Hi,
Did you check if the customer's network is maybe infected with some botnet or spambot that triggers honeypots?
Clearly, if the IP changes and the customer gets blocked again, it is something being caused by the source IP...
Netflow... Netflow all the things ;)
Greets, Jeroen
--
On 20211026, at 09:19, Benoit Panizzon benoit.panizzon@imp.ch wrote:
Dear Colleagues
We have a customer whose IP keep getting blocked by various CDN operators.
If we change his IP, this solved the issue for a couple of days, then he is blocked again. Actual IP: 87.102.212.133
At the moment, this IP is being blocked by the CDN used by:
klm.com nespresso.com easyjet.com
I opened a case with Amazon, as this is the ones that host the easyjet.com CDN but they replied that he is blocked 'upstream' by their customer easyjet.
Our customer called the Easyjet Helpdesk, but they have no clue what generates this error and sent him to is ISP :-/
We don't get any kind of complaints regarding the IP of this customer.
https://multirbl.valli.org/lookup/87.102.212.133.html
Two entries on blacklist I am not familiar with. One of them about an email misconfiguration?
All the customer is seing on the webpage is:
=== snipp === Access Denied
You don't have permission to access "http://www.easyjet.com/" on this server.
Reference #18.57d61202.1634833697.32bab06 === snapp ===
Any hints on how to solve or what blocking provider is used (all pages show a very similar message with similar ID) are appreciated.
PS: Yes, google is finding reports of this exact issue. None I found provided any useful hint on what causes the issue.
Mit freundlichen Grüssen
-Benoît Panizzon-
I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog