Jump to content
Not connected, Your IP: 3.230.162.238
loopy123

Sucuri blocking many websites

Recommended Posts

I have run the test and found others likely have the same problem due to Sucuri's "BLACK02" blacklisting.

See route report here

https://airvpn.org/routes/?q=https%3A%2F%2Flabs.sucuri.net%2Fsignatures%2Fwaf%2Fblack02-blacklisted-ip-address%2F

and browser from denied sites:
 

Access Denied - Sucuri Website Firewall

If you are the site owner (or you manage this site), please whitelist your IP or if you think this block is an error please open a support ticket and make sure to include the block details (displayed in the box below), so we can assist you in troubleshooting the issue.

Block details:

Your IP: 199.249.230.2
URL: www.fortbendcountytx.gov/
Your Browser: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0
Block ID: BLACK02
Block reason: Your IP address is listed in our blacklist and blocked from completing this request.
Time: 2022-08-24 07:58:33
Server ID: 12004

------------

Access Denied - Sucuri Website Firewall

If you are the site owner (or you manage this site), please whitelist your IP or if you think this block is an error please open a support ticket and make sure to include the block details (displayed in the box below), so we can assist you in troubleshooting the issue.

Block details:

Your IP: 199.249.230.2
URL: labs.sucuri.net/signatures/waf/black02-blacklisted-ip-address/
Your Browser: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0
Block ID: BLACK02
Block reason: Your IP address is listed in our blacklist and blocked from completing this request.
Time: 2022-08-24 07:57:07
Server ID: 12016

Share this post


Link to post

I too have found more and more websites using Sucuri firewall blocking most GA and a rotating assortment of Florida servers . 
Wells Fargo Bank blocks Pollux

Get the same page as loopy32 displayed with either a backlist01 or 02

Share this post


Link to post

I've found this as well.  I don't have an example on the top of my head right now, but I remember seeing Sucuri's block screen frequently recently. 

Share this post


Link to post

Same here. A lot more websites are now inaccessible due to Sucuri. Some will display a "Access Denied - Sucuri Website Firewall" message, with some details and a link to open a support ticket, but most websites will just timeout.

Is there anything that can be done about this? Would it make sense for Air to contact them (Sucuri) directly?

Unfortunately this is having a big impact, and I now cannot access a number of websites I must regularly use.

Share this post


Link to post

+1, I'm seeing error from - https://www.rutherford.org/publications_resources/john_whiteheads_commentary/youd_better_watch_out_the_surveillance_state_is_making_a_list_and_youre_on_it
 

Block details:

Your IP: 194.36.111.59
URL: www.rutherford.org/publications_resources/john_whiteheads_commentary/youd_better_watch_out_the_surveillance_state_is_making_a_list_and_youre_on_it
Your Browser: Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0
Block ID: BLACK02
Block reason: Your IP address is listed in our blacklist and blocked from completing this request.
Time: 2022-12-25 16:11:02
Server ID: 14002

 

Share this post


Link to post

This is the only page i can reach about sucuri ip block. i can't even reach their docs. I tried to write a message but they told me to reach to web site owner. In this case my website was linuxmint.com but i also mentioned i can't reach their website docs. they didn't respond it. For now there is nothing to do i guess. still searching and i will share my results if i can find a solution.

Share this post


Link to post

Same here. I was try it get Linux Mint to install on an old laptop and I get the same error on that site. I'm currently on the Ursa server in the United States.

Share this post


Link to post

Sucuri Firewall is a sponsor of Linux Mint.

Good luck with hoping Linux Mint would switch off the Sucuri Firewall for their website...

But perhaps AirVPN could help?

If they could, the should, because Linux Mint OS is used by millions of users.

Share this post


Link to post

Extremely annoying that Sucuri is blocking my access to linuxmintDOTcom and blog.linuxmintDOTcom. Sometimes if I change AirVPN servers I can reach them, but it's a needless frustration.

Share this post


Link to post

Same here: 
 

Access Denied - Sucuri Website Firewall

If you are the site owner (or you manage this site), please whitelist your IP or if you think this block is an error please open a support ticket and make sure to include the block details (displayed in the box below), so we can assist you in troubleshooting the issue.

Block details:

Your IP: 146.70.115.139
URL: embrace-autism.com/
Your Browser: Mozilla/5.0 
Block ID: BLACK02
Block reason: Your IP address is listed in our blacklist and blocked from completing this request.
Time: 2023-05-04 12:21:42
Server ID: 14025

Share this post


Link to post
@McFly

The route tool works, it returns a green token because it gets 200 (OK) from the final web server, and that's true. But the landing page is served by the Sucuri Firewall as a courtesy block page. Our IP addresses are not in the main black lists around, but there are hundreds of black lists around, we will try to understand which one Sucuri uses (maybe a proprietary one).

Kind regards
 

Share this post


Link to post

Well, the routes tool "works" in the sense that receives the "OK" from the server.  It does not work as a tool to figure out which Air VPN server I can switch to in order to bypass Sucuri.  I'm thus left flailing in the dark. 

Add Linux Mint's help forums to the list.  That's my distro, dammit! 🙂
https://forums.linuxmint.com/

I'm not mad at AirVPN, I'm mad at Sucuri for blocking lots of legitimate traffic and being opaque and unresponsive about it.  Jerks. 
Thanks for any help. 

Share this post


Link to post
On 5/16/2023 at 4:58 AM, Staff said:

But the landing page is served by the Sucuri Firewall as a courtesy block page.

"courtesy block page" 🤣
But a discourtesy to us.
 
On 5/23/2023 at 12:24 PM, McFly said:

That's my distro, dammit!

Mine, too. It's infuriating!
If you use Startpage search engine, you can first search for the blog, then use the "Anonymous" option to link to it, which bypasses Sucuri's BS.

Share this post


Link to post

Thanks for the tip on startpage search, I'm going to use that.  A lot.

Apologies for the slight cross post, but I just tried a site called Jadelearning which was blocked by WordFence:
https://www.jadelearning.com

Maybe
WordFence and Sucuri are using the same blacklist?

Share this post


Link to post

Showing 100% server HTTP 303 block at the airvpn.org route report, now.  Used to be fewer.  Anything we can do?

 

Quote

 

Access Denied - Sucuri Website Firewall

If you are the site owner (or you manage this site), please whitelist your IP or if you think this block is an error please open a support ticket and make sure to include the block details (displayed in the box below), so we can assist you in troubleshooting the issue.

Block details:

Your IP: 104.254.90.235
URL: labs.sucuri.net/signatures/waf/black02-blacklisted-ip-address/
Your Browser: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0
Block ID: BLACK02
Block reason: Your IP address is listed in our blacklist and blocked from completing this request.
Time: 2023-06-04 09:15:06
Server ID: 20016
© 2023 Sucuri Inc. All rights reserved. Privacy
 

 


 

Share this post


Link to post
Posted ... (edited)
On 6/4/2023 at 1:09 PM, fishbasketballaries said:

At the moment, Fulu (Sao Paulo, Brazil) is not on Sucuri's BLACK02 blacklist.


Confirmed, I'm able to get on with Fulu.  Another Mint user here. Edited ... by John Gow
grammar

Share this post


Link to post
On 5/16/2023 at 4:58 AM, Staff said:
@McFly

The route tool works, it returns a green token because it gets 200 (OK) from the final web server, and that's true. But the landing page is served by the Sucuri Firewall as a courtesy block page. Our IP addresses are not in the main black lists around, but there are hundreds of black lists around, we will try to understand which one Sucuri uses (maybe a proprietary one).

Kind regards
 

Any progress  on this, Admin?
Securi still  blocking Linux Mint forums, but thus far the only block I've seen personally.
Weird that you can still  get on through  Fulu/Brazil. Brazil isn't exactly known for being free from botnets and other bad things. In fact a router hack took over almost a 1/3 of Brazilian routers several years ago and made them do bad things.
Anyway, I hope Securi sees the light soon.
 

Share this post


Link to post

This is a serious issue, and things have worsened a lot during the last year or so. For AirVPN users, large parts of internet are getting out of reach, and it's good that the staff are working on this.

However there's another side of the coin here as well. In the end, web pages are there for visitors and for their business. They lose business when their pages are inaccessible for visitors or  customers accessing their site. In addition to VPN providers trying to get their voice through, IMO all businesses using Sucuri (or similar lazy blocklist based firewall approaches) should be contacted *by people who can't reach their pages*, and this way helped to understand that the service these page owners buy from Sucuri causes them to lose their business, as VPN services are more and more used everywhere and their firewall just blocks legitimate customers. That should hopefully get the message through, eventually.

Share this post


Link to post
On 5/16/2023 at 1:58 PM, Staff said:
@McFly

The route tool works, it returns a green token because it gets 200 (OK) from the final web server, and that's true. But the landing page is served by the Sucuri Firewall as a courtesy block page. Our IP addresses are not in the main black lists around, but there are hundreds of black lists around, we will try to understand which one Sucuri uses (maybe a proprietary one).

Kind regards
 

Hm. More then five months later, Sucuri is still blocking Linuxmint.com and quite a few other sites I regularly visit. Is action really being taken, staff?

Share this post


Link to post
4 hours ago, esjalistas said:

Hm. More then five months later, Sucuri is still blocking Linuxmint.com and quite a few other sites I regularly visit. Is action really being taken, staff?

Hello!

Not really, i.e. the black list compiled by Sucuri according to what they find in 10 other black lists and other evaluations (if any) is not modified by any of our actions apparently. Check here:
https://docs.sucuri.net/malware-removal/delisting-blacklisted-sites/how-to-get-off-a-blacklist/
https://docs.sucuri.net/malware-removal/delisting-blacklisted-sites/

Kind regards
 

Share this post


Link to post
On 10/30/2023 at 3:49 PM, Staff said:

Hello!

Not really, i.e. the black list compiled by Sucuri according to what they find in 10 other black lists and other evaluations (if any) is not modified by any of our actions apparently. Check here:
https://docs.sucuri.net/malware-removal/delisting-blacklisted-sites/how-to-get-off-a-blacklist/
https://docs.sucuri.net/malware-removal/delisting-blacklisted-sites/

Kind regards
 
...and those links are blocked, by Securi.
You might want to attach a screenshot or something instead.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...