# Sucuri WebSite Firewall - CloudProxy - Access Denied



## Jed1

Sucuri WebSite Firewall - CloudProxy - Access Denied

I have been getting this message since yesterday when trying to post in the a thread in the happy hour forum.
http://www.tivocommunity.com/tivo-vb/showthread.php?t=531670

I have successfully posted in other parts of the forum but seem to can not post in the happy hour forum.


----------



## Mike Lang

Odd, I'm able to see it and it has new posts today.


----------



## Jed1

Mike Lang said:


> Odd, I'm able to see it and it has new posts today.


I am posting in other threads but I can not post in that thread as I keep getting that message. The threads I have been posting in though is threads that I am subscribed to. 
I have been getting that message since yesterday.


----------



## David Bott

Is there an error code with the message? I would need that so I can contact CloudProxy and ask them what might be happening. Any info you can provide would be great.

The is not however a wide spread issue or we would have a lot of people letting us know.

Thanks


----------



## NorthAlabama

i received the message once yesterday, while attempting to upload a 38.6kb jpg as an attachment. 

since it didn't happen again immediately following, during the second attempt, i failed to report it, apologies.


----------



## David Bott

That is different from what he is reporting. In your case, Securi detected something in the JPG file it did not like as JPG's can also carry code.


----------



## NorthAlabama

David Bott said:


> That is different from what he is reporting. In your case, Securi detected something in the JPG file it did not like as JPG's can also carry code.


yeah, the issues are different.

but, with my issue, why didn't securi detect the same suspicious code 10 seconds later during the second, successful upload? the file uploaded was unchanged.


----------



## Jed1

David Bott said:


> Is there an error code with the message? I would need that so I can contact CloudProxy and ask them what might be happening. Any info you can provide would be great.
> 
> The is not however a wide spread issue or we would have a lot of people letting us know.
> 
> Thanks


Dave I did not get an error code but I did get a screen grab. I blacked out my IP address but can send it to you if you need it.
I also seem to get this on the one thread


----------



## David Bott

Not sure on the uploaded image error I am sorry to say.

Jed...The attachment was too small to read anything. At the bottom of the bullets is a error number or send a large image if you have one.

Thanks


----------



## Jed1

David Bott said:


> Not sure on the uploaded image error I am sorry to say.
> 
> Jed...The attachment was too small to read anything. At the bottom of the bullets is a error number or send a large image if you have one.
> 
> Thanks


Block ID: SQLi17
Block Reason: SQL injection was detected and blocked
Time: 13 Sept 2015 13:13:06 -0400
Server ID: cp2022

There is no error number only this data.


----------



## David Bott

It seems to think you are trying to post something that is trying to send data directly into parts of the MySQL database that it should not be. Were you quoting any post in that thread by chance?

Also you said you can not post in the Happy Hour forum, but seems you were able to that same day. So not sure what you are seeing really other than it had seen something trying to be used that should not be for some reason.


----------



## David Bott

Also that code is...

SQLi17 - SQL injection payload detected
SQL injection payload detected

We blocked an attempt to use a known payload of a SQL injection attack.

So it was surely something that was a known payload. So I would suggest checking your machine as such things can be auto inserted when doing something like posting.


----------



## Jed1

David Bott said:


> It seems to think you are trying to post something that is trying to send data directly into parts of the MySQL database that it should not be. Were you quoting any post in that thread by chance?
> 
> Also you said you can not post in the Happy Hour forum, but seems you were able to that same day. So not sure what you are seeing really other than it had seen something trying to be used that should not be for some reason.


It is just in that one thread so I just tried to post a stand alone post and also quoting a member and I got the same message.

This is the message I tried posting so this is a test to see if it is the message that is causing this.

Message would not post as it caused the same message so it may be the post I am trying to make.


----------



## Jed1

There is a link to a website to check for radio frequency interference that maybe causing the issue.

http://www.radioreference.com/


----------



## Jed1

David Bott said:


> It seems to think you are trying to post something that is trying to send data directly into parts of the MySQL database that it should not be. Were you quoting any post in that thread by chance?
> 
> Also you said you can not post in the Happy Hour forum, but seems you were able to that same day. So not sure what you are seeing really other than it had seen something trying to be used that should not be for some reason.


I just posted in that thread but it was only the link to the website I posted here. There must be something unique in how I worded the post so it kept blocking it.

I basically had instructions on how to use the site to find the RF in your county and what frequencies are in my county operating in the range he was talking about.

There was nothing unique about the post other than the link to the website. Thanks for looking into this as this is a strange issue.


----------



## lpwcomp

aaronwt said:


> All Fox owned channels are restricted on FiOS. FX, FXX, National Geographic, Fox news etc. This is intentional and has been this way since around July.
> 
> So three years ago HBO and Cinemax became restricted on FiOS. And this year Fox owned channels. The only question is who will be next to restrict their channels on FiOS.


While slightly off topic, there's also the question of which cable system{s}* will be the next to do so.

*Tried using parentheses rather than braces but Sucuri denied access.


----------



## dylanemcgregor

I've started getting messages today when posting telling me that my IP address is blocked, which I assume is because I connect via a VPN most of the time? Had been working fine until today though. Can browse the site, just can't search or post while connected to the VPN.



> Block details
> 
> URL: www.tivocommunity.com/tivo-vb/newreply.php?do=postreply&t=531878
> Your Browser: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.7) Gecko/20151012 Firefox/31.9 PaleMoon/25.7.3
> Block ID: BLACK02
> Block reason: Your IP address is listed in our blacklist and blocked from completing this request.
> Time: Thu, 05 Nov 2015 14:30:43 -0500
> Server ID: cp2022


----------



## Mike Lang

Sucuri most likely has a bank of VPN IP's they block.

The only way it would be blocked on our side is if was previously used by a spammer here specifically.


----------



## David Bott

dylanemcgregor said:


> I've started getting messages today when posting telling me that my IP address is blocked, which I assume is because I connect via a VPN most of the time? Had been working fine until today though. Can browse the site, just can't search or post while connected to the VPN.


Just so you know, we do not control the IP blacklist as Sucuri does this all internally. Not sure if you get the same VPN IP each time or if you are using a shared IP server where multi people could be on the same IP. But if it just started then it sounds like you may have gotten an IP used for bad things.

(My I have two VPN's for example. One I run and the other I use a service for. The service one will give me a random IP from the bank they have and thus I also could get a bad IP.)


----------



## dylanemcgregor

David Bott said:


> Just so you know, we do not control the IP blacklist as Sucuri does this all internally. Not sure if you get the same VPN IP each time or if you are using a shared IP server where multi people could be on the same IP. But if it just started then it sounds like you may have gotten an IP used for bad things.
> 
> (My I have two VPN's for example. One I run and the other I use a service for. The service one will give me a random IP from the bank they have and thus I also could get a bad IP.)


It's a shared service. I seem to get the same IP each time I connect to my local server though.

Edit:Nevermind, just reconnected and did not get the same IP address this time, and this one does not seem to be blocked.


----------



## ellinj

In frankfurt this week, apparently TCF has a grudge against Germans.

Block details
Your IP: Loading...
URL: http://www.tivocommunity.com/tivo-vb/usercp.php?
Your Browser: Loading...
Block ID: GEO02
Block reason: Access from your Country was disabled by the site administrator.
Time: Loading...
Server ID: cp2022


----------



## David Bott

Well seeing that 1/2 of the attacks were coming from that country, which does not use TiVo's, yup, it was blocked.


----------

