Omnimaga

Omnimaga => Site Feedback and Questions => Topic started by: flyingfisch on October 30, 2012, 06:40:45 pm

Title: Project to stop attacks page
Post by: flyingfisch on October 30, 2012, 06:40:45 pm
Why do I keep getting this when I try to access omni?

(http://img.removedfromgame.com/imgs/1-screen.png)
http://img.removedfromgame.com/imgs/1-screen.png
Title: Re: Project to stop attacks page
Post by: DJ Omnimaga on October 30, 2012, 06:45:17 pm
This means you are a spambot. :P

Other than that it can mean:

-Your dynamic IP address was used by a spambot within the last few years, causing it to be blacklisted.
-Or computers using that IP before you got infected by viruses that spams other sites without the computer owner conscent
-Or you're infected (or previously was).
Title: Re: Project to stop attacks page
Post by: flyingfisch on October 30, 2012, 06:47:06 pm
Huh, well it only just started happening and i have been using linux since 2yr ago, so i dont think i am infected.

how do i get off the blacklist?
Title: Re: Project to stop attacks page
Post by: DJ Omnimaga on October 30, 2012, 07:08:09 pm
Hmm strange then. I'm unsure how you get off the black list. But again it could be that you just got infected by something. Have you visited any suspicious site or downloaded stuff recently?

Also it could be someone else's computer or mobile device in your home.
Title: Re: Project to stop attacks page
Post by: Rhombicuboctahedron on October 30, 2012, 07:43:17 pm
Have you been getting that often?
I got for one day a few weeks ago, but it happened since.
Plus i was at my school when that happened
Title: Re: Project to stop attacks page
Post by: willrandship on October 30, 2012, 07:44:53 pm
maybe try clearing your cache. It might be that your computer passed the check but keeps running into it due to cache problems. Maybe.
Title: Re: Project to stop attacks page
Post by: flyingfisch on October 30, 2012, 07:48:17 pm
Hmm strange then. I'm unsure how you get off the black list. But again it could be that you just got infected by something. Have you visited any suspicious site or downloaded stuff recently?

Also it could be someone else's computer or mobile device in your home.

Nobody in my home, i dont think. Also, the only suspicious thing i downloaded was TWFNG. :P

Have you been getting that often?
I got for one day a few weeks ago, but it happened since.
Plus i was at my school when that happened

Just since today...


maybe try clearing your cache. It might be that your computer passed the check but keeps running into it due to cache problems. Maybe.

will try that...
Title: Re: Project to stop attacks page
Post by: helder7 on October 30, 2012, 07:51:21 pm
This is the cloudflare anti bots page.

How does CloudFlare know which IPs to challenge?
"CloudFlare knows which visitors to challenge (also referred to as suspicious visitors) based on a variety of data sources. Specifically, CloudFlare leverages threat data from Project Honey Pot and a variety of other third-party sources to identify online threats. In addition, CloudFlare uses the collective intelligence of the websites on its system to identify new threats that arise. So if a new threat is identified on one site, CloudFlare can automatically protect the rest of the CloudFlare community. The types of threats that CloudFlare identifies is broad and includes email harvesting, SQL injection, cross-site scripting, comment spam, credential hacking, denial of service attacks and so on."

Source: http://7jd.ld.sl.pt
Title: Re: Project to stop attacks page
Post by: DJ Omnimaga on October 30, 2012, 07:52:25 pm
Ah ok I meant suspicious stuff as in what you generally find on torrents, not limited to adult material :P. Lots of softwares there hide viruses and stuff.
Title: Re: Project to stop attacks page
Post by: Netham45 on November 01, 2012, 12:06:07 am
Only thing I can see out of the ordinary with your requests is that you don't have a User Agent set, which very well could be setting Cloudflare off.

(http://i.imgur.com/XehZD.png)

You have no flags on any honeypot I can see, and nothing else seems to be abnormal about it.
Title: Re: Project to stop attacks page
Post by: DJ Omnimaga on November 01, 2012, 12:12:04 am
What is an user agent? Can this be disabled in CloudFlare without allowing too many bots in?
Title: Re: Project to stop attacks page
Post by: JosJuice on November 01, 2012, 04:22:38 am
What is an user agent?
A user agent is a string that the browser sends when requesting a page. It contains some basic info about the system, but you could fake it if you want to. For instance, mine currently looks like this:
Mozilla/5.0 (Windows NT 5.1; rv:16.0) Gecko/20100101 Firefox/16.0
Which means that I'm using Windows XP and Firefox 16.
Title: Re: Project to stop attacks page
Post by: Netham45 on November 01, 2012, 04:26:44 am
What is an user agent? Can this be disabled in CloudFlare without allowing too many bots in?

I can't disable useragent checking without disabling other protections.
Title: Re: Project to stop attacks page
Post by: DJ Omnimaga on November 01, 2012, 04:27:50 am
Ok thanks. What about exempting specific members (I assume by clicking +TRUST)? We all know that Flyingfisch is a legit user and was not hacked. :P
Title: Re: Project to stop attacks page
Post by: Netham45 on November 01, 2012, 04:29:09 am
I can, yea, but I'd like to figure out what's triggering it for him before I whitelist him.
Title: Re: Project to stop attacks page
Post by: DJ Omnimaga on November 01, 2012, 04:35:48 am
Something I think is that Flyingfisch computer and maybe even mobile devices are perfectly clean. However, somebody else in his house, such as his mom/dad/bro/sis/etc has an infected computer connected to the Internet. Parents and other family members are not always the most tech-savy people in the world (eg last year when my bro used my entire monthly bandwidth in one week due to forgetting to close torrents he finished downloading, and those torrents were seeding at over 100 KB/sec 24/7)
Title: Re: Project to stop attacks page
Post by: Netham45 on November 01, 2012, 04:37:03 am
Something I think is that Flyingfisch computer and maybe even mobile devices are perfectly clean. However, somebody else in his house, such as his mom/dad/bro/sis/etc has an infected computer connected to the Internet. Parents and other family members are not always the most tech-savy people in the world (eg last year when my bro used my entire monthly bandwidth in one week due to forgetting to close torrents he finished downloading, and those torrents were seeding at over 100 KB/sec 24/7)

I don't think that's what it is, Cloudflare has specific messages if it's flagging someone for viruses or spam e-mails. I'm really not sure what it is, the only thing I can think of is his useragent.
Title: Re: Project to stop attacks page
Post by: aeTIos on November 01, 2012, 08:11:54 am
[offtopic] Wow an epic 3 posts of netham on one day[/offtopic]
Also flyingfisch, this sucks D:
Title: Re: Project to stop attacks page
Post by: AngelFish on November 01, 2012, 01:47:09 pm
Huh, well it only just started happening and i have been using linux since 2yr ago, so i dont think i am infected.

how do i get off the blacklist?

This is a result of the cloudflare service we use to distribute omni. That said, you don't have a dynamic IP (hehe, mod powers...), so it's probably the user agent thing Netham mentioned.
Title: Re: Project to stop attacks page
Post by: flyingfisch on November 02, 2012, 03:55:21 pm
What is a useragent?

Also, this seems to be happening to me about once a day....

EDIT:
Great. Just got 2 in a row. :(
Title: Re: Project to stop attacks page
Post by: Eeems on November 02, 2012, 04:14:23 pm
"In computing, a user agent is software (a software agent) that is acting on behalf of a user. For example, an email reader is a Mail User Agent, and in the Session Initiation Protocol (SIP), the term user agent refers to both end points of a communications session."
http://en.wikipedia.org/wiki/User_agent
In the case of a browser, the user agent string is an string that identifies what user agent is accessing the site.
Title: Re: Project to stop attacks page
Post by: flyingfisch on November 02, 2012, 04:15:18 pm
Is there any way to change it or prevent it from giving me this page?

EDIT:

3 in a row. Tic-tac-toe, anyone?

What's going on here?

Title: Re: Project to stop attacks page
Post by: Eeems on November 02, 2012, 04:18:09 pm
Netham, geekboy or I could add you to the exceptions, but we need to figure out why you are getting this so often before we decide to actually do that. Could you check if your useragent is the default for your browser?
Title: Re: Project to stop attacks page
Post by: flyingfisch on November 02, 2012, 04:21:33 pm
well, according to about:config, I everything is default and I do not have an override set...

