HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


[SOLVED]Access to my Domain Blocked!

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#74175 (In Topic #15451)
Avatar

Community saint

triggered by edit to side menu

During a routine edit of the side menu blocks on a new install of 7.1.4 on which I have been working for the past week, everything froze.

A report to my Host received this answer:

eLief said

Your IP address was blocked for the following:

Temporary Blocks: IP:201.xxx.xx.xxx Port: Dir:in TTL:3600 (lfd - *Port
Scan* detected from 201.xxx.xx.xxx (AW/Aruba/). 11 hits in the last 256 seconds)

After a reset, I redid the same edit to be sure it could be replicated before posting here as a possible bug and got the exact same result; my IP was banned again.

The first part of the task was done successfully: Adding a new side menu
The second part caused the problem: Editing this last menu and attempting to change the category.
The same is also true for attempting to change an existing menu category.


Last edit: by Jean
Back to the top
 
Posted
Rating:
#74176
Avatar

That does worry me, but it's outside the scope of ocPortal so please discuss with eLief. Certainly we're not doing port scanning, I'd be surprised if we actually access any non-80 web ports.

I'm happy to discuss with eLief if they bring up specific behaviours to change, but it seems a very routine thing to me.

I'm sure they'll sort it out, maybe better to risk false-positives than the opposite. I don't know, but annoying.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#74216
Avatar

Community saint

Thanks for your reply Chris.

Until now, I did not know that websites could initiate a “server port scan".

Googling this, I can see many instances of similar situations and most refer to the numbers "11 hits in so many seconds". Number 11 seems to be always present, which is exactly what eLief’s report mentioned twice. As you said, it is probably just false positives from a sensitive server, but it is disturbing even so, as I triggered it both times doing exactly the same task on a new install, on a new site that has not been opened yet.

I was working on a complex new “theme” with a panoramic Flash splash screen using two zones, but decided it would be best to keep my Flash out of ocP and reverted back to one Welcome zone preceded by a static HTML page for my Flash Animation. I will export the theme to a new site to have peace of mind before releasing it.

By the way, I’ve discovered this amazing free web service “Shield Up” for a handy confirmation that the intrusion logging systems of a PC are operating correctly and in FULL STEALTH MODE!
Back to the top
 
Posted
Rating:
#74219
Avatar

Community saint

I first used Shields Up about 10 years ago. This was the first time in about 6 years I visited that site. It doesn't appear to have changed much (appearance-wise) in 6 years.

It seemed to be good back then, but I don't have any knowledge of it now.

Steve
Back to the top
 
Posted
Rating:
#74317
Avatar

Hi,

All I can think is that some editing screens call up edit_ping.php every 10 seconds in the background, to tell ocPortal a live edit is happening (so if someone else comes along they'll be warned about the potential for conflict).

Maybe the 'probe-like-regularity' of this, possibly in correlation with some associated requests coming from your computer/network/the-internal-network happening (no idea what that could be!)

The menu editor doesn't do anything fancy when you save regarding server connections.

I looked around and few things about it, but nothing definite. If it keeps happening eLief will need to look into it further, find out what exact calls trigger it.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#74331
Avatar

Community saint

With eLief's patience and support during this crisis, I was able to narrow the problem down to a compromised browser and most probably the OS as well. It seems that multiple simultaneous connections were attached to my IP every time I did some editing on my sites. The strange thing is that my anti-virus anti-malware scheme did not triggered any alarm. Obviously, something took hold of my system and I could no longer trust it. After switching OS with a new set of browsers, I was able to accomplishing all my tasks on different sites without any glitches all day Sunday.

Hopefully this is the end of it.

Sorry for crying wolf on this one!
:$
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: