Welcome to the Cumulus Support forum.

Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024

Cumulus MX V4 beta test release 4.0.0 (build 4017) - 17 March 2024

Legacy Cumulus 1 release v1.9.4 (build 1099) - 28 November 2014 (a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)

Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki

Block issue

Talk about anything that doesn't fit elsewhere - PLEASE don't put Cumulus queries in here!
Post Reply
User avatar
HansR
Posts: 5870
Joined: Sat 20 Oct 2012 6:53 am
Weather Station: GW1100 (WS80/WH40)
Operating System: Raspberry OS/Bullseye
Location: Wagenborgen (NL)
Contact:

Block issue

Post by HansR »

I don't know what is going on in the UK as both the sites of @mcrossley (he lifted the ban, at least for me) and @ConligWX are banned by the same protective procedure (have no idea which, but see the attached output). Apparently it is 'bon ton' these days to block a website for visitors to prevent hackers to access the site. I understand hackers are a nuisance, but this is 'throwing away the child with the bathwater' as an old Dutch saying goes.

And please do tell me what is so important to a weather site that it needs protection against everything foreign? Is this a Brexit spin-off or do you have secret access to MI5/6 databases covered up. You all would be James Bonds? I do check my logs, almost daily, but so far just little access of weird sites, maybe because the technique I use makes hacking difficult?

My guess is, this is a Russian, Chinese, American or whatever script acting as a Trojan horse to get inside the British amateur weather circles to prevent confirmation of climate change :o :roll: :groan: Yes?

In short: I think this script itself is a problem for the free internet. Beware. (could you send me a copy to check?)
You do not have the required permissions to view the files attached to this post.
Last edited by HansR on Thu 25 Jun 2020 12:32 pm, edited 1 time in total.
Hans

https://meteo-wagenborgen.nl
CMX build 4017+ ● RPi 3B+ ● Raspbian Linux 6.1.21-v7+ armv7l ● dotnet 8.0.3
water01
Posts: 3215
Joined: Sat 13 Aug 2011 9:33 am
Weather Station: Ecowitt HP2551
Operating System: Windows 10 64bit
Location: Burnham-on-Sea
Contact:

Re: Block Issue

Post by water01 »

Does this only happen if you try the site with an IP address registered in a country other than the UK, because I can access both sites without any problems?
David
Image
User avatar
mcrossley
Posts: 12685
Joined: Thu 07 Jan 2010 9:44 pm
Weather Station: Davis VP2/WLL
Operating System: Bullseye Lite rPi
Location: Wilmslow, Cheshire, UK
Contact:

Re: Block Issue

Post by mcrossley »

ZB-Block has a list of ISPs that are know to be "spammer tolerant" and all access from those ISPs is blocked. You can switch this off - or amend the lists - the lists are generated from the Spamhaus and possibly others. Don't feel singled out, most of those ISPs are outside the EU, though some EU countries do seem to feature more than others (but not The Netherlands from what I see in my logs).

I have switched that feature of ZB-Block off for now, I'll see how it goes.

As you well know Hans, the protection is not against nefarious access to the weather data, but to prevent the injection of malicious code into the site that could infect other users, turn the server into yet another spam bot, or worse.
User avatar
ConligWX
Posts: 1570
Joined: Mon 19 May 2014 10:45 pm
Weather Station: Davis vPro2+ w/DFARS + AirLink
Operating System: Ubuntu 22.04 LTS
Location: Bangor, NI
Contact:

Re: Block Issue

Post by ConligWX »

your only blocked on my MB Saratoga page. the CMX page should work fine. Just add /cmx/wxindex.php to the end of the url.

As Mark said, you have not been singled out. its just how ZBBlock works using blocklists and malformed Browser Agent Strings.

Most bots and trawlers are also blocked too though I allow a few of them to trawl my pages.

Thanks for the heads up, at least I know its still working :lol:
Regards Simon

https://www.conligwx.org - @conligwx
Davis Vantage Pro2 Plus with Daytime FARS • WeatherLink Live • Davis AirLink • PurpleAir •

Image
User avatar
HansR
Posts: 5870
Joined: Sat 20 Oct 2012 6:53 am
Weather Station: GW1100 (WS80/WH40)
Operating System: Raspberry OS/Bullseye
Location: Wagenborgen (NL)
Contact:

Re: Block Issue

Post by HansR »

mcrossley wrote: Thu 25 Jun 2020 8:31 am ZB-Block has a list of ISPs that are know to be "spammer tolerant" and all access from those ISPs is blocked.
ConligWX wrote: Thu 25 Jun 2020 8:47 am your only blocked on my MB Saratoga page. the CMX page should work fine. Just add /cmx/wxindex.php to the end of the url.
@both: Well, one of the reasons for this post is that my provider is one of the largest if not THE largest in the Netherlands. No doubt NL is a rogue internet nation, hosting everything god has forbidden. So, either of you can tell me where my IP, or header, or whatever, goes wrong, or I estimate the ZB-block script to be a major nuisance. Be happy, you're only accessible for the selected happy few. So far for the free and open internet. How did we get here?

@ConligWX: And how should I know that? If I click on a link and get blocked it does not say 'Oh you are suspect, but this link will accept you' :roll:

Say again: what in gods name do you have on your site that all hackers of the world dive onto the weather amateurs in Britain such that they require this type of security?

And yes, I am slightly irritated by this. But you probably noticed that already.
Hans

https://meteo-wagenborgen.nl
CMX build 4017+ ● RPi 3B+ ● Raspbian Linux 6.1.21-v7+ armv7l ● dotnet 8.0.3
User avatar
ConligWX
Posts: 1570
Joined: Mon 19 May 2014 10:45 pm
Weather Station: Davis vPro2+ w/DFARS + AirLink
Operating System: Ubuntu 22.04 LTS
Location: Bangor, NI
Contact:

Re: Block Issue

Post by ConligWX »

HansR wrote: Thu 25 Jun 2020 9:16 am
Say again: what in gods name do you have on your site that all hackers of the world dive onto the weather amateurs in Britain such that they require this type of security?
Firstly I dont tell anyone what I have on the site. But a malicious bot or hacker will run various scripts/url code against ALL servers, not just mine or Mark's.

When I look at my Apache raw logs files and see hosts trying to run scripts against my web-server, then I prefer not to let them get away with this type of behavior, why would you? Its malicious. its like someone walking up to your house, and trying to open you door without consent.

Though I tell you now, I have more than a php script at my house :lol:

I run zbblock to thwart possible attacks and breeches as I am not sitting on my web-server watching every http(s) session connecting to my webserver. it gives me some piece of mind.

ZBBlock can allow users to be bypassed, but it is setup to block someone first than let a potential hacker in without the site owner knowing anything about them.
And yes, I am slightly irritated by this. But you probably noticed that already.
really? lol
Regards Simon

https://www.conligwx.org - @conligwx
Davis Vantage Pro2 Plus with Daytime FARS • WeatherLink Live • Davis AirLink • PurpleAir •

Image
User avatar
ConligWX
Posts: 1570
Joined: Mon 19 May 2014 10:45 pm
Weather Station: Davis vPro2+ w/DFARS + AirLink
Operating System: Ubuntu 22.04 LTS
Location: Bangor, NI
Contact:

Re: Block Issue

Post by ConligWX »

Just FYI HansR

from the killed log file - Sun, 10 May 2020 - Thu, 25 Jun 2020 I have 3699 visitors that have been caught by zbblock. you are the first one to complain:)

Congratulations :clap: :clap:

PS though i did have one other on wxforums who complained too, though it was at zbblock rather than me. But he edited his UA string for an unknown reason.
Regards Simon

https://www.conligwx.org - @conligwx
Davis Vantage Pro2 Plus with Daytime FARS • WeatherLink Live • Davis AirLink • PurpleAir •

Image
User avatar
HansR
Posts: 5870
Joined: Sat 20 Oct 2012 6:53 am
Weather Station: GW1100 (WS80/WH40)
Operating System: Raspberry OS/Bullseye
Location: Wagenborgen (NL)
Contact:

Re: Block Issue

Post by HansR »

Hi Simon,

No need to continue this discussion online in an irritated manner - though I started that myself :bash: - I have the following additional remarks:
  1. I am not completely unknown to protecting sites. I currently have two (WP) weblogs and the weather site. Had several other sites before. Yes I am aware of evil forces in cyberspace. My current most active domain has roughly 10.000 hits/day on the best days.
  2. However, there is a difference between normal access to a site (it's primary goal I assume) to access its contents and access to logins for content or database management purposes or whatever secrets you guard on the premises. The latter clearly unwanted as owner and any action to prevent that kind of access (scripted or not) is logical.
  3. What is happening is, that I access a site for the (published entry) index file and that I am denied access. You come with arguments as peace of mind and protection against criminal. I simply say: your protection goes too far. Is one step too early - and is rigid. Focus on protecting the danger access points iso blocking site access on information. Which blocks are most likely not correct (IP level).
But it's your site, so do as you please. I made my point.

Cheers, Hans
ConligWX wrote: Thu 25 Jun 2020 11:21 am from the killed log file - Sun, 10 May 2020 - Thu, 25 Jun 2020 I have 3699 visitors that have been caught by zbblock. you are the first one to complain:)
Fine. Did you check what they were doing? Maybe they were visitors who were useful. And I reacted here publicly because we are here on a community (are we?) where you as a member point to a site which is inaccessible to me. You are the second so apparently it is a trend ( two points data is enough to draw a line ;) )

And NB: My site with 10.000 access has a protection report of roughly 300 blocks on suspect entries (most likely scripted) per month.
Hans

https://meteo-wagenborgen.nl
CMX build 4017+ ● RPi 3B+ ● Raspbian Linux 6.1.21-v7+ armv7l ● dotnet 8.0.3
User avatar
galfert
Posts: 195
Joined: Tue 03 May 2016 2:57 pm
Weather Station: Ecowitt GW1000
Operating System: Mint, Raspberry Pi OS, Synology
Location: Orlando, FL

Re: Block Issue

Post by galfert »

Although I get where the title of this thread comes from, it comes across as both alarming and click bait. There is no need to call attention to all the visitors of this forum for this subject matter.

Administrator,
Please rename this thread.

UPDATE: thank you the change
Last edited by galfert on Fri 26 Jun 2020 1:06 pm, edited 1 time in total.
Ecowitt GW1000 | Meteobridge RPI | CumulusMX on Synology NAS
WU: KFLWINTE111  |  PWSweather: KFLWINTE111
CWOP: FW3708  |  AWEKAS: 14814
Windy: pws-f075acbe
Tele-Pole flag pole
Mapantz
Posts: 1774
Joined: Sat 17 Dec 2011 11:55 am
Weather Station: Davis Vantage Pro2
Operating System: Windows 11 x64
Location: Dorset - UK
Contact:

Re: Block Issue

Post by Mapantz »

HansR wrote: Thu 25 Jun 2020 9:16 am

Say again: what in gods name do you have on your site that all hackers of the world dive onto the weather amateurs in Britain such that they require this type of security?

And yes, I am slightly irritated by this. But you probably noticed that already.
I have hundreds of IP bans as my site will be constantly hit. I'm still being hit by the same IP every single minute of the day for the past 3 years. It causes my resources to be used up and the site becomes slow or it maxes out certain aspects of my allowance.

216.244.66.237

That IP address will not stop.
Image
User avatar
HansR
Posts: 5870
Joined: Sat 20 Oct 2012 6:53 am
Weather Station: GW1100 (WS80/WH40)
Operating System: Raspberry OS/Bullseye
Location: Wagenborgen (NL)
Contact:

Re: Block Issue

Post by HansR »

galfert wrote: Thu 25 Jun 2020 12:22 pm Although I get where the title of this thread comes from, it comes across as both alarming and click bait. There is no need to call attention to all the visitors of this forum for this subject matter.

Administrator,
Please rename this thread.
I get your point: done. Unfortunately it does not propagate to the replies. How to do that?
Mapantz wrote: Thu 25 Jun 2020 12:25 pm That IP address will not stop.
But that is another issue. You can block it in the htaccess, if somebody has a problem with that they will contact you and you can solve the issue.
Mapantz wrote: Thu 25 Jun 2020 12:25 pm I have hundreds of IP bans as my site will be constantly hit.
As IP are constantly changing (by DHCP or otherwise), IP bans are probably the worst protection imaginable.
Hans

https://meteo-wagenborgen.nl
CMX build 4017+ ● RPi 3B+ ● Raspbian Linux 6.1.21-v7+ armv7l ● dotnet 8.0.3
Mapantz
Posts: 1774
Joined: Sat 17 Dec 2011 11:55 am
Weather Station: Davis Vantage Pro2
Operating System: Windows 11 x64
Location: Dorset - UK
Contact:

Re: Block Issue

Post by Mapantz »

HansR wrote: Thu 25 Jun 2020 12:35 pm
Mapantz wrote: Thu 25 Jun 2020 12:25 pm That IP address will not stop.
But that is another issue. You can block it in the htaccess, if somebody has a problem with that they will contact you and you can solve the issue.
Mapantz wrote: Thu 25 Jun 2020 12:25 pm I have hundreds of IP bans as my site will be constantly hit.
As IP are constantly changing (by DHCP or otherwise), IP bans are probably the worst protection imaginable.
I have blocked it through .htaccess. I can still see how many times a minute the IP attempts to do something.

re IP bans; I have banned whole IP blocks.
Image
User avatar
HansR
Posts: 5870
Joined: Sat 20 Oct 2012 6:53 am
Weather Station: GW1100 (WS80/WH40)
Operating System: Raspberry OS/Bullseye
Location: Wagenborgen (NL)
Contact:

Re: Block Issue

Post by HansR »

Mapantz wrote: Thu 25 Jun 2020 2:36 pm I have blocked it through .htaccess. I can still see how many times a minute the IP attempts to do something.
You can only see that in the logfile I assume. So that is good, I won't get anywhere and takes the least resources this way. At some time it will stop. Every now and then you clean up the htaccess with this type of specific bans and it restarts from there ;)
Mapantz wrote: Thu 25 Jun 2020 2:36 pm re IP bans; I have banned whole IP blocks.
You simply do not wish your site to be viewed at all :|
Your choice. I would say: Block IP-blocking blocks Blocks of IPs. That's about it.

You should always ask yourself: what do I want to achieve.

And afaic, being on the net with a site means, you have something to say which you which to be read/seen.
Blocking IPs does not help to achieve a goal.

EDIT: its like computer chess - yes I once wrote my own chess program : brute force always fails. You need to be smart.
Hans

https://meteo-wagenborgen.nl
CMX build 4017+ ● RPi 3B+ ● Raspbian Linux 6.1.21-v7+ armv7l ● dotnet 8.0.3
Post Reply