Menu
Reply
  • 5
  • 0
  • 1
davegfuller
Tuning in
863 Views
Message 1 of 13
Flag for a moderator

Website blocked by websafe

Hi there, my website (www.davefullerphotography.com), which is hosted by Squarespace is being blocked by websafe. It is actually the IP address that is hosting it which is being blocked, according to a spam blocking site which websafe uses (suomispam). It is saying that the IP address hosts onestop.fi which is a long time Finish spammer.

Is there any way of unblocking my website? I'm currently feeling trapped between three organisations, none of which are actually doing anything to help me!

Thanks in advance for any help.
Dave
0 Kudos
Reply
  • 3.52K
  • 203
  • 984
Sololobo
Wise owl
840 Views
Message 2 of 13
Flag for a moderator

Re: Website blocked by websafe

May help - may not!

http://community.virginmedia.com/t5/Switched-On-Families/Welcome-to-Virgin-Media-Web-Safe-FAQ-s/td-p... 

I’ve found a perfectly respectable website that has been blocked!

If there is a website that you believe is safe, but has been blocked, you can report it by emailing websafefeedback@virginmedia.co.uk




It's What I Do.
I Drink and I
Remember Things.
0 Kudos
Reply
  • 5
  • 0
  • 1
davegfuller
Tuning in
837 Views
Message 3 of 13
Flag for a moderator

Re: Website blocked by websafe

Thanks for your reply Sololobo,

I have had a read through that post already no use unfortunately and I've emailed that email at least three or four times over the last couple of months without reply or any action being taken as far as I can tell.
Tags (3)
0 Kudos
Reply
  • 5
  • 0
  • 1
davegfuller
Tuning in
818 Views
Message 4 of 13
Flag for a moderator

Re: Website blocked by websafe

Okay, so I'm assuming there is nothing anybody can do to solve this problem then? Seems like Virgin Media/ Squarespace don't actually want my business anymore.

Anybody able to help me with this one??

0 Kudos
Reply
  • 13.78K
  • 732
  • 4.79K
Superuser
Superuser
800 Views
Message 5 of 13
Flag for a moderator

Re: Website blocked by websafe

Hi

The first thing to discuss is the blocking.

I'm going to start by stating the following.  This is NOT a proper block.  However it is an example of what happens when websafe does things incorrectly.

Laying my cards on the table.

I don't like websafe.  It works by modifying DNS lookups,  I think any technology that does this is flawed, particularly when it doesn't appear to take into account that a lookup might not be for a website using port 80.  In this case the OP's website is using HTTPS on port 443.

Aspects of websafe I think were not thought out properly.

In some cases even when websafe doesn't block a website, it instead diverts the lookup via a proxy address on the websafe platform.  This is presumably so it can check the content for anything that should be blocked.  (Note: some of this is conjecture, but that the lookup is diverted is fact).

When connection goes through port 80, this is not an issue, the connection is transparently made to the destination and the user is completely unaware of the issue, although in the case of the rowing machine software Rowpro, it did have an adverse affect.

When a connection goes through a different port all bets are off.  In these circumstances the proxy appears to drop the connection.  This has caused problems for users trying to connect to the following services.

FTP servers.
Mail servers.
Web Servers using HTTPS

The reason I say this is not a proper block is because when I clear my DNS cache and turn websafe on, I see this when I try and access the site.

davefuller.PNG

Whereas if the site were being blocked we'd see something similar to this.

childwarn.PNG

The above was for a block with Child Safe - but Virus Safe has a similar message.

How I know the lookup is intercepted.

While I can and have used nslookup, I prefer DIG to do my DNS checking.  I cleared my cache and did a lookup for the OP's site.

C:\Users\timdu>dig www.davefullerphotography.com

; <<>> DiG 9.10.6 <<>> www.davefullerphotography.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55732
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.davefullerphotography.com. IN      A

;; ANSWER SECTION:
www.davefullerphotography.com. 0 IN     A       62.252.172.241

;; Query time: 14 msec
;; SERVER: 194.168.4.100#53(194.168.4.100)
;; WHEN: Sat Oct 28 01:16:01 GMT Summer Time 2017
;; MSG SIZE  rcvd: 74

Note:  I turned child safe off and repeated the lookup with the same result.  So we know that it's the Virus Safe part of Web Safe that is causing the problem

With just Child Safe on and Virus Safe off I get the following result.

C:\Users\timdu>dig www.davefullerphotography.com

; <<>> DiG 9.10.6 <<>> www.davefullerphotography.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9961
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.davefullerphotography.com. IN      A

;; ANSWER SECTION:
www.davefullerphotography.com. 359 IN   CNAME   ext-sq.squarespace.com.
ext-sq.squarespace.com. 9503    IN      A       198.185.159.145
ext-sq.squarespace.com. 9503    IN      A       198.185.159.144
ext-sq.squarespace.com. 9503    IN      A       198.49.23.144
ext-sq.squarespace.com. 9503    IN      A       198.49.23.145

;; Query time: 12 msec
;; SERVER: 194.168.4.100#53(194.168.4.100)
;; WHEN: Sat Oct 28 01:19:08 GMT Summer Time 2017
;; MSG SIZE  rcvd: 155

How the proxy affects the SSL handshake.

This next bit's going to look confusing, but i'm adding it as evidence for the Forum Team to pass on to those managing the Web Safe platform when they get to the thread.

Here's the connection attempt with Virus Safe on using OpenSSL's s_client command

C:\Users\timdu>openssl
OpenSSL> s_client -connect www.davefullerphotography.com:443 -CAfile C:\Users\timdu\downloads\cacert.pem
CONNECTED(00000158)
22840:error:140943E8:SSL routines:ssl3_read_bytes:reason(1000):ssl\record\rec_layer_s3.c:1399:SSL alert number 0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1509150792
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
error in s_client

Note that in the above connection the TLS handshake does not complete properly.  The certificate chain is not retrieved correctly from the destination and the connection fails.

Here's the same connection with Virus Safe OFF

C:\Users\timdu>openssl
OpenSSL> s_client -connect www.davefullerphotography.com:443 -CAfile C:\Users\timdu\downloads\cacert.pem
CONNECTED(000000E8)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = US, ST = New York, L = New York, O = "Squarespace, Inc.", OU = Web Services, CN = *.squarespace.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=New York/L=New York/O=Squarespace, Inc./OU=Web Services/CN=*.squarespace.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIQBUpKfYzsog4DuElCjSE7tTANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0xNzA1MzEwMDAwMDBaFw0xOTA3MDMxMjAwMDBa
MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5l
dyBZb3JrMRowGAYDVQQKExFTcXVhcmVzcGFjZSwgSW5jLjEVMBMGA1UECxMMV2Vi
IFNlcnZpY2VzMRowGAYDVQQDDBEqLnNxdWFyZXNwYWNlLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALtMtUSk+rPA3WD34CC5kr7VbR49UqvMIIgK
kdQv1+QjqdUZqNpDJ/+YLLtlSum70G/frs622HQRMPGn/y/IRC3ddDMFqhr+FcVH
9IsH+8mngJ3VNCylafrpQnNfBha4fGVeb7GddaZh2rD5qv4gCFHz1d9CboFCDU3e
x496FxWfZKdjID4U+Bw/opozTC7Tjw1CyadST0tnKHv/zWxoFDlQkHy8y2mOApry
zWA3yhWlMQCY+a5yfawZbtF0AQ5D5PJ5yQH3wZOHZfvMOM9ksVE5bpbcBc7tV6Hy
LHmOztCpFp2IzaaDl/R/2q1/b2coQfMk2+pWmQnRckWcrCGilhsCAwEAAaOCAfsw
ggH3MB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRm
APzcXakFaMT3ekVb8LByufbh5jAtBgNVHREEJjAkghEqLnNxdWFyZXNwYWNlLmNv
bYIPc3F1YXJlc3BhY2UuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMu
ZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDA0oDKgMIYuaHR0cDov
L2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDBMBgNVHSAE
RTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdp
Y2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUF
BzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6
Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNl
U2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBABWu
4XiVipMPujbRBvDQA6nwNAlboe+PJ6GV5K9aISi+f3NFSnA+V3gOupOpj7WhQTB/
jQUYfANdaclcIBmdUIFF3Ft+FM7eEUKVkWV77y3AkIS1zgajqz2/jS8xTaC4L97m
dNWC+hE6oJG2XuV4kMyow1sq3f5oBM0GJbpcKOhkWKQydV/2B55zlGPA9D/IXQiZ
gr5MshOMzOhXbam1QWJ119z3qKfWfhnK40QyKX7+Jb4OywCu4Rn7veT9gYLIzYcM
3Mk3a97OkHJUcUVi41eXvnq7I6syoDtGXMlleN1lyZqSjTLF10IGfdsv0f0KXmMK
6Os3J/nvPXL0AUU1MkM=
-----END CERTIFICATE-----
subject=/C=US/ST=New York/L=New York/O=Squarespace, Inc./OU=Web Services/CN=*.squarespace.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3089 bytes and written 302 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID:
    Session-ID-ctx:
    Master-Key: 77F6DF2D41DD1176829006824827FA6FD7542B961E5BF3604764777AE33748CA6957BEBAD84DBE23759EC7599C6C38E0
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1509150760
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
^C

Now we're connecting to the server directly.  We get the certificates and the session is negotiated properly.  I could have attempted a get command to retrieve the page content at this point, but instead simply chose to end the connection, hence the break character ^C at the end.

This is a public forum with users helping other users.  It can take the Forum Team up to 7 days to reach a post on here.  I will flag this to the @ModTeam, however it's unlikely the thread will be prioritised IMHO.  (I wouldn't mind being wrong, but I like to present a worst case scenario here).

In turn the Forum Team will need to escalate this to those managing Web Safe - the problem WILL be solved, but it's not a quick fix.

On the Blacklisting aspect.

Suomispam is an email blacklist, presumably Finnish in origin (If I recall the languages section of DVD's correctly).  It's designed to stop hosts delivering mail to inbound mail servers, as such it shouldn't actually affect the Web Safe platform.  If it does, then IMHO this would be another example of bad design of Web Safe.

However I would say that your hosting company should be investigating the cause of the blacklisting and

1. Removing the cause.
2. Asking Suomispam to remove the blacklist entries.

It's necessary for them to deal with step 1 first as otherwise the IP addresses will be blacklisted again.  Looking at the actual spam entries, they are fairly fresh (Generated on 15th Oct)

My apologies for the length of the post, but as stated I wanted to gather as much evidence as possible for the Forum Team for you.

Tim

 

 

________________________________________


Only use Helpful answer if your problems been solved.

  • 9.17K
  • 304
  • 985
Forum Team
Forum Team
783 Views
Message 6 of 13
Flag for a moderator

Re: Website blocked by websafe

Thanks Tim, superb diagnostics really appreciate it. 

 

Hello davegfuller

 

Sorry this was not picked up when you emailed us, I have passed it on to the Websafe team for further investigation. We will do our best to keep you updated.

 

Thank you 

 

Nicola

Virgin Media Forum Team
0 Kudos
Reply
Highlighted
  • 5
  • 0
  • 1
davegfuller
Tuning in
753 Views
Message 7 of 13
Flag for a moderator

Re: Website blocked by websafe

Thanks Nicola, I'd really appreciate it if I could get a proper response from the websafe team as this block affects my business. Many of my customers say they cannot access my website, and as a new start up it is really important I get clicks onto my website.

I've tried Twitter to report the problem and noone seems to want to take it on. Same problem with the website host Squarespace.

Dave
0 Kudos
Reply
  • 13.78K
  • 732
  • 4.79K
Superuser
Superuser
749 Views
Message 8 of 13
Flag for a moderator

Re: Website blocked by websafe

Sadly the websafe team is not a customer facing service.  They do their work in the background.  Nicola works at second line in Swansea and if she has said it will be escalated, you can be assured it will be.  I've worked with her on a number of issues including other services affected by Websafe.

Because this is a residential service, there are sadly no tight timescales for issue resolution, although normally they do try and resolve such issues in around 7 working days.  Some issues, however can take longer.

At any rate the Forum Team themselves won't be in next until Monday at the earliest.  While there are moderators on on Sunday, they work to ensure that the Forum rules aren't broken.

Tim

 

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 9.17K
  • 304
  • 985
Forum Team
Forum Team
593 Views
Message 9 of 13
Flag for a moderator

Re: Website blocked by websafe

Thanks Tim, morning Dave

 

The site was originally blocked as it was flagged for containing/hosting Malware. We did follow up on your email/s to us but our list supplier informed us that they were still unable to verify it as clean, not sure if it was the blacklist Tim mentioned or not. We have asked them to check again, once we hear back we will update you.

 

Thank you for your patience

 

 

Nicola

Virgin Media Forum Team
0 Kudos
Reply
  • 13.78K
  • 732
  • 4.79K
Superuser
Superuser
592 Views
Message 10 of 13
Flag for a moderator

Re: Website blocked by websafe

@Nicola_C @davegfuller

It looks as if they may have done something as I've just turned Virus Safe back on and checked again.

I can now get to the site, and when I dig with Virus Safe on I get the expected results.

C:\Users\timdu_000>dig www.davefullerphotography.com

; <<>> DiG 9.10.6 <<>> www.davefullerphotography.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64935
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.davefullerphotography.com. IN      A

;; ANSWER SECTION:
www.davefullerphotography.com. 3261 IN  CNAME   ext-sq.squarespace.com.
ext-sq.squarespace.com. 2844    IN      A       198.185.159.144
ext-sq.squarespace.com. 2844    IN      A       198.185.159.145
ext-sq.squarespace.com. 2844    IN      A       198.49.23.144
ext-sq.squarespace.com. 2844    IN      A       198.49.23.145

;; Query time: 18 msec
;; SERVER: 194.168.4.100#53(194.168.4.100)
;; WHEN: Sat Nov 04 10:52:11 GMT Standard Time 2017
;; MSG SIZE  rcvd: 155

While it's working for me.  I'd hope Dave will confirm the same thing.  As for me I'm going to switch Virus Safe off again. Smiley Wink

Tim

 

________________________________________


Only use Helpful answer if your problems been solved.