Results 1 to 12 of 12
  1. #1

    IP Blocked by AT&T or GBLX

    I run a couple free/paid image and web hosting services.

    Yesterday around 11AM we lost connectivity from certain locations to our main IP. Tracerts (as seen below) are stopping at the same point every time. Other IP addresses on our network work fine.

    The next 2 hops that we should be seeing in tracerts are to an AT&T handoff to GBLX, then a GBLX router.

    I've contacted every abuse, help, and rbl address I can find at both AT&T and GBLX to no avail. The contacts for the IP at ARIN (of which I am one) weren't notified of anything like that though.

    Its been suggested by the people at our datacenter that we might have been blackholed by one of these two providers. We dont' send spam, and our users don't have mail service or the ability to use sendmail. We do offer free file storage/hosting, and get the occasional phishing site or trojan uploaded, but we attend to them immediately when notified and remove any offending content on the spot.

    This has affected a large chunk of our quarter million users, anyone who takes a route through AT&T to reach the sites. Other routes many people take (through L(3) for example) aren't affected. Can anyone offer any suggestions? We've already moved the IP's for the two sites on this IP to two different IP's, which is a quick-fix, but I need that IP to work...

    C:\Documents and Settings\Scott.OPTIPLEX>tracert

    Tracing route to []
    over a maximum of 30 hops:

    1 4 ms 1 ms 1 ms
    2 16 ms 17 ms 12 ms
    3 11 ms 8 ms 10 ms
    4 8 ms 7 ms 7 ms []
    5 13 ms 10 ms 8 ms
    6 27 ms 28 ms 27 ms []
    7 32 ms 29 ms 26 ms
    8 29 ms 42 ms 33 ms []
    9 * * * Request timed out.
    10 * * * Request timed out.
    11 * * * Request timed out.
    12 * * * Request timed out.
    13 * * * Request timed out.
    14 * * * Request timed out.
    15 * * * Request timed out.
    16 * * * Request timed out.
    17 * * * Request timed out.
    18 * * * Request timed out.
    19 * * * Request timed out.
    20 * * * Request timed out.
    21 * * * Request timed out.
    Ripside Web Hosting - cPanel or ASP/.NET

  2. #2
    I forgot this.

    Looking Glass utils at GBLX ( show the same problem, when tracing from their Chicago, IL router to our "host",

    Trying trace from node 'Chicago, IL, US' to ''

    1 ( 0.728 ms 0.649 ms
    2 * (*) * ms * ms
    3 * (*) * ms * ms
    Ripside Web Hosting - cPanel or ASP/.NET

  3. #3
    I've found out that GBLX has indeed blackholed this IP, which denied access for many to a service that supports almost 400,000 users.

    None of the contacts listed at ARIN for this IP were contacted. We don't do SPAM, and we don't allow our users sendmail services.

    Is this legal for them to do? Arbitrarily block an IP address from their transport apparently because of some report they received, and furthermore, apparently with no recourse? GBLX referred me to a $200-per-incident security process. This is like extortion...
    Ripside Web Hosting - cPanel or ASP/.NET

  4. #4
    Join Date
    May 2004
    Toronto, Canada
    Doesn't sound right. Someone should have and be able to provide you with details of the complaint I would think.

    Also, you have 250,000 users?
    Can't we all just get along

  5. #5
    90% of those are "free image hosting" users, but they're still affected.
    Ripside Web Hosting - cPanel or ASP/.NET

  6. #6
    Join Date
    May 2004
    Toronto, Canada
    I understand but you are saying you have then 225,000 free image hosting customers?
    Can't we all just get along

  7. #7
    Around that, yeah. is one of the larger image hosting services (probably top 5?), and GBLX blocked the IP without notifying us or giving us a chance to respond...
    Ripside Web Hosting - cPanel or ASP/.NET

  8. #8
    Join Date
    May 2004
    Toronto, Canada
    Jeez, ya I would go after them pretty strongly then. While they can do this, they have to do it with some notice / proof. Get your lawyer to contact them quickly. If they do have proof you probably need to try to move to another network. Are you colocated with someone? Can they help?
    Can't we all just get along

  9. #9
    Join Date
    Apr 2003
    Well before you start on the lawyer path is anything in fact illegal? I do not have much experience in this area but is there anything that says any datacenter cannot just block whatever ips they want. I know plenty of people that block most of asia because of spam and they seem to be perfectly happy with it. I do not disagree that this is a dirty trick, but I am not to sure if it is actually illegal.
    John W, CISSP, C|EH
    MS Information Security and Assurance - Server Administration and Security - Managed VPS and Dedicated Servers with VIP Service

  10. #10
    This isn't a datacenter doing it - its transport services.
    Ripside Web Hosting - cPanel or ASP/.NET

  11. #11
    They directed me to, which charges a $200 per-case fee if they don't deem it to be an emergency or an improper report. Well, I'm not reporting fraud, spam, trojans, or anything else on their list.

    I'm REALLY getting frustrated with these idiots.
    Ripside Web Hosting - cPanel or ASP/.NET

  12. #12
    3 days later, and its resolved.

    I chose a bogus "type of attack" in their security report form, and was contacted by phone shortly after.

    They said they tried to contact the addresses listed at ARIN for our IP, but admitted that their procedure is too strict, and they're making changes to make it more leniant. We did in fact have a phisher running some files from our service (nothing uncommon, we deal with them on a daily basis).

    He un-blocked the IP while I was on the phone with them after I got that account removed.
    Ripside Web Hosting - cPanel or ASP/.NET

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts