All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
U.S. Security Risk accessing site hosted in Germany
One of my clients based in Santa Ana, California sent me a mail today
My clients and attorneys cannot see our website because it says it is security risk and that it is hosted in Germany.
Is there anyway you can fix this. Most secure sites will not load our website and they are our clients.
This client is working in close proximity to Homeland Security and Mexican govt. for a number of projects. I had hosted their website on a Netcup.de VPS in Germany... but this email from him today is alarming. Is it possible that sensitive Dept. of US govt. filter and censor sites loading in from other countries ?
If so, is there a reliable way of checking your websites if they will load "fine" for usual US Govt. Depts ? Is their a way you can get your IPs or providers pool checked for such greylisting ? The regular RBLs and monitors give me a clean chit to all my German (Hetzner, Netcup, Aruba, UltraVPS).
I am using Cloudflare DNS for this perticular domain.. but purely for AnyCast DNS resolution... all protection mechanisms are "OFF" for this. Can CF be a prob ?
Comments
Is it due to the SSL or some malware?
No it is running on plain http://
This website was infected with some Joomla JS injection prior to Feb 2016 when the client was referred to me by a friend. We got his site redeveloped in Wordpress (which is secured and clean). Can the blockage be possible beause of a "Bad" history ?
Worth asking what sort of error are they exactly seeing. Preferably with a picture. They might be interpreting it wrongly.
For what you quoted it may be an error, website heaving malware with connection details and county name somewhere on the error page. This may not be the cause per se.
I don't think that has anything to do with the location where the server is hosted as I don't see any reason for the US Gov to block it, if that was your concern. More likely the issue is with your site itself as given in prior arguments.
Could be some network/security system filtering on the customers network(s) blocking the site rather than "Dept. of US govt.".
Why not move it into the US as surely it would be better for the visitor based on demographics?
It's entirely possible. It's not for you to find out. If it's an internal, corporate firewall's policy they need to contact their IT department and see what the real reason is, so then you can fix it.
As stated above, get the team responsible for that firewall to inform you of the root of the error. Reinforce your client that you have requested the information and follow up daily until you are told why the site was restricted.
Well, I have already asked for screenshot of error / security alert that is being reported. Lets see if it can be reproduced.
The website doesn't have any error anywhere and doesn't use any ssl encryption which may produce error for an end-user
Also as a natural precaution, I have moved them to a US West coast server, just to be double sure if it is the location thing.
I'm contemplating on the same fact that this is an internal firewall problem and I think there isn't a way for my client to get it "opened" to multiple authorities. Lets see if it still doesn't open whilst being hosted at a US server.
For what it's worth - AWS GovCloud IPs are whitelisted on pretty much any US gov firewall. You however likely won't get GovCloud access.
Normal AWS is also a good bet for such things always, same as Rackspace and Softlayer.
I share the opinion that it is the client's firewall that blocks access to the desired website.
I have a business-class firewall. From time-to-time, it puts up a notification page that blocks websites, giving various categories of warnings. I have it configured for some categories so that users can choose to click a button on the warning page to click through and access the website. Other categories of warnings (e.g., drive-by malware) are blocked without providing a user-bypass option.
The firewall relies on third-party services for its real-time information about which websites to trust. Your client might try this to check the URL he/she is trying to access:
https://www.trustedsource.org (Owned by McAfee)
The client can also examine the website for malware:
https://app.webinspector.com
https://virustotal.com (owned by Google)
If the client is really sure that the website is safe, he/she may be able to bypass the firewall by using Tor or the Tor Browser. I hate to admit it, but sometimes it is easier to use Tor to peek at a blocked webpage than it is to get into the firewall configuration for a one-time look at a webpage that I know is safe. (Quoting Hagrid: "I should not have said that.")
Here is the URL for Tor: https://www.torproject.org
@emg... Thanks for the valuable info. That was the info I was looking for, the public security lists from where the corp. firewalls source their "safe" lists.
I just checked trustedsource.org - which gave me:
VirusTotal :-
I presume I need to ask them a "review" of my site since it is clean now...!
Can you also help me further know where are all
Are you sure the Wordpress you've used was updated regularly and there is no chance it was breached and is currently servicing malware ?
I wish I could help you get off those lists. All I can say is good luck. Unfortunately, there are lots more lists.
My firewall is also blocking access to one of my VPSs. It is listed as a spam source even though I am not running a mail server (or any public services) on it. All I have is a private (one person) VPN at the moment.
The one and only offender for marking my VPS as bad is Barracuda Networks. All of the other "spam detectors" show that my VPS is clean. Barracuda has marked an entire block of IP addresses as spammers, and mine is included in the block. I have tried multiple times to get it fixed through their web forms, but no luck. There is no acknowledgement of receiving my requests, let alone an explanation regarding why it is on their list and/or why they will not remove it. I opened a ticket with the VPS provider. He should have an interest in the issue, considering that a large block of his customers' VPSs are marked bad. So far, no change. I can use the VPS as a DNS server, I suppose.
What I do know is that there are many lists, and many different service providers rely on yet many other service providers for their safe/not-safe lists.
I never worked directly for the DHS (although they did sign my checks), there's no such restrictions at the US Attorney's, Federal Defenders, any CJA Panel, and generally agency communication's biggest weakness is the stupid hold music if you ever call and NARA losing files. I'd chalk it down to just your regular filtering instead of some actual rule, god forbid legislative rule, that would be in effect. For one, you get to notice and commentary on that and that'd be a pain in the ass for them.
But if they make an internal IT decision then they make one, perfectly within their rights to do so but I think that diminishes their mandated powers. Shrug.
Supposedly the Dept. of Transportation is pretty loose on their rules, my friend is on FB all day there.
Yes Absolutely... Its clean. I even did sitecheck.sucuri.net to make sure.
I maintain over 40 Wordpress installations at varied locations. I try to keep them under a good watch!
Oh Yes... I remember having hard time with Barracuda Network, absolute "blanket" policy FW. A couple of years they were blocking emails from all Asian ISPs even if the mails were being sent from within Google Apps. Way to aggressive and tough on scanning.
Anyways, thanks for being of big help, I have issued a "review" to trustedsource.org and virustotal. I think we should be good once I come clean of McAfee as that is a major antivirus amongst end-users.
>
Don't be surprised if they ignore your "review."
AWWWW!! is it ? Then the attorneys of my client will send them a notice! Its a question of a business's reputation
I don't think you have any power over this. Anyone can create a blacklist and list your IPs there. I don't recall a similar case in US law whereby a record of IP addresses would be removed from a blacklist by a court order, anyone ?
More the company who bought the firewalls using this list could claim they are not fit for purpose, as they base their decision on skewed information and as such prevent normal workflow. They could seek the compensation there.
Can't you just move to another IP adress?
The only problem I see is, that the filter is probably domain based...
No - the IP doesn't make a difference at all... it is the "domain name" that is listed as malicious. I say this because the original infected site was running on a different host. When we redid the site I put them on Netcup. I moved them yesterday to my Vegas Server but still face the prob.
The only problem I can close down is that I need to get my domain name out of McAfee's malicious list.
Update : @emg and others watching this thread.
Trusted Sources has CHANGED my sites statusas "Web Reputation: Minimal Risk" which I presume means "clean".
Lets see if I can get myself done with other lists as well.