M5Stack Community
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Forum blocking some Apple Private Relay IP addresses...

    General
    3
    7
    293
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      achayne
      last edited by

      I've been messing around with my new M5 products and have been visiting the forums as I run into things, but...

      I often get "Sorry, your IP address has been banned from this community. If you feel this is in error, please contact an administrator." instead of the forum site...

      Just trying to reach the site right now, I've noticed at least the following Apple Private Relay IP addresses are blocked:
      104.28.39.128
      104.28.57.244
      104.28.57.245
      104.28.57.246
      104.28.57.247
      104.28.57.248

      Can you please unblock & not-block Apple Private Relay?

      There's a large list of their IPs here: https://github.com/hroost/icloud-private-relay-iplist

      felmueF 1 Reply Last reply Reply Quote 0
      • felmueF
        felmue @achayne
        last edited by

        Hello @achayne

        I understand your frustration. However all IP addresses you provided are listed as spam and/or brute force attacks when checking on CleanTalk from which we have the information which IPs to block.

        May I ask you to reach out to CleanTalk to have those IP addresses deleted from their database and then report back here so I can adjust our list accordingly?

        Thanks
        Felix

        GPIO translation table M5Stack / M5Core2
        Information about various M5Stack products.
        Code examples

        ajb2k3A A 2 Replies Last reply Reply Quote 0
        • ajb2k3A
          ajb2k3 @felmue
          last edited by

          @felmue the joys of IPV4 blocking

          UIFlow, so easy an adult can learn it!
          If I don't know it, be patient!
          I've ether not learned it or am too drunk to remember it!
          Author of the WIP UIFlow Handbook!
          M5Black, Go, Stick, Core2, and so much more it cant be fit in here!

          1 Reply Last reply Reply Quote 0
          • A
            achayne @felmue
            last edited by

            @felmue

            I contacted CleanTalk...

            "We are already using the list you mentioned: https://github.com/hroost/icloud-private-relay-iplist. All IPs from it have the 'Purpose of use' which is called 'CDN', for instance: https://cleantalk.org/blacklists/172.224.224.56. Such IPs do not block if they have blacklisted status."

            "We do not have the website https://community.m5stack.com in our database, meaning this website does not use CleanTalk, so any issues on it are not related to CleanTalk."

            .
            .
            .
            Concerning Apple Private Relay:
            It's a "VPN like" service Apple includes as a part of its paid iCloud+ services, and only works on newer Apple devices and only within Apple’s own apps (like Safari) and only for web content (web surfing). Every browser tab uses a different random outbound IP address from Apple’s large pool of outbound node addresses. So its traffic is by humans directly interacting with your site, and since Private Relay requires an active paid iCloud account, that also means these users are verified by Apple (Apple also cracks down on abuse of it's Private Relay service by bad-actors, disabling such accounts).

            To block it’s addresses is to potentially block upwards of over 1 billion Apple iCloud users to the forums, due to the actions of a very small handful of bad-actors (which may not even be doing anything towards your site since the IP classifications are global).

            If you are instead blocking locally on your site by checking IPs against CleanTalk's database or similar, I'd suggest putting a very short IP lockout period on the address instead, since the bad actor just has to open a new tab (or a few) and can continue doing whatever they were trying to do (causing your service to block yet another Apple IP address and more legitimate users).

            ajb2k3A 1 Reply Last reply Reply Quote 0
            • ajb2k3A
              ajb2k3 @achayne
              last edited by

              @achayne I have never been IP banned but I have been affected by an IP ban.
              The problem is that IPV4 is serverly limited with only 4,294,967,296 available but there are 8.2 billion people on earth. assuming that every one has a TV+computer+smartphone that means that about 24 billion IPV4 address are needed which just isn't available. when a modem or mobile device resets, its external IPV4 address resets which mean s that at some point, an innocent user will end up with one of the black listed IPV4 address.
              I have had this a few time and had to reset the device and router to get a new IP address.

              UIFlow, so easy an adult can learn it!
              If I don't know it, be patient!
              I've ether not learned it or am too drunk to remember it!
              Author of the WIP UIFlow Handbook!
              M5Black, Go, Stick, Core2, and so much more it cant be fit in here!

              felmueF A 2 Replies Last reply Reply Quote 0
              • felmueF
                felmue @ajb2k3
                last edited by

                Hello @achayne

                thank you for your explanation.

                Yes, we are blocking locally.

                That said, I lifted the block for now and we'll how it goes.

                Thanks
                Felix

                GPIO translation table M5Stack / M5Core2
                Information about various M5Stack products.
                Code examples

                1 Reply Last reply Reply Quote 0
                • A
                  achayne @ajb2k3
                  last edited by

                  @ajb2k3 said in Forum blocking some Apple Private Relay IP addresses...:

                  @achayne I have never been IP banned but I have been affected by an IP ban.
                  The problem is that IPV4 is serverly limited with only 4,294,967,296 available but there are 8.2 billion people on earth. assuming that every one has a TV+computer+smartphone that means that about 24 billion IPV4 address are needed which just isn't available. when a modem or mobile device resets, its external IPV4 address resets which mean s that at some point, an innocent user will end up with one of the black listed IPV4 address.
                  I have had this a few time and had to reset the device and router to get a new IP address.

                  Sadly IPV4 is still sticking around, but luckily IPV6 has been making headway.
                  One plus to using Apple Private Relay, is you just open a new tab and have a new IP most of the time, although the pools are fairly small for each "Maintain general location" region. and the "Use country and time zone" pools also have larger groups of users crammed into the pools since there are less of those node locations globally. (I'm in NYC, so both the local & timezone pools were the same, and 11 of the 15 IPs were blocked by M5Stack).

                  @felmue said in Forum blocking some Apple Private Relay IP addresses...:

                  Hello @achayne

                  thank you for your explanation.

                  Yes, we are blocking locally.

                  That said, I lifted the block for now and we'll how it goes.

                  Thanks
                  Felix

                  Thanks for unblocking the addresses, hopefully the people in my timezone behave on this site and your monitoring algorithm isn't too harsh :)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post