piltonca Posted May 4, 2018 Posted May 4, 2018 My website is returning Error 502 for specific files.After reading Cloudflare support, it appears that Tommy is sending cloudflare invalid data for these files. My (non-Cloudflare) site still works fine. Non-Cloudflare (Working) - https://callumpilton.tech/img/tv_on_desk2.svgCloudflare (Not Working) - https://callumpilton.co.uk/img/tv_on_desk2.svg
piltonca Posted May 4, 2018 Author Posted May 4, 2018 I've tried multiple devices on multiple networks and the cloudflare link still wont work for me... :/ I've even asked other people to take a look and it's not working for them either
wolstech Posted May 4, 2018 Posted May 4, 2018 I just did some digging...the CF data centers in the UK and Germany were blocked for abuse, which would explain why it works for me but not you (I'm in the USA). All the blocks are for failed cPanel and mail logins (typical for abuse trying to guess passwords). I've unblocked all the IPs associated with these data centers
piltonca Posted May 4, 2018 Author Posted May 4, 2018 That's great, working now! Would you be able to tell me when the blocks were active from, so I can get some idea of why they happened? I had an issue a while back with the mail server which was resolved. If th blocks were from this then thats fine as all is now resolved, otherwise something else must be happening which i need to look into. Thanks!
wolstech Posted May 4, 2018 Posted May 4, 2018 The usual cause of this is cybercriminals running bots through CF to break into servers. It's not something you did, but rather the fact that your connections to our server appear as a CloudFlare IP. which you share with thousands of other people (some of which are abusing it).
piltonca Posted May 4, 2018 Author Posted May 4, 2018 Ah okay, How will I know if this happens again though? Say the USA got blocked, i'd lose a large amount of potential visitors and I wouldn't even know that it had been blocked? As i'm in the UK and it was the UK which was blocked, i noticed. But for anywhere else, i'd never know and it would surely stay like that indefinitely?
wolstech Posted May 4, 2018 Posted May 4, 2018 They unblock themselves over time by falling off the bottom of the block list (there's a max number of blocks that can exist at one time), but that can take a week or two typically. Considering Tommy is stable, I'd personally recommend just not using CF if this is a concern.
piltonca Posted May 4, 2018 Author Posted May 4, 2018 Okay thank you. Out of interest, why aren't the CF IP's on the ignore list? Considering CFs primary purpose is security, surely you have nothing to worry about?CFs own security will handle these kinds of issues
wolstech Posted May 4, 2018 Posted May 4, 2018 Whitelisting them means accepting the abuse instead, which would lead to more compromised accounts. The whole reason the IP blocks exist is to prevent someone from easily sitting there and guessing passwords. You'd need a large botnet to overcome it (so you have all the public IPs of the bots at your disposal, with each bot having 5 tries). If you have a botnet, you're probably DDoSing instead of breaking into servers anyway. If we whitelisted a ton of IPs that anyone can easily use, we've defeated the purpose of our own protection. Besides, contrary to what many think, CF is not just for security...they also offer platforms for running applications like Amazon and Google do.
piltonca Posted May 4, 2018 Author Posted May 4, 2018 I never said CF was just for security, i know what it does But your explanation as to why you can't white-list them clears things up for me. Thank you for all your help.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now