IP Reputation Filter - Blocking my website (Wix)

iSpeed
iSpeed Posts: 110  Ally Member
First Comment Fifth Anniversary
edited April 2021 in Security
IP Reputation Filter still seems to have problems with well known sites. I had to turn it off as just creating too many problems. Are they working to improve it?  Hard to recommend to clients with broken implementation.

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @iSpeed,

    Since version 4.55, the phishing category scan is moved from "inbound+outbound" to "inbound only", and the default setting of phishing is disabled.

    If any well-known websites should not be blocked by IP Reputation, give us the list of blocked IP addresses.

    We will verify if these IP addresses are safe and add them to white list in the next signature version.

    [FEATURE CHANGE] IP Reputation change the phishing category scan from "The Internet And Local Networks" to "The Internet” only.

    Before (4.50)


    After (4.55)

  • iSpeed
    iSpeed Posts: 110  Ally Member
    First Comment Fifth Anniversary
    What would really be helpful is if when a website is blocked by ip reputation that it notifies user in browser and an option to submit for white list. As it is it just times out and you don't know what is causing it.
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @iSpeed,

    Thanks for your suggestions.

    The requests are in the feature queue and under evaluation by ATP team.

  • Mario
    Mario Posts: 106  Ally Member
    Zyxel Certified Network Engineer Level 1 - Security First Comment Friend Collector Fifth Anniversary
    I can confirm this. At my whitelist I have as example:
    23.227.38.65 (cloudflare)
    My customer was not able to open website protected by cloudflare, but the requestet site was clean... so this was an collateral damage by one infected / phising site behinde the CDN with this ip...
    Not running 4.55 until now, I hope this will work better.



  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @Mario,

    With the latest signature version 1.0.0.20200811.0, the threat level of the IP 23.227.38.65 is Neutral, so it should not be blocked by IP Reputation.

    If the website is blocked by IP Reputation, go to MONITOR > Security Statistics > Reputation Filter and check the list of IP detected.




Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)