'Blogs' tab is sick again

This was me (again) Shabaz.

We've got some automated defense against SQL injection attacks and JS attacks in place, and it keeps firing against blogs because they contain code. When you get hit by it, it'll affect all browsers from the on IP. 

It's taking some tweaking. Previously when you had this it was a minor tweak, but I think this time I'll need to use something a bit heftier.

This is one of those things where if I do my job right, then nobody should notice, but if I get it wrong, I get everyone come down on me!

Hi Dudley,

Oh, odd.. I used two different connections, one was wired (VDSL) and the other was cellular (4G/5G), but the tab didn't work on either when it occurred. 

I'll double-check next time it occurs, to confirm. I switch off the WiFi on the mobile phone, when I was doing the comparison.

Many thanks for investigating!

Hi all,

At time 21:05 UK-time 29th Sep, the blogs tab failed to load again (when using DSL), on my laptop. (EDIT: it's now 21:16, it's failing for ten minutes at least).

As soon as this occurred, I switched off the WiFi connection on the mobile, and tried browsing to the Blogs tab using mobile Chrome. I see the same issue, so it can't be security measure related. 

I used the whatismyip website to confirm I had a very different IP address (86.xx.xx.xx on laptop, and 148.xx.xx.xx on phone).

Please can this issue be re-opened, because it doesn't seem to block on IP. I can supply the IP addresses if it needs to be checked against any log.

Was failing for me at that time as well.

Thanks for confirming! I guess it can't be the automated defence stuff then. Plus it seems frequent (since it last sick no later than three days ago at least).

Pretty sure it was broken this morning as well, I can’t really remember.

shabaz said:

Please can this issue be re-opened, because it doesn't seem to block on IP. I can supply the IP addresses if it needs to be checked against any log.

I'm also not convinced we've definitely identified the problem, but it's definitely something more server-side related.

Though we cannot necessarily show everything 'behind the curtain' to how the protections determine someone's being sinkholed regarding this, it would possibly work across different IP addresses, there's an element of fingerprinting that goes on.

That isn't to say that people shouldn't complain about it still happening, that's helpful, and to know what dates/times/timezones it happens, so thank you.

I've found you in the logs. I can see what has happened but I can't answer why it has happened.

It's based on a piece of content you both viewed which is throwing a false positive.

It's late now so I won't do it now, but in the morning I'll pull that module.

I've looked again today with a wakeful mind, and I can see what happened here, and made a small tweak.

Can you shout loudly if you get this again shabaz  & Andrew J 

Will do.  Makes us sound a little dodgy actually  : can you not explain more about what the issue is?

Awesome, will do, thanks!