for 60 minutes only, and log out by hand, if possible (in case the damn M$ dont
break on its own by bsod.

the issue is really annoying, to be mild

thanks

[Old-Polack]

V:

I seem to have found the basic source of your problem. I would suggest you look for another ISP. 

So far, to date, these are the IP addresses you have had, at various times, when trying to access the forum.

Code: [Select]

109.60.24.29
109.60.26.167
109.60.28.43
212.15.172.87          # Spammer Address
212.15.173.188 # Spammer Address
212.15.177.191
212.15.177.33
212.15.177.9 # Spammer Address
77.237.100.97 # Spammer Address
77.237.105.13 # Spammer Address
77.237.106.135 # Spammer Address
77.237.117.109 # Spammer Address
77.237.118.140
89.164.106.41
89.201.234.45
94.253.229.120
94.253.235.26

Those that have # Spammer Address next to them are IP addresses known to be sending out spam, and are banned. Every new registration is checked for any history of spamming, and those that show up in the checking process are automatically banned. The list grows daily.

If your ISP is host to a spammer, or numerous spammers, and assigns random IP addresses in a rotating fashion, eventually all IP addresses assigned to that ISP will be banned, and no one to whom they provide service will be able to register or log in.

Being as this forum was taken down by spammers, just a short while ago, and had to be rebuilt on a new server, don't look for any easing up on our spammer control policies. If anything they will be tightened, rather than loosened.

You did receive two error messages, not connected to spammer activity, yesterday at 02:52:45 PM, when the forum was temporarily down for service/adjustment, or overloaded with traffic, and the connection timed out.

http://www.pclinuxos.com/forum/index.php?action=post2;start=15;board=26
unable to connect to mail.pclinuxonline.com:25 (Connection timed out)

http://www.pclinuxos.com/forum/index.php?action=post2;start=15;board=26
Could not connect to SMTP host: 110 : Connection timed out

[vjeko]

now thats something, we re getting somewhere.

the thing is this:

im using mostly the 3g umts modem usb stick and cable tv modem to access the net. the 3g umts thingiehas the ip changed when one connects fresh, cable tv modem being online 24/7, having his IP changed every day or so, as per ISP settings, i explained why.
the 212 should the the umts modem, i think. im still on the contract with them for the next few months. they have advertised as having spam protection, virus protection and some other services for auto checking all the data flow on their network for their users, as advertised on their home page. its the biggest ISP in the country, having vodafone as their major, in world wide terms, so its not some local kid or small business. i cant possibly complain to the ISP cause they will tell me just reconnect fresh, you get the new ip and hope for the best (which i dont like in any way).

having said that, you are well aware that large majority of people dont have static IP assigned to them by their respected ISP, but are rather changed (as you say rotated, in case their network settings/IP range lease doesnt change), so the IP is valid only for the live connection, eg IP address at that point of time, since the same MAC will acquire a different IP in, say 5 days time, while someone else will get the initial IP
and be flagged by your system as a spammer/violator of any kind.

im not sure how the IP list youre using was generated, nor from where youre getting it, but in my opinion, most probably its full of false positives (statistically speaking), giving you an example:

one buys computer parts, assembles the machine, installs pclos, uses his net connection from his newly acquired account by the local ISP for the FIRST time.
if he gets unlucky and gets assigned the IP from his list, even when using a freshly set up mail account, he will NOT be able to get nor the www.pclinuxos.com nor the help forum, and thats not MY problem any more, but yours as well, since you should devise a better way to keep the good in, bad out.

if you have several layers of filters, as you stated- spammers IP list, known mail accounts, and im pretty positive a MAC filtering, i i suggest you implement mac vs IP filtering for the PRESENT users in case the spammer IP flag is raised, since most definitely its me using the same computer, having the same MAC, but, unfortunately having been assigned a different IP by my ISP (not my fault nor wish on a certain numbers) i cant get in.

one more thing, as i stated earlier, if my session breaks down now, as it has happened earlier with the symptoms i stated, i wont be able to log back in to the forum, even having cleared the cookies and having different IP assigned by my ISP, and will be locked out for quite a bit amount of time (and i think it resets the period every time i try to log back in, as well), so you could lower the grace period to one hour or something, to be on the safe side, since i know my inability to log in has ranged from 6 to 12 hrs and more, ranging in day or two, before the time i realised there could be a ban period implemented.

im not a spammer, im trying to have my machines as clean and as secure as possible, and my ISP has no complaints on me in any way, and its obliged by law to act and report on any unlawful or against ISPs policies behaviour.

so, id kindly ask you to think of what ive said and act as you see fit/is actually possible

thanks

[vjeko]

seems you care not much of my troubles op?

been using the 1hr log in time out yesterday/day before yesterday, luckily no bsod, and no trouble logging in to the forum so i thought, maybe after all, we got some going.

just today, pm my time, was on the forum using linux. had the browser crash few times, so i guess i still had the logged in status when i left (really strange magic).

got back to the windows only place, seen a movie, went for the forum, and guess what?

access forbidden!!!!

so, since im really annoyed with this, decided to use the little friend called a proxy, freely available on web.

guess how come im writing all this?

so, once more, the settings are NOT right since there are FALSE POSITIVES!!!!!!!!!!!!!!!!!!!!!!!!!!

