[s]URL: http://forums.mozillazine.org/index.php

Cluster: Frankfurt[/s]

RESOLVED!

DesuStrike and I have discussed the philosophical approach that cryptostorm takes to these blacklisting issues, which (as I understand it) is an approach that is dissimilar to that common nowadays in the "VPN industry."

As we've discussed elsewhere, our provisioning model doesn't rely on a constantly-churning sea of disposable, low-capacity VPS "servers" with temporary IP addresses assigned to them. Rather, we lease dedicated hardware for hosting facilities we (generally) know and have experienced previously as customers over the years we've been providing secure network service. Those machines generally have a handful (less than a dozen) of long-term-assigned IPs mapped to them (nobody actually "owns" IP addresses, apart from companies grandfathered in with their own C-class allocations back in the old days... and even those are, in theory, assignments that can be revoked by IANA/RIPE) which stay stable over the years.

We don't churn IPs, we don't "burn" IPs, and we don't rely on a big sea of IP addresses as a lazy-assed (and functionally ineffective) stand-in for a real security model, threat vector response framework, and cryptographic foundations. Sometimes our IPs do change, if we outgrow a given colo or migrate amoungst hardware instances within a given facility, and so on - but it's the exception, not the rule.

When one of our public-facing IPs (there's far more in use for non-visible testing/administration tasks than those seen by connecting clients: redundancy, daemon isolation, sysadmin interfaces, and NIC fallback provisioning, for example - in addition to virtualised networking 'pipes' when we deploy VM-based components) gets blacklisted somewhere, we contact that resource and let them know what's going on. In six years or more of following this procedure, I know of no legitimate sites that have refused to remove the blacklist (a few garbage, bottom-feeding sites - such as one whose initials sound alot like 'ED' - routinely blacklist network security services, for two primary reasons: one, they aggressively advertise low-quality "VPN services" to trick site visitors into generating affiliate revenue for them via hidden clickthrough tracking programs - "affiliate ID017," for example; two, they've been caught blackmailing site visitors with threats to expose them to public ridicule if they' don't pay money or provide other no-cost loot to the admins... this of course won't work if someone's using a real network security service, like cryptostorm or Tor, so they block those). As it's a small world out there, we often as not know someone who knows someone who knows an admin or developer at the website in question - who can then 'vouch' for cryptostorm's legitimacy.

It's sort of a throwback to the old-fashioned era of "netiquette" said in a genuine, non-ironic fashion. And it works.

Occasionally, we'll find an IP blacklisted somewhere because a previous "tenant" of that IP - before it was assigned to us - was using it in a shoddy way. That's not common, but it does happen occasionally. Again, we've had near-complete success in resolving those via simple personal communications with the admins who maintain such blacklists.

Contrariwise, here in the forum we also have a "blacklist" of known-spambot IP addresses - on rare occasions, that blacklist somehow overlaps legitimate IP-space. When that happens, we remove the block on that IP (or /24, or /16, or whatever). Simple as that. Indeed, this sort of thing goes on "behind the scenes" of well-run web resources on a daily, or even hourly, basis around the world... and has been going on or decades. It's not very glamorous, but it's part of running things well and ensuring the widest possible access to public web resources. It's what sysadmins do that's neither complex nor likely to win awards and promotions - but is nevertheless a core part of our professional role, often as not. Like I said, a bit old-school...

Anyway, if you find yourself blocked from somewhere whilst using cryptostorm, please do post a quick note here. We'll get 'round to contacting them, sooner or later. Some resources block all "anonymising" tools as a class - to "prevent fraud," or so they claim. We don't even bother trying to work with those idiots. A prime, festering example of this is a shit-assed pathetic "anti-fraud" service called MaxMind. Don't get me started...

(note that any skiddie can easily enough root a box somewhere, or just lease a little corner of a botnet, and redirect malicious traffic through "genuine" residential IPs with a few mouse-clicks and a small fraction of a bitcoin - so banning Tor and cryptostorm and other real security services to "prevent fraud" is useless security theatre designed to appeal to dumb website "managers" who have no technical skills, no experience, and no personal capability to ask someone who does and follow their advice judiciously)

I've also been interested, over the years, in providing community-available tools to help resolve inadvertent blacklist inclusions without bottlenecking on staff time availability. At the simplest level, posting a "form letter" here that members can email to blacklist-maintaining sites is a good start. From there, a dedicated email address for blacklist-related correspondence, manned by tech ops, makes sense. And a page on cryptostorm.is &/or a thread here explaining our service, our IP philosophy, our view on blanket blacklisting of network security tools, and the process for contacting cryptostorm staff in the event further discussions is required - this will be useful, I think.

We see IP management as a form of topological hygiene: ensuring our IP-space is well-run, well-managed, and well-resourced is a part of being a professional team and of being constructive members of the internet community overall. And, yeah, we're just old enough - as a team and as individuals - to still think of "the internet community" as something that matters, and exists as a class of social obligations & reciprocal dependencies.

tl;dr is "report 'em here!"

PJ, you amaze me with your posts. We are glad to have you on our side that we can always count on.

[s]

• Site: http://www.gbatemp.net
• Node: Montreal - 70.38.46.226

Looks like they have a policy of blocking all known VPNs and TOR, which is pretty dumb.[/s]

UNSOLVABLE!


EDIT by DesuStrike: It is indeed blocked on all CryptoStorm-IPs I can use.
They also explicitly state that there will be no exceptions for VPNs ever. What sort of honeypot-like attitude is that?! Their loss...

Does this one count? "You've Been Blacklisted from VideoSift", Rick Astley performing marvels of choreography all over the page. And I don't remember ever visiting this website before.

URL: http://videosift.com
Node: Montreal (70.38.46.226)


{Yes, of course this counts! We can't fix geo restriction but this is an obvious banned IP issue that can be resolved by talking.} ~DesuStrike

I just tried http://www.gbatemp.net/ and http://www.videosift.com/ and they seem to load up for me.
I am connected to the Iceland node.

Either both have been resolved, or it's one of my Firefox addons that is allowing me access. (Change Referer, Dephormation, Secret Agent, FireGloves). I will try disabling them and come back here with an edit...

EDIT: Both sites loaded up with no addons enabled. Not sure what to make of this... lol

marzametal wrote:I just tried http://www.gbatemp.net/ and http://www.videosift.com/ and they seem to load up for me.

This is simply due to the fact that they didn't catch up with our latest IPs.
They will eventually as both AFAIK both are blockheads about this issue.

Okay, VideoSift seems to work now, which cannot be said of GBAtemp (Montreal; 198.50.119.171).

GBAtemp wrote:NOTE: we will NOT unban your particular VPN/proxy/TOR/hosting IP address. Please do not contact us for exceptions.

What a tards.

BTW, this isn't really relevant to the topic, but I think I should mention it: at least one what-is-my-IP website (namely, http://whatismyipaddress.com/) reports "198.50.119.171" as being located in Toulouse, France. That's kinda weird.

ruv.is thinks that my connection is not from iceland when watching RÚV video streams.

Go here: http://www.ruv.is/sarpurinn/vikingarnir ... he-vikings

Underneath the video window it says: "Vegna réttindamála eru upptökur af aðkeyptu sjónvarpsefni á ruv.is í sumum tilfellum aðeins aðgengilegar notendum á Íslandi" Which means "Due to licensing, the TV recordings are ruv.is in some cases only available to users in Iceland."

I'm coming from link701-1g.ipv4.reykjavik1.backbone.is (79.134.237.2)

Google Maps is blocking connections from Emerald stating that it is receiving automated requests from this IP.

So.... Hulu is out

http://www.hulu.com
Exit Node: Chili & Emerald

It worked just fine, at least for me, since January, today I went to check a new TV Series from Hulu and it blocked me

Check the "black message" here:

I just tried the hulu URL, and it didn't work either. Then I checked my traffic connections log and noticed it is an Akamai-based site. So I temporarily disabled my Akamai rule, reloaded and it worked. I haven't got Flash installed, so I couldn't get past the "watch an episode" section.

The node I am using is Chili.

marzametal wrote:I just tried the hulu URL, and it didn't work either. Then I checked my traffic connections log and noticed it is an Akamai-based site. So I temporarily disabled my Akamai rule, reloaded and it worked. I haven't got Flash installed, so I couldn't get past the "watch an episode" section.

The node I am using is Chili.

Yeah that's the problem it only blocks the java.... and shows the message, the rest of the site still thinks i'm in USA

seekingalpaha.com

Get
You don't have permission to access "http://seekingalpha.com/" on this server.

Only occurs on maple

URL: https://forums.comodo.com/

Node: Montreal (198.27.76.1)

Sorry Guest, you are banned from using this forum!
Spamming or Suspected Spamming...
This ban is not set to expire.

Was fine until today.

My paypal experience

It's perhaps a year ago, I had the bad idea to buy sth in a online store and to pay with Paypal (PP) being connected on some cryptostorm exit node. It doesn't matter which one it was. I did the payment and after that my paypal account was blocked. It was a real hassle to get my account working again!

I called some PP manager in Luxembourg because I wanted to know how to avoid the problem in the future. PP asked me to sent copy of my passport, a recent bank account paper and all the scanned papers I sent was not enough, not good, not as if PP wanted them to be. *sigh*

I told the PP manager that I was connected on a VPN for security reasons and that a) this was no reason to block my account, and b) it could happen that I buy and pay sth. being on a voyage or in vacations in another country as my home adress.

PP manager told me that normally I only should use my PP account with my computer "at home" and nothing else.

I told him that the internet exists since 20 years and the interest of the internet is exactly that we can connect to our things wherever we are in the world. It is stupid to be able to use our accounts only "at home".

Nothing could be done, I spoked with a wall, PP stayed on their "rules": "Sometimes it could work, sometimes not", told the manager to me.
It's an algorithm who decides whether or not to block an account. It's to protect the customers.

So I think that CS will not be able to change the "rules" of a company like PP, but I wanted to share this experience with you.

Did you make a similar one ?

Site: https://premium.wpmudev.org/
Node: Frankfurt

Image:

Snapchat Android App

Canada Node (198.27.76.1)

I can't send a paypal phishing mail to [email protected], I'm connected to the Frankfurt node. I replaced my mail address with dots.
After the break is the return mail.:
----------------------------------------------------------------------------------

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"[email protected]":
SMTP error from remote server in greeting:
host: lore.ebay.com:
lore.ebay.com
BLACKLIST


--- The header of the original message is following. ---

Received: from [10.44.0.2] ([46.165.222.245]) by mrelayeu.kundenserver.de
(mreue101) with ESMTPSA (Nemesis) id 0MGiFl-1Z2DSa2RSD-00DTTl for
<[email protected]>; Mon, 04 May 2015 20:48:49 +0200
Message-ID: <[email protected]>
Date: Mon, 04 May 2015 20:48:11 +0200
From: Frederik <[email protected]>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: [email protected]
Subject: Fwd: Ihr Paypal-Konto wurde gesperrt ! Ihr Handeln ist erforderlich
References: <[email protected]>
In-Reply-To: <[email protected]>
X-Forwarded-Message-Id: <[email protected]>
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:Wb0RI1Au49Kxn6tseg0yQdjVerP1anbetn+7y712nSYvZFsXpCV
WJEzRKBQKeV8HzYRCTLmnPlsT2G53RJl9cFZ+uDPbtSfB/APz2TkHR5jhTuxalYebYs3pCV
pK9hPpo784KcA4XYxPcCxVjVtKCh8s+NW/+NfAl65W3HCyLhcIFGcjXpXDiAXNgm64CbAv7
nLOWGy/dk5Qg/CLN5ON1g==
X-UI-Out-Filterresults: junk:10;

http://www.sysprofile.de/
when using St.Petersburg node 91.214.70.207
I get a 403 message:

"Forbidden

You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache Server at www.sysprofile.de Port 80"

The Frankfurt node is blocked on Twitch:
"You have been blocked from using Twitch. Please visit the Support Center for more information on why you may have been banned."

DudeOfLondon wrote:The Frankfurt node is blocked on Twitch:
"You have been blocked from using Twitch. Please visit the Support Center for more information on why you may have been banned."

Same for London, 130.180.201.118. I've contacted twitch support; no (non-automated) response yet.

I am not sure if this is a false positive...

https://safelinking.net

I've tried the above, plus other specific URLs found on other forums, such as "
https://safelinking.net/QtY3ogf". It times out on my side without any website feedback, no errors, or 404s etc... just stops. I have tried to browse these links in both IE and FF, both with and without addons/extensions. I have also tried this in FF with a new profile via "firefox -p" but still nothing. This has been performed on CS Germany, Russia and France (cannot remember which exit node).

I got blocked:

My IP: 46.165.222.245
My UA: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Where I was blocked: http://www.m-forum.de/forum/showthread. ... to=newpost
PRES-Sig: 201508201641

Blocked by http://www.bot-trap.de

Seattle US west node:76.164.234.13
blocked by HULU:

"Based on your IP address, we noticed you are trying to access Hulu through an anonymous proxy tool. Hulu is not currently available outside the U.S. If you're in the U.S., you'll need to disable your anonymizer to access videos on Hulu.

If you think you're receiving this message in error, please submit this form."

marzametal wrote:I am not sure if this is a false positive...

https://safelinking.net

I've tried the above, plus other specific URLs found on other forums, such as "
https://safelinking.net/QtY3ogf". It times out on my side without any website feedback, no errors, or 404s etc... just stops. I have tried to browse these links in both IE and FF, both with and without addons/extensions. I have also tried this in FF with a new profile via "firefox -p" but still nothing. This has been performed on CS Germany, Russia and France (cannot remember which exit node).

Was a false positive... as confirmed by staff on chat...
Turns out safelinking is similar to mega, in that it requires dom.storage access.

When using Cryptostorm, a download from share-online(.)biz isn't possible.
Waiting for the captcha to be verified works, and after that the 2nd countdown works too, but when the actual download starts, it times-out while connecting to their servers.

DudeOfLondon wrote:The Frankfurt node is blocked on Twitch:
"You have been blocked from using Twitch. Please visit the Support Center for more information on why you may have been banned."

This ban is still active on the frankfurt node. Has someone from cs contacted twitch about this?

Yes Twitch is still blocked.

----

I also can't use Snapchat via Blustacks. They state, that I couldn't logged in because they detected a VPN an suspicious activities.

Whoer.et is showing Italy as being blacklisted for spam.

If I try to report a phishing mail to Paypal to their [email protected] (via forwarding it), it doesn't get delivered.
I can only send it without Crypostorm IP, using my real ISP IP.)

[EDIT: weird, normally it works with the real IP, but now even that failed too.]

This is the return message:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address(es)
failed:

[email protected]:
SMTP error from remote server for GREETING command, host: mx2.paypalcorp.com (173.224.161.141) reason: 554-mx2.paypalcorp.com
554 Your access to this mail system has been rejected due to the sending M
TA's poor reputation. If you believe that this failure is in error, pl
ease contact the intended recipient via alternate means.

GA2.com (Game Key Store) also blocks all German exit nodes.

No surprise for this one:

Netflix.com (Also Windows Store App using Windows 10)
Hulu.com
Frankfurt UDP 443

There were others and I'll post them again when I find them.

paypalsucks.com

Netflix.com seems to work now on this IP: 10.44.69.250.
Frankfurt UDP 443

Unable to access
https://www.whatismyip.com/ as per the below message


Also wiki.debian.org is replying with 403 - Forbidden

Happening on linux-usnorth.cryptostorm.net (public ip 173.234.56.116)

Block on: https://www.change.org/
Node: USNORTH
IP: 173.234.56.116

Netflix is blocked on standard - US East and US South.

p4y4m3 wrote:Block on: https://www.change.org/
Node: USNORTH
IP: 173.234.56.116

same domain
node: US East
ip: 173.234.159.237

hyret33 wrote:

p4y4m3 wrote:Block on: https://www.change.org/
Node: USNORTH
IP: 173.234.56.116

same domain
node: US East
ip: 173.234.159.237

Same on US South:
Ip: 108.62.19.132

What happened?
The owner of this website (http://www.change.org) has banned the autonomous system number (ASN) your IP address is in (15003) from accessing this website.