Select Page
closeLook how old this is!
I post at SearchCommander.com now, and this post was published 14 years 3 months 6 days ago. This industry changes FAST, so blindly following the advice here *may not* be a good idea! If you're at all unsure, feel free to hit me up on Twitter and ask.

Yesterday afternoon PDXTC had a report that a website we were hosting was down, but the server administrators said that it was up.

An hour later, we had a second report of another website down, and the admins claimed it was up as well, and that’s where I got involved.

I was working from home, and checking both websites came up blank – page not found – through my Comcast internet connection.

I looked up the users  FTP information, and I was unable to login top either account using FTP either, simply getting an “unable to connect” message.

One common connection between the two domains was that they happened to be on the same server, but other than that there was no reason why I shouldn’t be able to see these domains.

I went to a free proxy service and from there I was able to see both domains and verify that they were indeed up and running, so clearly this was a Comcast issue.

Was Comcast actually blocking my access to the web server? Had someone on this shared hosting server done something nefarious, and now Comcast was preventing me from accessing it through their servers?

I phoned Comcast, and of course had to sift through their ridiculous voicemail system, finally arriving at the tier 1 tech support where I had to fight my way past his insistence upon rebooting my router and checking my computer settings.

Finally after getting the guy to understand that the problem belonged to Comcast,  he transferred me to the “abuse” section, where he claimed they must be “blocking those websites”.

Blocking those websites?!? – I’d never heard of that before!

I waited my turn in the queue with Abuse department, and when the guy answered, he listened patiently, verified what I said was true,  and then had me run a trace route and email him the results.

As you can see, I didn’t get very far –

By that point it was after seven o’clock at night, and he told me he would have to escalate it to his next support level but that I shouldn’t expect it to be “fixed”until some time the next day.

At this point I asked if Comcast could be intentionally blocking my server IP address, and he assured me that no,   Comcast does not block access to web servers in the same way that they block mail servers and ports.

Under certain circumstances he says, where a website is known to be distributing Malware or viruses, they may issue a warning before the users arrival that “the site may be harmful…” , but they do not, as far as he knows, intentionally block access to a Web server.  As far as he knows… Huh.

Well, this morning, the sites are back up and I may never know what went wrong, so I guess I’ll just move on.

*** Update ***

I got a phone call back from comcast to tell me that all was resolved, and as it turns out,  Comcast HAD intentionally blocked all activity from that web server IP address!

Interestingly, sites hosted on that same web server that had been assigned a static IP address continud to work fine, but the shared hosting domains were all blocked, with no warning message to the user, and FTP, Trace Route, and even pings to the IP were blocked entirely.

The Comcast rep read me the notes he had gotten from engineering, and they sais that the IP was blocked because “Malicious data flows were detected over TCP port 80”.

That’s it – no indication of what domain caused it, nor, was there any reason given WHY they would UNblock it at my request, since presumably the malicious activity is still going on from whatever domain was causing the problem. Bizarre.

This was news to me, and news to the guy in security, who said he’s never heard of them blocking IP addresses like this before.

So, is the moral of the story that a shared hosting account may be risky to your visibility? It looks that way, doesn’t it?

If you like what you've seen here, would you please share this?