[genomega]

seems you care not much of my troubles op?

been using the 1hr log in time out yesterday/day before yesterday, luckily no bsod, and no trouble logging in to the forum so i thought, maybe after all, we got some going.

just today, pm my time, was on the forum using linux. had the browser crash few times, so i guess i still had the logged in status when i left (really strange magic).

got back to the windows only place, seen a movie, went for the forum, and guess what?

access forbidden!!!!

so, since im really annoyed with this, decided to use the little friend called a proxy, freely available on web.

guess how come im writing all this?

so, once more, the settings are NOT right since there are FALSE POSITIVES!!!!!!!!!!!!!!!!!!!!!!!!!!

Number 1 whats up with the browser crashing?
Are you accepting  cookies from pclinuxos?

try using proxy 8.8.4.4




 

[vjeko]

number 1 doesnt really exist, had the system overloaded a bit, as i like to run it that way (imagine laptop cpu getting up to 91 deg centigrade, working, responsive, not smoking and i can load the horse some more)

eventually, something decides to give in so i just reboot. chromium is not the best for the flash apps, but much faster in general, but kinda use the ff more

im accepting cookies from anyone (dont make smart jokes, i can always get more smart)

you misunderstood the proxy idea


thanks on the reply

[uncleV]

im accepting cookies from anyone...

thanks on the reply

One from me:

Smart enough.

[vjeko]

talk of fear and being agitated...

last nite, something like hour after i posted my last post to this thread, was browsing the forum, and guess what happened?

V, YOURE BANNED FROM USING THIS FORUM!!!!

now, that REALLY got the blood going.

hopefully this gets sorted out in a positive way, cause it really isnt funny nor convenient nor productive. seems that use of magic is the only one for me when forced to use windows in order to get in

thanks for the cookie, extra chunks of chocolate please

[Neal ManBear]

V,
If you log in on one system and then go to another system without logging out from the forum, you will be likely to have difficulty. If you're going to switch between systems, log out of the forum when you leave. You can not expect a log in to bridge between systems.

How often do you delete your browser cookies? Your browser cache? You should do that.
Look for the source of your problem. And no, we are not the source of your problem. That has been checked.

[vjeko]

neal, thanks for the answer, but please note that

i have answered all your questions before you asked them actually.

individual session set to last for 1 (one) hour only, meaning session expiration cookies and the pclos server crosscheck.

in case of non clean shut down, your authorisation server should time out after 1 hour, as i set my log in to last. there is something which affects this, im quite sure its not cookies related nor my side related cause i did manage to get in having assigned a different IP using free proxy, so it must be your server having some crosschecking lists, which, in my case at least are giving false positives- denying me access and ruling me out for good. mind that i had a denied access about 2 minutes before i got in using the proxy, so its not the cookies nor any local cache on my machine, that im sure of.

when on windows and following the same procedure, in case of bsod, i expect the pclos side to reset within max 1hr, since i get the new IP and i clear the browser cache BEFORE starting it (firefox in particular, and i have tried using alternate browser in windows for this matter).

if you could kindly read my posts once more and propose further action, cause i see no alternative but to use proxy, which gets me again to a black list, as it seems since it occured this morning.


thanks

[Neal ManBear]

V,
As O-P told you previously, if any such event had occurred on this side, it would show up in our logs. The only thing to show up is that you have made attempts to log in using known spammer IPs. These are blocked. They will continue to be blocked.

[vjeko]

question for you:
how do i ask my ISP to get me a specific non spammers IP numerous times in a row on daily basis (on each new dial in i get new IP and they re all spammers?) since
i cant get a static IP (i can but no point in paying for that)

what is your reference of "spammers" IP addresses, where do you get those, is it inhouse (like fail2ban stuff with quite a big timeout) generated list or something else?

the logs show what theyre set to show/activate an action, but the interpretation of results (cause and effect) is not necessarily easy/straightforward.

btw, i have no power of setting my IP to a specific address, and youre aware of the address range of a single ISP.

denial of access happens only while using windows, firefox as web browser, and only if the browser/system crashes, not earlier.

id be grateful if i got to know the reason of this (dont think its the windows thing, clearing the cache, rebooting windows, acquiring new IP, trying to connection gives ACCESS DENIED)

thanks

[Neal ManBear]

denial of access happens only while using windows, firefox as web browser, and only if the browser/system crashes, not earlier.

If it "happens only while using windows," then it is a windows issue. I don't use windows, so I can not tell you how to find and fix this issue.