CrowdSupport®
Level 2: Rookie

My Client's website has been blocked by Telstra Broadband

Answered

Since mid last week my client's website https://www.Investps.com.au has been getting blocked by Telstra Broadband, and after multiple attempts to 'fix' we're still in the same situation.

 

When I try to view the site via my PC (ethernet to the modem) I cannot. I get an error message saying '..

 

"Access to investps.com.au was denied
You don't have authorization to view this page.
HTTP ERROR 403"

 

However, when I view the site via my mobile data, I have no problems. The same if I visit my local cafe (not in Telstra, and no problems). Same again if I use a VPN on my PC (or tablet via WiFi)... no problems.

 

I've had multiple people check the issue, and those not using Telstra broadband have no problems.

 

At first I thought this may be an SSL problem, so we removed and reinstalled the SSL certificates. Same problem.

 

Then we looked at possible malware etc. Checking various malware databases and also scanning the site revealed no malware and the site is not blacklisted anywhere. Yet the problem continues.

 

Then we looked at putting the site on a dedicated IP on the server. Same problem. We still can't view it via the Telstra connection (through modem).

 

I've personally rebooted the modem, cleaned the cache on flush the DNS on the computer. I was away for the weekend so had the modem off for 3 days.. same problem!

 

There are nearly 100 sites on my server, none of the others are experiencing this problem.

 

Who do we speak to to get this issue fixed?

 

Paul Barrs

PaulBarrs.com | Websites and More | Specialising in Local Businesses to Local Customers.
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Level 2: Rookie
Accepted Solution

Re: My Client's website has been blocked by Telstra Broadband

Final note; the site is now visible.

 

Why it was blocked I still don't know. There was a virus found in one of the log files which was removed, and even though the scene from Virustotal still shows problems, the site is visible. For any others reading this, don't let that be your final judge. 

 

We rebuilt the site with previous backups. That didn't help.

We uninstalled and reinstalled the SSL certificate, and that didn't help.

 

Though the setup of the SSL may well have been a part of the problem - why that changed overnight I don't know as the site itself didn't change. But it was reviewed and corrected as well. Thank you to ForensicsGuru.

 

Once that was done (even though I don't have Telstra's Broadband Protect as a part of my package / account) I was able to get to the message that said 'this site is potentially harmful' and therefore was able to submit it as "clean."

 

And 'that' is why I believe I can now view the site.

 

PaulBarrs.com | Websites and More | Specialising in Local Businesses to Local Customers.

View solution in original post

Was this helpful?

  • Yes it was, thank you
  • No, I still need help
10 REPLIES 10
Highlighted
Level 25: The Singularity
Level 25: The Singularity

Re: My Client's website has been blocked by Telstra Broadband

403 errors are generated by the server, so the problem is more likely on the server end than on Telstra's end.

 

I'd be looking for rules on the server that are blocking certain IP ranges or networks.

Never be afraid to back yourself when trying new things, just always make sure you have 3 escape routes if things go wrong.
Highlighted
Level 21: Augmented

Re: My Client's website has been blocked by Telstra Broadband

Additionally, the site is reported as malicious on virustotal - https://www.virustotal.com/gui/url/2e82e952b966c536b1ed82f40bbdf1dbe3c7808c2af348c6de45dc687050f7cb/...

 

DISCLAIMER: I do not work for Telstra or any other ISP. I never did. I have wealth of practical knowledge in Computer Security and Forensic Computing. I have been in the field since 1985.

Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.
Highlighted
Level 2: Rookie

Re: My Client's website has been blocked by Telstra Broadband

Thank you Jupiter,

 

Usually, yes. But not in this case. I can access the site just fine via a VPN using the same browser seconds later. We Also deleted the entire site end of last week and reinstalled from a previous backup; again, not fixing the issue.

 

Plus I can access the site fine via the Optus WiFi at the local cafe - 

 

Forensic Guru - thank you; that's a new one. I ran a new scan of site, found one infected log file and destroyed it.. now to find where on earth I submit 'it's clean' to Dr. Web - 

PaulBarrs.com | Websites and More | Specialising in Local Businesses to Local Customers.
Highlighted
Level 21: Augmented

Re: My Client's website has been blocked by Telstra Broadband

I cannot reach your site from my corporate network either, meaning that our corporate firewall (PaloAlto) is blocking it too due to malware being detected. 

DISCLAIMER: I do not work for Telstra or any other ISP. I never did. I have wealth of practical knowledge in Computer Security and Forensic Computing. I have been in the field since 1985.

Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.
Highlighted
Level 25: The Singularity
Level 25: The Singularity

Re: My Client's website has been blocked by Telstra Broadband

You don't seem to understand the concept of "blocking specific IP address ranges by your server", which seems to be what is happening.

 

If you try from a PC on a landline based Telstra connection, your IP address is within a certain range. You then try using a VPN and it works (different IP address range), then try Optus Wifi (different IP address range again) and it works.

 

It still sounds like your server is blocking access from a specific IP address range.

 

If it was Telstra Broadband Protect blocking it, you would get a specific webpage come up telling you that you are blocked (not a 403 error message). If it couldn't find a site due to the DNS not propagating, you would get a Site Timed Out response. The only time you get a 403 response is from the hosting server itself, blocking access to the site.

Never be afraid to back yourself when trying new things, just always make sure you have 3 escape routes if things go wrong.
Highlighted
Level 24: Supreme Being
Level 24: Supreme Being

Re: My Client's website has been blocked by Telstra Broadband

It is Telstra broadband protect blocking the Website. On my Telstra FTTN connection I can access site using custom DNS, but when using Telstra's DNS I can't access the site.

 

The SSL  403 error is due trying to access a secure site and being redirected to another site. Depending on the browser you use if you navigate to http://www.investps.com.au/ you get redirected to the normal Telstra Broadband Protect Malicious content warning page with a link to report site as safe.

Highlighted
Level 21: Augmented

Re: My Client's website has been blocked by Telstra Broadband

Hmmm.... Actually, me think that there is redirect on http to https, not the other way round:

vlasti@sherlock:~$ wget http://www.investps.com.au/
--2020-01-20 04:27:05-- http://www.investps.com.au/
Resolving www.investps.com.au (www.investps.com.au)... 180.235.129.254
Connecting to www.investps.com.au (www.investps.com.au)|180.235.129.254|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.investps.com.au/ [following]
--2020-01-20 04:27:06-- https://www.investps.com.au/
Connecting to www.investps.com.au (www.investps.com.au)|180.235.129.254|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html’

index.html [ <=> ] 91.50K --.-KB/s in 0.09s

2020-01-20 04:27:08 (982 KB/s) - ‘index.html’ saved [93692]

vlasti@sherlock:~$ wget htts://www.investps.com.au/
htts://www.investps.com.au/: Unsupported scheme ‘htts’.
vlasti@sherlock:~$ wget https://www.investps.com.au/
--2020-01-20 04:27:35-- https://www.investps.com.au/
Resolving www.investps.com.au (www.investps.com.au)... 180.235.129.254
Connecting to www.investps.com.au (www.investps.com.au)|180.235.129.254|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html.1’

index.html.1 [ <=> ] 91.50K --.-KB/s in 0.08s

2020-01-20 04:27:37 (1.07 MB/s) - ‘index.html.1’ saved [93692]

vlasti@sherlock:~$

SSL settings seems to be OK according to SSL Labs (https://www.ssllabs.com/ssltest/analyze.html?d=www.investps.com.au)

DISCLAIMER: I do not work for Telstra or any other ISP. I never did. I have wealth of practical knowledge in Computer Security and Forensic Computing. I have been in the field since 1985.

Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.
Highlighted
Level 2: Rookie

Re: My Client's website has been blocked by Telstra Broadband

My server support have ruled out IP blocking - 

 

"As for the VPS blocking telstra IP Blocks, i have checked, and this is not the case, as it is not set to block entire blocks of IPs, only individual one, with a limit of 200 permanent blocks that rotate out once full."

 

So now I'm just trying to figure out how to notify Dr. Web that the site has been cleaned of all infections. Can't find the damn link anywhere.

 

Thank you for your help thus far.,

PaulBarrs.com | Websites and More | Specialising in Local Businesses to Local Customers.
Highlighted
Level 2: Rookie

Re: My Client's website has been blocked by Telstra Broadband

We are now looking into the SSL redirect error, thank you - We have scanned the site using the server virus software, found one malicious file and removed it. We have since rescanned with the server software and found it clean, scanned again with Wordfence, All In One WP Security & Firewall, and sucuri.net - all now show the site clean.

 

 

PaulBarrs.com | Websites and More | Specialising in Local Businesses to Local Customers.
Highlighted
Level 2: Rookie
Accepted Solution

Re: My Client's website has been blocked by Telstra Broadband

Final note; the site is now visible.

 

Why it was blocked I still don't know. There was a virus found in one of the log files which was removed, and even though the scene from Virustotal still shows problems, the site is visible. For any others reading this, don't let that be your final judge. 

 

We rebuilt the site with previous backups. That didn't help.

We uninstalled and reinstalled the SSL certificate, and that didn't help.

 

Though the setup of the SSL may well have been a part of the problem - why that changed overnight I don't know as the site itself didn't change. But it was reviewed and corrected as well. Thank you to ForensicsGuru.

 

Once that was done (even though I don't have Telstra's Broadband Protect as a part of my package / account) I was able to get to the message that said 'this site is potentially harmful' and therefore was able to submit it as "clean."

 

And 'that' is why I believe I can now view the site.

 

PaulBarrs.com | Websites and More | Specialising in Local Businesses to Local Customers.

View solution in original post

Telstra 24x7®

Manage your business services on your mobile with the Telstra 24x7® App

Find out more