Why is the US Green Party's site blocked?

Why is the US Green Party's site blocked?(github.com)

89 points by oriesdan 4 years ago | 48 comments

My trivia league was blocked by Heathrow's airport wifi because of "games/sports". I contacted Boingo, who told me they don't block websites (? okay, so then your client operates a rogue blocklist that uses Boingo headers for the error page -- that's even worse). I also tried contacting some sort of pseudo-government safe browsing list to see if it was their blocklist being used by Heathrow and got no response.

The annoying thing is not the false positives: these things happen, and mostly it's not all that urgent to resolve immediately. The annoying thing is a total lack of obvious appeals process to resolve a false positive. At least the OP's example is on GitHub and thus can easily be issued.

pricechild 4 years ago | |

My static home IP was blocked by my new energy supplier.

It took almost 4 months to get through to someone who would accept my problem wasn't forgetting my password.

In the end, I was pointed to their third provider and told "sort it out yourself, not our problem". Thankfully that other company had a reasonable-ish appeals process...

...obviously I got relisted in their db a few times but things seem to have calmed down now.

https://pricey.uk/blog/connection-reset/

tialaramex 4 years ago | | |

Ah, "Reputation" and "Threat Intelligence". One of the things I didn't expect but should have after BeyondCorp and Zero Trust is that some people would decide they need to go the exact opposite direction.

Instead of designing our systems as though they all face the hostile public Internet like Google, why not instead police all of the public Internet as though it's our internal network? That way we don't need to adopt any actual security practices. What could go wrong?

As you saw, basically everything, all the time.

I actually moved energy supplier a few months ago. I had a good quote from a new supplier, and when I tried to sign in to see how close the quote from my old supplier was their site wouldn't load in my browser, tried again a day later, no joy. OK cool, bye then.

cordite 4 years ago | | |

One of my coworkers ended up blocked because Amazon maintains a block list of bot like users and our WAF was subscribed to it. This coworker was using scrapers for find GTX 3080s.

Surprisingly, Amazon does not block customers they put on this list.

tokai 4 years ago | |

A place I worked blocked hackernews bcs of "hacking". Never had the nerve to try to get it unblocked.

dkarl 4 years ago | | |

A place I worked blocked Github for "hacking tools." Each new software developer hire had to request access and get it approved by their manager, a process that took a few hours.

reaperducer 4 years ago | |

The company I work for blocks Google Translate. IT claims it's the default that comes with the filtering software it uses.

Fortunately, since I build multi-lingual web sites, I was able to get an exemption from the security department.

(No, I don't use Google Translate to translate web sites. The company has three internal and two external professional translators for that. But sometimes when I'm copying-and-pasting between versions, I like a little reassurance that what I'm pasting is what I think it is.)

writeslowly 4 years ago | | |

Google Translate was a popular way to bypass filters when I was in high school since it could be used as a proxy and nobody blocks google.com

heelix 4 years ago | | |

Hah! I have used Google Translate to do some naïve translations. Was creating portlet code that supported i18n, and took a crack at a few of the labels. Much to the amusement of the folks I demoed to, I used the French word for a person's back, not back in the context of navigation.

spaetzleesser 4 years ago | | |

The funny thing is that they often are blocking the well known sites but don’t block less known and potentially shady sites. I always notice this when I try to download a software I need. Popular sites are blocked but very questionable sites are open.

deepsun 4 years ago | |

Does UK honor "net neutrality"? If yes, that could be a way to hold them (ISP, whoever it be) accountable.

reom_tobit 4 years ago | | |

Ofcom (the UK’s coms regulator) has just announced a review of net neutrality [1]. Which will have some big companies aiming to give themselves more “flexibility”.

Currently however, providers are bound by EU mandates to treat every packet the same (roughly speaking).

I hope it stays that way.

[1] - https://www.techradar.com/uk/news/ofcom-to-review-uks-net-ne...

bcoates 4 years ago | |

Yeah, the airport provides the Internet uplink and contractually it can be as locked-down and broken as they like. Boingo just manages the WiFi infrastructure and payment/login. Usually they're extremely lazy and just use a DNS service with business-style blocking rules and unblock popular stuff one at a time when people notice and complain.

herbst 4 years ago |

I've worked with several kinds of public blocking lists and one thing I learned is that they are all full of false positives. For whatever reason, I would not be surprised if just nobody ever noticed the mistake.

Fnoord 4 years ago | |

Yeah, that's a given because they're not constructed manually ie. no manual verification.

Give them some time to react. My wife complained to me she could not visit a website (I run Pi-Hole on our network, and our mobile devices get routed to it even on external networks). I looked through the logs, figured the offending rule, contacted the maintainer, and they fixed it within a few hours.

The issue has been up for one hour thus far.

xoa 4 years ago | | |

Yeah, same here, I run OPNsense and make use of Unbound's blacklist feature to similar (and surprisingly potent!) effect, along with Suricata and Sensei. I have had to manually whitelist some stuff though.

False-positives, things that are good defaults but advanced users should be able to bypass, or just plain unfortunately necessary workarounds are certainly all issues though. I think user available fallbacks can be useful sometimes for that reason. Like at a site using 802.1x auth, set it up so users can append "-noblock" to their login and then it'll change them into a different VLAN which can just point at a different DNS (or alternately Unbound supports views for split-brain DNS).

nerdponx 4 years ago | |

Or someone quietly slipped it onto a block list knowing that it'd take a while to get noticed.

shadowgovt 4 years ago | | |

If you're talking about the Green Party site, there is explanation at the bottom of the GitHub issue. It appears they were either compromised at some point in the past and used as a relay for spam ads or somebody with legitimate authority to edit the site abused their privileges and ran a spam ad operation on the side.

In either case, blocklistproject interprets spam ad vendors as damage and routes around them.

bencollier49 4 years ago |

They probably got hacked ages ago and it was added at that point. I wouldn't be assuming malice here.

0xf00fc7c8 4 years ago |

It's also on VirusTotal

Vaslo 4 years ago |

I can no longer visit End-To-End encrypted sites anymore at work. It sucks because I use ProtonMail and end up having to use my phone to forward things from there or to my Google email, which I wanted to stop using entirely.

rPlayer6554 4 years ago | |

I am confused? Does your employer just block any https site?

sithadmin 4 years ago | | |

Probably doing MITM SSL inspection. Basically, a corporate security appliance with trusted certs on the endpoint sits in the middle of everything to inspect for malware/viruses/blocked content.

A relatively common corporate practice, honestly. It's a shame more people aren't aware of it.

unethical_ban 4 years ago | |

Depending on your place of work, it's a very good thing they block personal email.

aaron695 4 years ago |

They are a phishing site

https://webcache.googleusercontent.com/search?q=cache:HWH6z4...

Perhaps they have fixed it in the past 3 weeks, maybe they haven't.

From yesterday, so not fixed -

https://webcache.googleusercontent.com/search?q=cache:rMUgla...

Also love the way it's signed, the persons online profile is "I'm Black Hat SEO Expert" if anyone wants to write any Green policy I guess contact them?

nkozyra 4 years ago | |

This is just streaming spam and any site that accepts user-generated content is susceptible to it.

Having been on their side it can sometimes be very difficult to mitigate without manual approval. This is not automated - it's done by humans and they adjust their patterns against any automatic mitigation attempts.