EDIT:

And according to this (http://whatsmyuseragent.com/), my useragent is: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:16.0) Gecko/20100101 Firefox/16.0

EDIT2:

4 times now.
Title: Re: Project to stop attacks page
Post by: Eeems on November 02, 2012, 04:34:14 pm
Hmm, your user agent looks good to me. I wonder if it is the ip or your provider that is causing the mistrust in cloudflare
Title: Re: Project to stop attacks page
Post by: DJ Omnimaga on November 02, 2012, 04:35:30 pm
If it's the IP, then could it just be somebody else at his home?
Title: Re: Project to stop attacks page
Post by: Eeems on November 02, 2012, 04:37:58 pm
It could be, or a virus on one of the computers, or someone in the past who used that ip address.
Title: Re: Project to stop attacks page
Post by: flyingfisch on November 02, 2012, 05:01:56 pm
I doubt its anyone in my home, because my dad doesn't do torrents, and my mom only checks her emails. We have one mobile device but it uses mobile internet, not wifi.
Title: Re: Project to stop attacks page
Post by: DJ Omnimaga on November 02, 2012, 05:08:15 pm
How much litterate are they about computer security though? Because there are people who are so dumb about computers (no offense to them, everyone gotta start somewhere and technology isn't everyone's cup of tea) that they'll click any link in their e-mail or they'll go anywhere on the Internet without bothering to make sure if it might be an unsafe site. I know myself that back in 2008-09 every month or two I had to help my bro get rid of viruses because he was using IE6 to go online and did not want to switch.
Title: Re: Project to stop attacks page
Post by: Netham45 on November 02, 2012, 05:19:42 pm
I added an exempt for your IP, since I can't see any reason for it to be blocking you.
Title: Re: Project to stop attacks page
Post by: flyingfisch on November 02, 2012, 05:20:58 pm
How much litterate are they about computer security though? Because there are people who are so dumb about computers (no offense to them, everyone gotta start somewhere and technology isn't everyone's cup of tea) that they'll click any link in their e-mail or they'll go anywhere on the Internet without bothering to make sure if it might be an unsafe site. I know myself that back in 2008-09 every month or two I had to help my bro get rid of viruses because he was using IE6 to go online and did not want to switch.

Oh, no none of that. My dad's pretty tech-savvy and my mom uses linux and FF16. Also, my dad has always been telling us not to click links in emails. We all have adblock. I really don't know where any viruses could have crept in.
Title: Re: Project to stop attacks page
Post by: Eeems on November 02, 2012, 05:27:31 pm
*Fx16 ;P
http://www.mozilla.org/en-US/firefox/releases/1.5.html
Search for abbreviation and you'll see why.
Title: Re: Project to stop attacks page
Post by: flyingfisch on November 02, 2012, 05:37:38 pm
*Fx16 ;P
http://www.mozilla.org/en-US/firefox/releases/1.5.html
Search for abbreviation and you'll see why.

Yeah, I know, but it seems so weird...
Title: Re: Project to stop attacks page
Post by: willrandship on November 02, 2012, 05:39:58 pm
Final Fantasy came first. It earned it. 1987 vs Netscape's 1994, and the firefox name didn't even come around until 2004.

Title: Re: Project to stop attacks page
Post by: Eeems on November 02, 2012, 05:55:30 pm
That and Firefox is one word, so FirefoX :P
Title: Re: Project to stop attacks page
Post by: flyingfisch on November 02, 2012, 05:59:32 pm
OK, OK, i give up.

My mom uses Fx16. Happy? :D
Title: Re: Project to stop attacks page
Post by: Eeems on November 02, 2012, 06:11:43 pm
hehe, yes :P
Title: Re: Project to stop attacks page
Post by: DJ Omnimaga on November 02, 2012, 06:18:42 pm
Is Final Fantasy and other stuff with the FF acronym the reason why Firefox kinda breaks the rules regarding acronyms? Normally people use the first letter of each syllabs or each word, like Firefox, although I did see other things where rules were broken too, such as using the first entire syllab of the first word and the last syllab of the second word so it kinda creates something nice to pronounce.

The fact that most acronyms goes with the first letter of each syllab is probably why most people say FF instead of Fx :P
Title: Re: Project to stop attacks page
Post by: Eeems on November 02, 2012, 06:21:49 pm
If Firefox wanted to follow the first letter of each word rule the abbreviation would be F. Firefox is one word :P
Title: Re: Project to stop attacks page
Post by: flyingfisch on November 02, 2012, 06:35:47 pm
If Firefox wanted to follow the first letter of each word rule the abbreviation would be F. Firefox is one word :P

Yeah, except F16 is fedora.

Have I been cleared so I won't get these messages yet?
Title: Re: Project to stop attacks page
Post by: Netham45 on November 02, 2012, 06:36:49 pm
If Firefox wanted to follow the first letter of each word rule the abbreviation would be F. Firefox is one word :P

Yeah, except F16 is fedora.

Have I been cleared so I won't get these messages yet?

I whitelisted your IP earlier.
Title: Re: Project to stop attacks page
Post by: flyingfisch on November 02, 2012, 06:43:13 pm
OK, cool. :)