Home server blocked by filter - what can I do?

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
jensend7
New Member
Posts: 10
Joined: Sun Sep 30, 2012 9:02 pm

Home server blocked by filter - what can I do?

Postby jensend7 » Sun Jul 08, 2018 3:55 pm

I'm a ward choir director, and I wanted to make recordings, sheet music, etc available to choir members on the web (nobody wants to deal with physical copies of things anymore, sadly). I don't have my own domain name or any nice hosting setup, so I used a freedns subdomain to point people to a home server.

But with recent filter changes, no one can access my page from the meetinghouse and it gives a rather stern blocked url message. Maybe some other subdomain on the same domain name has problematic content? But there's absolutely no link between my subdomain and any other. Maybe the filter is a whitelist and only allows pages it knows how to classify, but then no one can create new webpages and have them accessible, one can only put content on others' established sites.

How can I get this unblocked?

Are we really headed for a future where the only accessible web pages are ones run by a handful of large companies because nobody wants to risk allowing links to sites they don't know?

russellhltn
Community Administrator
Posts: 24760
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Home server blocked by filter - what can I do?

Postby russellhltn » Sun Jul 08, 2018 5:42 pm

The church relies on a commercial filtering system. It may be Websense, now called Forcepoint.

I'd suggest researching what it takes to get your website classified. By in large, I think most individuals use something like Dropbox , gdrive, Onedrive, etc. You may want to check if any of them are accessible via though the meetinghouse WiFi.

The idea of the church allowing access to all unclassified/unranked websites is a non-starter.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

jensend7
New Member
Posts: 10
Joined: Sun Sep 30, 2012 9:02 pm

Re: Home server blocked by filter - what can I do?

Postby jensend7 » Thu Jul 12, 2018 11:38 am

Dropbox, google drive, etc will host a file but not a website. Having a simple handcoded page for each song and using the <audio> element allows people to choose an individual part (SATB etc) to listen to while looking at lyrics &c.

I'm quite certain people were able to access my page from church wifi just a few weeks ago, so I struggle to understand why it's a non-starter now.

russellhltn
Community Administrator
Posts: 24760
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Home server blocked by filter - what can I do?

Postby russellhltn » Thu Jul 12, 2018 2:40 pm

jensend7 wrote:I'm quite certain people were able to access my page from church wifi just a few weeks ago, so I struggle to understand why it's a non-starter now.

Allowing access to unclassified sites is an enormous loophole. For example, a home computer could be used as a way to bypass church filters entirely. So, in addition to blocking unclassified, it's quite possible that all IPs known to belong to "home" systems are blocked.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

bartj
Church Employee
Church Employee
Posts: 34
Joined: Thu Mar 19, 2015 3:00 pm

Re: Home server blocked by filter - what can I do?

Postby bartj » Mon Jul 23, 2018 8:28 pm

There are probably two things you can consider doing:

1 - Get your domain categorized differently so it is not blocked as was previously suggested. In the blocked message you should have received information about the category your content has been associated with that is being blocked. Too be honest, I don't know what it takes to get a domain re-categorized, so you'll have to research that yourself.

2 - If you feel this is important, you can contact your Stake Technology Specialist and ask him/her to request the church open your domain using the feedback tool in Technology Manager. There is no guarantee your request will be approved, but it is an option.

jensend7
New Member
Posts: 10
Joined: Sun Sep 30, 2012 9:02 pm

Re: Home server blocked by filter - what can I do?

Postby jensend7 » Sat Jul 28, 2018 10:13 am

Here's the warning in question: https://drive.google.com/open?id=15MqrJK70Co5p5ctVcVHL9U606dm_NVWS. The actual url people are trying to visit is the rot13 of srneyrff.gjvyvtugcnenqbk.pbz/choyvp_jjj/lfn259/pubve/ - I know it's silly to do that but these forum pages get indexed by Google &c and I'd rather not have my home server end up more visible to the wider 'net.

The 'Report an Inaccuracy' button does absolutely nothing (checked in various browsers as well in both mobile and desktop page versions). I don't see any clear way to figure out who I was supposed to contact about the classification inaccuracy.

I've contacted Zscaler corporate support; they said they'll pass it along to their security team to check why my choir page is now classified as 'malware' and 'phishing' and consider reclassifying it. I've also contacted my stake technology specialist. I'll pursue those options but maybe the only thing I can hope for this Sunday or maybe next Sunday is just asking choir people to turn off their wifi and use wireless data to get access to the choir page.

Still wondering what changed a month ago to suddenly make this happen after it'd been working just fine for nearly a year.

russellhltn
Community Administrator
Posts: 24760
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Home server blocked by filter - what can I do?

Postby russellhltn » Sat Jul 28, 2018 12:13 pm

Looking at that link, there's a few things I noticed. First, it's in the format of server.domain.com. That's pretty common for a DDNS, since only the domain has to be registered, the server is just a entry into the DNS and effectively "free". I tried to visit the domain, and Malwarebytes blocked me, saying "Website blocked due to riskware". I tried to look up who owned the domain, but found it hidden behind a privacy screen. That's fine for individuals, not so good for someone running a business (like a DDNS).

I suspect the problem isn't so much with your server, but with the "neighbors" who share the same domain name. And the domain isn't well-enough known as a DDNS to treat the servers as individual domains.

Bottom line, I think you need to find a more reputable DDNS.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

jensend7
New Member
Posts: 10
Joined: Sun Sep 30, 2012 9:02 pm

Re: Home server blocked by filter - what can I do?

Postby jensend7 » Sat Jul 28, 2018 3:51 pm

yeah, the 'someone mistakenly blocked *.twilightparadox.com rather than unrelated_problematic_subdomain.twilightparadox.com' idea occurred to me before.

I thought FreeDNS (which manages this and a bunch of other domains) was one of the most popular and well-known dynamic DNS sources. This domain name has 22,600 other unrelated ddns subdomains, and their most popular domains have half a million subdomains.

The only DDNS provider I thought was more well-known was dyndns, and just before I started using dynamic dns they got rid of their free tier and started charging $55/year for service that does nothing more than the free provider (except, I guess, give me more people to yell at if this happens).

What DDNS sources do you think are sufficiently 'well known'?

edit: looks like no-ip seems to be more popular these days....

russellhltn
Community Administrator
Posts: 24760
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Home server blocked by filter - what can I do?

Postby russellhltn » Sat Jul 28, 2018 4:26 pm

jensend7 wrote:What DDNS sources do you think are sufficiently 'well known'?


Let me flip the question around: how is anyone supposed to know the status of twilightparadox.com? Checking on internic.net, they're registered via domain.com. When I check the whois of domain.com, I get:

Registrant Name: Data Protected Data Protected
Registrant Organization: Data Protected
Registrant Street: 123 Data Protected
Registrant City: Toronto
Registrant State/Province: ON
Registrant Postal Code: M6K 3M1
Registrant Country: CA
Registrant Phone: 1.0000000000
Registrant Phone Ext:
Registrant Fax: 1.0000000000
Registrant Fax Ext:
Registrant Email: noreply@data-protected.net
Registry Admin ID:
Admin Name: Data Protected Data Protected
Admin Organization: Data Protected
Admin Street: 123 Data Protected
Admin City: Toronto
Admin State/Province: ON
Admin Postal Code: M6K 3M1
Admin Country: CA
Admin Phone: 1.0000000000
Admin Phone Ext:
Admin Fax: 1.0000000000
Admin Fax Ext:
Admin Email: noreply@data-protected.net
Registry Tech ID:
Tech Name: Data Protected Data Protected
Tech Organization: Data Protected
Tech Street: 123 Data Protected
Tech City: Toronto
Tech State/Province: ON
Tech Postal Code: M6K 3M1
Tech Country: CA
Tech Phone: 1.0000000000
Tech Phone Ext:
Tech Fax: 1.0000000000
Tech Fax Ext:
Tech Email: noreply@data-protected.net


Yes, it is listed at https://freedns.afraid.org/domain/registry/, along with a zillion others. But I'm not sure as the filering companies are going to look at that one by one. The reward (for their customers) to effort seems too low.

You could give no-ip.com a try. At least their record with icann.org shows real contact information. (Vitalwerks Internet Solutions, LLC
Mailing Address: 425 Maestro Dr., Reno NV 89511 US) Which is more than I can say for afraid.org (the root of freedns) which is hiding behind the same 123 Data Protected company.

Just keep in mind that malware writers like "free" even more than you do - money leaves tracks. So they're going to make use of anything that's free that helps cover their tracks. So, finding a free name in a good neighborhood might be nigh impossible.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

jensend7
New Member
Posts: 10
Joined: Sun Sep 30, 2012 9:02 pm

Re: Home server blocked by filter - what can I do?

Postby jensend7 » Sat Jul 28, 2018 5:51 pm

Looks like if I just provide the url with the my home IP address rather than using the DNS name it works just fine through both the Church filter and Malwarebytes; the overkill in the domain name space apparently doesn't extend to trying to find and block all the 22600 unrelated IPs associated with subdomains. I can use url shorteners and/or qr codes to avoid anyone having to actually type my IP. So that'll take care of letting my choir members use it the next couple Sundays.

I'll tell Malwarebytes' false positive feedback that this is a DDNS service and thus blocking the domain rather than a subdomain leads to a collateral damage problem. I already told Zscaler that, as well as that their 'report inaccuracy' button isn't working. And yeah, I guess I'd do well in the future to try a more obvious ddns.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest