Lampwork Etc.
 
TrueDesign

LE Live Chat

Enter Live Chat

No users in chat


The Flow

Caber Light


 

Go Back   Lampwork Etc. > The Mall > Customer Service Kiosk

Customer Service Kiosk -- Questions for LE vendors.

Reply
 
Thread Tools
  #31  
Old 2010-03-01, 10:47pm
khammil's Avatar
khammil khammil is offline
Cat Lady
 
Join Date: Dec 11, 2007
Location: Seattle, WA
Posts: 152
Default

Hi camelothosting, your report says that you blocked my laptop because it pinged port 500. That's the standard port that Windows machines use to initiate
To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts.
connections. It's not a threat, it's a query to see whether a Web site supports a more secure type of connection. If a site supports IPSec connections, Windows will go with that for maximum security. If not, Windows will stick with the standard http or https connection.

You advised me to block port 500 on my software firewall, but I can't do that or else I would not be able to connect to my work network. I believe your firewall is interpreting the Windows IPSec protocol negotiation as a threat. Could you look into whether you can de-sensitize the firewall so that it doesn't react to IPSec queries? I agree that if you receive inbound probes on many ports you should block the client for port scanning. A single ping on a security connection port should not trigger the block though.

Thanks,
Kerry
Reply With Quote
  #32  
Old 2010-03-01, 11:17pm
camelothosting camelothosting is offline
Junior Member
 
Join Date: Mar 01, 2010
Posts: 16
Default

Yes we know what port 500 is for, and the fact that we run almost exclusively e-commerce sites we will not open any port that does not need to be open.
Yes the firewall is seeing the ping as an attack because its pinging not once but a minimum of 5 times before you are getting a temp block.
I only grabbed one line from the report, I apologize for not stating that in my reply.

If it only pinged once or twice then it would not be an issue.
Reply With Quote
  #33  
Old 2010-03-01, 11:29pm
khammil's Avatar
khammil khammil is offline
Cat Lady
 
Join Date: Dec 11, 2007
Location: Seattle, WA
Posts: 152
Default

Interesting, it was after 5 clicks on Flamedame's site that I saw the block. Windows must be sending out one IPSec negotiation request per click.

Since you're not implementing IPSec you're doing the right thing by not opening port 500. However, your firewall is blocking many Windows computers that are not infected with malware. Can you modify it so that it doesn't trigger a block unless someone pings a port (other than 80, the standard HTML port) more than once a second? That would catch pretty much every exploit I've ever seen in the wild, as malware typically scans ports quickly and repeatedly. Regular, nonthreatening behavior like clicking on a new page every few seconds would not trigger the block then.

-- K
Reply With Quote
  #34  
Old 2010-03-01, 11:38pm
camelothosting camelothosting is offline
Junior Member
 
Join Date: Mar 01, 2010
Posts: 16
Default

I am using a windows PC and have never been blocked for this,
Honestly your the first one I remember getting hit on port 500....
As to the speed of exploits, Yes they are usually fast however there are a few that are actually going slow to get around the clicks per second
Reply With Quote
  #35  
Old 2010-03-01, 11:57pm
khammil's Avatar
khammil khammil is offline
Cat Lady
 
Join Date: Dec 11, 2007
Location: Seattle, WA
Posts: 152
Default

Many other customers on Lampwork Etc. have been denied from shopping at sites that use Camelot Hosting. It's been an issue for a long time and this thread is the most recent manifestation.

Have you tested extensively with Windows 7? Have you investigated the logs of the other people in this thread who have been denied?
Reply With Quote
  #36  
Old 2010-03-02, 12:03am
PaulaD's Avatar
PaulaD PaulaD is offline
Senior Member
 
Join Date: Jun 11, 2005
Location: SUNNY FLORIDA~West Coast!
Posts: 9,423
Default

I have not heard of other people being blocked and we have not had a problem until now. eta And just 2 people are blocked.
__________________

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.

Still North America's Largest Lauscha Dealer!
Now reopened in South Florida!!
Like US on Facebook !
To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.

Last edited by PaulaD; 2010-03-02 at 12:09am.
Reply With Quote
  #37  
Old 2010-03-02, 6:18am
camelothosting camelothosting is offline
Junior Member
 
Join Date: Mar 01, 2010
Posts: 16
Default

Yes I use windows 7 ( 64 bit at that )
The other issues that I have seen are not port scanning they are usually mod sec rules that happen to a few sites and we are working on finding whats triggering them, since we can demonstrate that its not a "Server" Issue we are looking into Code issues.

Once again if the ping to port 500 happened only once wouldnt be an issue.
You sated in your very good description above that it tries it and if it cant find it it reverts back to standard connections....
The question then becomes why is your setup not reverting, why is it pinging on every page hit?
We are willing to work to resolve any issues however there needs to be troubleshooting on both sides.
Reply With Quote
  #38  
Old 2010-03-02, 12:19pm
khammil's Avatar
khammil khammil is offline
Cat Lady
 
Join Date: Dec 11, 2007
Location: Seattle, WA
Posts: 152
Default

The best information I can get says that Windows re-checks for IPSec support every time a new connection is created with a site (i.e. by a user clicking a link). It's regularly checking for IPSec support in case it becomes available midsession. This is apparently standard behavior for Windows computers that are running IPSec. You would not want to open port 500, but a ping to it every 1-2 seconds is not necessarily due to a threat.

Some more information that would help me troubleshoot whether there is anything wrong on my side:

1) Is port 500 the only port you saw my computer probing?
2) How frequent were the ~5 hits on port 500 and on any other ports I scanned?
Reply With Quote
  #39  
Old 2010-03-02, 12:37pm
camelothosting camelothosting is offline
Junior Member
 
Join Date: Mar 01, 2010
Posts: 16
Default

you were caught scanning port 500 6 times before you were booted
there were 2 at each of the following
Mar 1 23:25:17
Mar 1 23:25:37
Mar 1 23:25:39

Once again you are the ONLY person that is having THIS issue as I said before most are not port scans but mod sec rules that we are still trying to iron out

If this was a typical issue then no windows users would be able to view any of our servers.
I have tested this in windows XP Vista ( 32 and 64 bit ) and widows 7 in 32 and 64 bit with no issues. ( I removed my Ip from the white list before my tests so that wouldnt have been a factor ) I believe Mike may have been on to something in the ticket he replied to about your settings being different due to the VPN connection that you are using.
Reply With Quote
  #40  
Old 2010-03-02, 1:53pm
Ekkie's Avatar
Ekkie Ekkie is offline
Mad about Glass
 
Join Date: Nov 29, 2005
Location: Sydney, Australia
Posts: 1,052
Default

Kerry is not the only person having this issue - I started the thread. As I had no idea at the time whether the message from Camelot Hosting was genuine I contacted the vendors from whose sites I was blocked.

I'm glad to see that you are investigating the issue. However, you should be able to provide access for customers who have accounts with vendors rather than suggesting that the customer is to blame.

I have just now contacted Camelot-Hosting Support with the details.
__________________
Jenn

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
[url]

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
Reply With Quote
  #41  
Old 2010-03-02, 2:04pm
camelothosting camelothosting is offline
Junior Member
 
Join Date: Mar 01, 2010
Posts: 16
Default

If you look back through my posts we are in fact trying to fix the issue,
and we are NOT blaming the issue on anyone.

I see you put in a ticket can you tell me when you were blocked since we do not have a record of the WHY

I will unblock from flamedames site rignt now and if you get blocked again then please update your ticket and we can tehn see what your issue is
Reply With Quote
  #42  
Old 2010-03-02, 2:17pm
PaulaD's Avatar
PaulaD PaulaD is offline
Senior Member
 
Join Date: Jun 11, 2005
Location: SUNNY FLORIDA~West Coast!
Posts: 9,423
Default

Jenn I think your issue might be different than Kerri's. And I did send on your info to them already.
__________________

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.

Still North America's Largest Lauscha Dealer!
Now reopened in South Florida!!
Like US on Facebook !
To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
Reply With Quote
  #43  
Old 2010-03-02, 3:19pm
Ekkie's Avatar
Ekkie Ekkie is offline
Mad about Glass
 
Join Date: Nov 29, 2005
Location: Sydney, Australia
Posts: 1,052
Default

Thanks Paula. I contacted Camelot today and their response was immediate - the problem with Frantz seems to be solved -I managed to place an order.

I still getted blocked from your site as soon as I try to open a product link which then reinstates the block on Frantz so I guess I will have to wait a bit longer to spend some money at Flamedame.
__________________
Jenn

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
[url]

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
Reply With Quote
  #44  
Old 2010-03-03, 2:23am
khammil's Avatar
khammil khammil is offline
Cat Lady
 
Join Date: Dec 11, 2007
Location: Seattle, WA
Posts: 152
Default

Hi, Camelothosting, I'm not connecting to any sites hosted on your servers via a VPN. I have connected from multiple physical locations, including my home network, work network, and networks at friends' houses. This has happened with different Windows computers (never my Macs or Linux machines). All of these Windows computers have a few things in common, though, including running Microsoft Forefront anti-malware software. I wonder if some program that is part of my work network's standard security suite is triggering this issue?

In any case, I am not the only person who has run into this problem. A couple of other people on this forum have reported it to Camelot Hosting support. Most people give up quickly because they don't get past the initial rebuff. If I weren't working in computer security, I would not have had the familiarity to dig in further either.

I would like to help find the root cause of the issue and to help implement any client-side changes which might be necessary. I have a few questions about the server-side activity that Camelot Hosting has see, which might help to diagnose the issue:

1) Am I the only client that you see scanning port 500, and which is subsequently blocked for port scanning? If I'm the only one, I'd love to know as that would indicate I need to look more closely at my Windows machines.

2) Is my client scanning ports other than 500?

3) What is the frequency of scans you see from my clients against all ports?

This is not an issue with all Windows computers, but it is an issue that happens frequently. Several people have posted on this forum about not being able to access sites hosted by Cametot Hosting. I've also heard anecdotal reports of similar problems at nearby classes and lampworking meetings. This is preventing more people from accessing Frantz and Flamedame than might immediately be apparent.

I would like to help figure out the root cause of this issue, which does not occur for me on sites hosted anywhere else and which is unlikely to be the result of a security compromise on any of my Windows computers which have been extensively scanned for malware.

-- K
Reply With Quote
  #45  
Old 2010-03-03, 6:41am
Janelle Zorko's Avatar
Janelle Zorko Janelle Zorko is offline
Cats & Glass!
 
Join Date: Jul 15, 2005
Location: Chelsea, AL
Posts: 1,648
Default

I would like to thank the users for opening up this dialog and Camelot for joining in. As some of you know, I am the webmaster for several sites on Camelot. You can blame me for the choice of this host in a lot of cases. Camelot specializes in hosting ZenCart and as such, they are the most security minded and communicative web host I've ever used. They have a great reputation despite these recent issues and I know that Tony and Mike are working hard on this. We have talked on numerous occasions but without this kind of feedback, it's hard to fix any type of software problems.

Thanks again - I'll keep working with Camelot and the sites at which you may have problems and never hesitate to contact me (although I do publicly apologize that I wasn't able to get Carol S the help that she needed). I've been very frustrated by the situation but it seems like we might find some resolution.

Janelle
__________________
Janelle Zorko Schultz
Pigeon Point Glass

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.

Ebay -
To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
Etsy -
To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
Blog -
To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
Reply With Quote
  #46  
Old 2010-03-03, 12:28pm
CarolS's Avatar
CarolS CarolS is offline
The Queen of Sofa King
 
Join Date: Nov 10, 2005
Location: State of flux
Posts: 1,079
Default

Quote:
I would like to thank the users for opening up this dialog and Camelot for joining in. As some of you know, I am the webmaster for several sites on Camelot. You can blame me for the choice of this host in a lot of cases. Camelot specializes in hosting ZenCart and as such, they are the most security minded and communicative web host I've ever used. They have a great reputation despite these recent issues and I know that Tony and Mike are working hard on this. We have talked on numerous occasions but without this kind of feedback, it's hard to fix any type of software problems.

Thanks again - I'll keep working with Camelot and the sites at which you may have problems and never hesitate to contact me (although I do publicly apologize that I wasn't able to get Carol S the help that she needed). I've been very frustrated by the situation but it seems like we might find some resolution.

Janelle
Janelle, please don't think I was upset with you - you are a sweetheart and really willing to help. From my understanding, you took it as far as you could. It is a totally frustrating situation for all involved and now that I have contacted Camelot directly, Mike and his staff have been very responsive.
__________________

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
Reply With Quote
  #47  
Old 2010-03-03, 1:32pm
camelothosting camelothosting is offline
Junior Member
 
Join Date: Mar 01, 2010
Posts: 16
Default

Quote:
Hi, Camelothosting, I'm not connecting to any sites hosted on your servers via a VPN. I have connected from multiple physical locations, including my home network, work network, and networks at friends' houses. This has happened with different Windows computers (never my Macs or Linux machines). All of these Windows computers have a few things in common, though, including running Microsoft Forefront anti-malware software. I wonder if some program that is part of my work network's standard security suite is triggering this issue?

In any case, I am not the only person who has run into this problem. A couple of other people on this forum have reported it to Camelot Hosting support. Most people give up quickly because they don't get past the initial rebuff. If I weren't working in computer security, I would not have had the familiarity to dig in further either.

I would like to help find the root cause of the issue and to help implement any client-side changes which might be necessary. I have a few questions about the server-side activity that Camelot Hosting has see, which might help to diagnose the issue:

1) Am I the only client that you see scanning port 500, and which is subsequently blocked for port scanning? If I'm the only one, I'd love to know as that would indicate I need to look more closely at my Windows machines.

2) Is my client scanning ports other than 500?

3) What is the frequency of scans you see from my clients against all ports?

This is not an issue with all Windows computers, but it is an issue that happens frequently. Several people have posted on this forum about not being able to access sites hosted by Cametot Hosting. I've also heard anecdotal reports of similar problems at nearby classes and lampworking meetings. This is preventing more people from accessing Frantz and Flamedame than might immediately be apparent.

I would like to help figure out the root cause of this issue, which does not occur for me on sites hosted anywhere else and which is unlikely to be the result of a security compromise on any of my Windows computers which have been extensively scanned for malware.

-- K
As I replied earlier you are in fact the only person having issues with port 500 scanning,

No your not scanning any ports besides 500
and Im going to say this kinda blunt this time

YOURS IS THE ONLY ONE WITH PORT 500 ISSUES....
I have tested ( as I explained to you yesterday ) with multiple versions of windows ( XP Vista 32 and 64 bit as well as windows 7 32 and 64 bit ) and have NOT been able to produce this port 500 issue,

The only thing we have been able to come up with is that there is an issue with your firewall or PC that is trying to connect to port 500 more than is required. the time stamps that I showed you yesterday show that you were attempting to connect top port 500 2 x a second on 3 diff occasions

and once again the issues that others here are having are NOT the same as yours,
Reply With Quote
  #48  
Old 2010-03-03, 1:46pm
camelothosting camelothosting is offline
Junior Member
 
Join Date: Mar 01, 2010
Posts: 16
Default

Ok time to ask a totally seperate but relevant question

Other than Khammil.

Has anyone ever actually been blocked while they were in frantz? or did you go there after visiting another site and just got the blocked page to start.
Reply With Quote
  #49  
Old 2010-03-03, 2:04pm
camelothosting camelothosting is offline
Junior Member
 
Join Date: Mar 01, 2010
Posts: 16
Default

On a separate note can any who were locked out at flamedame hit this link and click around,
To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts.
Reply With Quote
  #50  
Old 2010-03-03, 3:30pm
camelothosting camelothosting is offline
Junior Member
 
Join Date: Mar 01, 2010
Posts: 16
Default

Ok to let people know we are working on a tweak that will solve the users having mod security issues ( thats just about everyone thats had issues with these sites )
Reply With Quote
  #51  
Old 2010-03-03, 4:38pm
Ekkie's Avatar
Ekkie Ekkie is offline
Mad about Glass
 
Join Date: Nov 29, 2005
Location: Sydney, Australia
Posts: 1,052
Default

Clicked on the flamedame link above with the following result:

Your connection to this server has been blocked in the firewall.
You need to contact Camelot-Hosting Support with the following IP address.

Your blocked IP address is ......

Addressing the other questions:
I was first blocked while using Frantz website
I was then blocked while using Flamedame site
Regained access to the Frantz site and managed to place an order but have since been blocked again from both sites after accessing the Flamedame site.

I hope this sequence of events is of some help.
__________________
Jenn

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
[url]

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.

Last edited by Ekkie; 2010-03-03 at 4:42pm.
Reply With Quote
  #52  
Old 2010-03-03, 6:42pm
camelothosting camelothosting is offline
Junior Member
 
Join Date: Mar 01, 2010
Posts: 16
Default

Yes this is very helpful,

I will need you to send me your IP again so we can unblock you and have you test again we are sure that we have the issue at franz and flame dame taken care of
Reply With Quote
  #53  
Old 2010-03-03, 7:32pm
PaulaD's Avatar
PaulaD PaulaD is offline
Senior Member
 
Join Date: Jun 11, 2005
Location: SUNNY FLORIDA~West Coast!
Posts: 9,423
Default

Quote:
On a separate note can any who were locked out at flamedame hit this link and click around,
To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts.
I just clicked it and all I got was Google...
__________________

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.

Still North America's Largest Lauscha Dealer!
Now reopened in South Florida!!
Like US on Facebook !
To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
Reply With Quote
  #54  
Old 2010-03-03, 7:33pm
PaulaD's Avatar
PaulaD PaulaD is offline
Senior Member
 
Join Date: Jun 11, 2005
Location: SUNNY FLORIDA~West Coast!
Posts: 9,423
Default

Jenn if you wanted to buy things that were on sale last week just let me know. After he fixes the bug. Paula
__________________

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.

Still North America's Largest Lauscha Dealer!
Now reopened in South Florida!!
Like US on Facebook !
To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
Reply With Quote
  #55  
Old 2010-03-03, 9:07pm
camelothosting camelothosting is offline
Junior Member
 
Join Date: Mar 01, 2010
Posts: 16
Default

I removed the test site, Looks like we have your site and frantz all taken care of.
Reply With Quote
  #56  
Old 2010-03-03, 9:47pm
PaulaD's Avatar
PaulaD PaulaD is offline
Senior Member
 
Join Date: Jun 11, 2005
Location: SUNNY FLORIDA~West Coast!
Posts: 9,423
Default

Yay!!! Thanks Mike!!
__________________

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.

Still North America's Largest Lauscha Dealer!
Now reopened in South Florida!!
Like US on Facebook !
To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
Reply With Quote
  #57  
Old 2010-03-04, 9:47pm
mikefrantz mikefrantz is offline
Senior Member
 
Join Date: Sep 06, 2005
Location: Shelton Washtington
Posts: 3,256
Default Thank You

Quote:
I removed the test site, Looks like we have your site and frantz all taken care of.
Thank You Very Much
To view links or images in this forum your post count must be 1 or greater. You currently have 0 posts.


mike frantz
__________________
Mike's Email:
To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.

Frantz Art Glass Website:
To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.

The Torch Website:
To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.

Mike's phone: 800.839.6712 ext 206
Reply With Quote
  #58  
Old 2010-03-04, 10:31pm
Ekkie's Avatar
Ekkie Ekkie is offline
Mad about Glass
 
Join Date: Nov 29, 2005
Location: Sydney, Australia
Posts: 1,052
Default

Thanks everyone. Everything is working fine again for me on both sites.
__________________
Jenn

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
[url]

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump




All times are GMT -7. The time now is 2:20pm.


Powered by vBulletin® Version 3.7.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Your IP: 3.227.252.87