Site blocked at work?

[Badger]

I've been a member since 2006 and never had an issue. About 3 weeks ago, my access to TMC Has been blocked both at the office and through the VPN. Error says:

Threat type: othermalware

Threat reason: IP address is either verified as a bot or has a misconfigured DNS

Am I done for good?

[Slayer]

My office has blocked the site for nearly a year now. Thankfully, we have smart phones.

[Bill_AirJunky]

When your IT guy sees a lot of traffic coming from any one site in particular, then they can blacklist it. That would effect it inside the network & over the VPN.

[boardjnky4]

Sounds like the site's reputation score has gone down and caused proxy to block it based on some threshold. If the site is on shared hosting, there could be another site on the same ip hosting malware and since we're on that host, we get flagged as well. I'll look into a few things tomorrow and see if I can see what vendors are flagging the site and why. Chances are it might be a false positive and it'll work itself out in a few days.

Edited August 27, 2014 by boardjnky4

[wakebrdr94]

or they just see too many people "wasting time" on TMC vs working. But then again, if they visited the site, they would see it is time well spent

[Baddog]

It's educational. What? Thye don't want us to learn stuff in our jobs?

[Badger]

I guarantee it's not too much traffic, or sites like ESPN would have been gone a long time ago.

[footndale]

Probably using Cisco web security. Mine was banned a few weeks ago.

[boardjnky4]

or they just see too many people "wasting time" on TMC vs working. But then again, if they visited the site, they would see it is time well spent

I'd be inclined to agree, except that the error code being spit out is specific to being malware related, which makes me think it's a signature update.

[boardjnky4]

Tis indeed a Cisco Web Security Appliance. Here is the reputation information:

Note the blocklist at the bottom is where Cisco's intelligence is coming from. On that site, I found the following, related to the IP address this site is hosted on.

IP Address 104.28.16.72 is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.

It was last detected at 2014-08-18 20:00 GMT (+/- 30 minutes), approximately 8 days, 17 hours ago.

So yeah, either this site is infected, or a different site is infected and is sending crap. Site admins should probably contact CloudFlare.

Edited August 27, 2014 by boardjnky4

[boardjnky4]

OK, I found the compromised site on the shared hosting. It's NOT themalibucrew.com and it does appear to have since been fixed. The bad site is/was alshahidalmustakel.tv.

I put a request in with the blocklist to have the IPs removed. That might take some time to propagate down to Cisco and to your company's appliance, so try to be patient.

Edited August 27, 2014 by boardjnky4

[WakeGirl]

Thank you boardnky4 for the assist.

[WakingMeHappy]

Blocking TMC at work is wrong. You should file a discrimination complaint. If that does work then resign.

[boardjnky4]

Fixed!

[Badger]

You're a miracle worker! I just posted this from my desk at work!

Hello TMC at work again!

Goodbye productivity! (To any IT guys secretly spying on me at work: Just kidding!)

Seriously, boardjnky4, whoever you really are, thank you very much for doing this. I don't understand any of the stuff you had to do, but I appreciate you making my lunchtime reading much more enjoyable!

I owe you one!

[mkpursehouse]

Great work boardjnky4, I'm back online also. Greatly appreciated, although work may not be so happy about it. Thanks

[Pnwrider]

This thread makes me lolz. Heaven forbid anyone be reduced to viewing this site on their smartphone at work like I'm doing right now! This is really just me being jealous that you spend all day here rather than actually working.

[boardjnky4]

haha no problem guys. I work in Computer and Network Security, welcome to my little slice of the world.

[Slayer]

I'll have to try this now.

[Nitrousbird]

Free fix would be to simply setup a VPN on your home PC and VPN into that. I pay for a VPN/Proxy service so I typically just use that instead of my home PC but I've done both.