Grrr... 1and1 'auto-block' has blocked my home IP address

Pages: (1/3) > >>

saratogaWX:

In the topic 'a little automation is a dangerous thing', I file this under major annoyances:

On 26-Mar-2012 after 11:28pm, apparently the 1and1 traffic watchdog script(s) deemed that accesses from my Comcast IP address were worthy of blacklisting, so all access to my sites (HTTP, FTP, SSH) were blocked.  So.. no weather station uploads for conditions have happened since that time.

I called tech support at 9:20 describing the issue (no HTTP/FTP/SSH access from my IP address to any of my websites at 1and1).
At 9:40, they confirmed that the IP address was blocked with no exact description of the cause, just allusions to 'too much traffic, invalid attempts, etc.'   I explained that this Comcast IP address has been used for weather station upload purposes for many years with the same traffic profile (which is well within the non-limits of 'Unlimited' service) and requested the address be whitelisted instead so I could again have access from my home to my websites.   'Should be restored in 4hrs or less' was the response.

Grrr....   :twisted: ](*,)

saratogaWX:

And... my home IP address was 'whitelisted' at 11:10am on 27-Mar-2012 and data from my station began flowing to the website again.  What a pain!

Note for connectivity debuggers -- if your site is inaccessable from your normal (home) IP address, try using your cell-phone (WiFi OFF) or another IP address to access your site .. if that works, then it's likely a block has been put on your home IP address, and it's time to call hoster tech support for resolution.

BTW.. my FTP internet traffic hasn't changed dramatically.  I'm still doing about 1.7 to 2.4Gb/day in FTP uploads to the site.
Larger than most, I think, due to having 6 weather software, 1 radar, 2 WASP2 instances all uploading.  I do use Fling to handle WeatherLink, Cumulus, VWS, Meteohub, WeatherCat, WeatherSnoop uploads, with only GRLevel3, WASP2 (2 instances), Weather-Display doing uploads.  Hey... I've got templates to test :)

Ken

neondesert:

Ouch, that's a long time to be down!

Did you have any FTP clients uploading an incorrect password when this happened?  I know I've done this myself while configuring
FTP software only to find out that I was hammering the server with invalid credentials and was subsequently blocked. 
Fortunately, a quick ticket sent to support resolves the issue in about 30min.

Glad to see you're up and running now.  8-)

W3DRM:

Ken, I can sympathize with you. I've had the same thing happen to me twice with 1&1 suddenly, and without any notice at all, shutting me down. Both times it took almost a full day to get everything back up and running again. I too had been blacklisted due to "too frequent uploads" for my weather data. Since then I dropped the upload frequency and haven't had any further problems. I also had the same problem with ICDSOFT when I was using them for hosting so it's not just 1&1.

The support folks I talked with said they had no contact with the group who initiates the blacklist activity and could only send them an email to request resetting the block. Thus, the reason for the delay in getting up and running again.

My biggest complaint is that they don't let you know they blocked you. It's the least they could do for their customers.



saratogaWX:

Quote from: neondesert on March 27, 2012, 03:02:01 PM
--
Ouch, that's a long time to be down!

Did you have any FTP clients uploading an incorrect password when this happened?  I know I've done this myself while configuring
FTP software only to find out that I was hammering the server with invalid credentials and was subsequently blocked. 
Fortunately, a quick ticket sent to support resolves the issue in about 30min.

Glad to see you're up and running now.  8-)

--
Hi Larry,
No, AFAIK, no changes to the software with different(invalid) credentials during the time.  I'm downloading and analyzing the current FTP log for credentials errors .. no real difference in the traffic patterns of upload of 1.7 to 2.3Gb/day for the last month. I think they may have tried a new filter on the auto-block and it just didn't like the daily volume so blacklisted it.  But.. with 1and1, you never really get a definitive answer from the security folks.  :(

Quote from: W3DRM on March 27, 2012, 03:15:11 PM
--
Ken, I can sympathize with you. I've had the same thing happen to me twice with 1&1 suddenly, and without any notice at all, shutting me down. Both times it took almost a full day to get everything back up and running again. I too had been blacklisted due to "too frequent uploads" for my weather data. Since then I dropped the upload frequency and haven't had any further problems. I also had the same problem with ICDSOFT when I was using them for hosting so it's not just 1&1.

The support folks I talked with said they had no contact with the group who initiates the blacklist activity and could only send them an email to request resetting the block. Thus, the reason for the delay in getting up and running again.

My biggest complaint is that they don't let you know they blocked you. It's the least they could do for their customers.



--
Hi Don,

Yes, very annoying!  If only their actions would take place after examination of the history, then flag it if very different (instead of just 'volume').  I can understand why they don't notify you as there's nothing to connect my home IP address with my account email on their servers .. they could (maybe) send email's to the email address (contact form) on the three sites I host at 1and1, but that's asking for 'human' intervention in what is likely a script run by automation for security.

Best regards,
Ken

Pages: (1/3) > >>