IP Reputation Filter - Blocking my website (Wix)

iSpeed
iSpeed Posts: 110
First Comment Fourth Anniversary
 Ally Member
edited April 2021 in Security
IP Reputation Filter still seems to have problems with well known sites. I had to turn it off as just creating too many problems. Are they working to improve it?  Hard to recommend to clients with broken implementation.

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,174
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
     Zyxel Employee

    Hi @iSpeed,

    Since version 4.55, the phishing category scan is moved from "inbound+outbound" to "inbound only", and the default setting of phishing is disabled.

    If any well-known websites should not be blocked by IP Reputation, give us the list of blocked IP addresses.

    We will verify if these IP addresses are safe and add them to white list in the next signature version.

    [FEATURE CHANGE] IP Reputation change the phishing category scan from "The Internet And Local Networks" to "The Internet” only.

    Before (4.50)


    After (4.55)

    image.png

    Click this link to start: https://bit.ly/3R2Wx52
    Emily

  • iSpeed
    iSpeed Posts: 110
    First Comment Fourth Anniversary
     Ally Member
    What would really be helpful is if when a website is blocked by ip reputation that it notifies user in browser and an option to submit for white list. As it is it just times out and you don't know what is causing it.
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,174
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
     Zyxel Employee

    Hi @iSpeed,

    Thanks for your suggestions.

    The requests are in the feature queue and under evaluation by ATP team.

    image.png

    Click this link to start: https://bit.ly/3R2Wx52
    Emily

  • Mario
    Mario Posts: 102
    Zyxel Certified Network Engineer Level 1 - Security First Comment Friend Collector Fourth Anniversary
     Ally Member
    I can confirm this. At my whitelist I have as example:
    23.227.38.65 (cloudflare)
    My customer was not able to open website protected by cloudflare, but the requestet site was clean... so this was an collateral damage by one infected / phising site behinde the CDN with this ip...
    Not running 4.55 until now, I hope this will work better.



  • Zyxel_Emily
    Zyxel_Emily Posts: 1,174
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
     Zyxel Employee

    Hi @Mario,

    With the latest signature version 1.0.0.20200811.0, the threat level of the IP 23.227.38.65 is Neutral, so it should not be blocked by IP Reputation.

    If the website is blocked by IP Reputation, go to MONITOR > Security Statistics > Reputation Filter and check the list of IP detected.




    image.png

    Click this link to start: https://bit.ly/3R2Wx52
    Emily

Categories

Security Highlight


Read more

Security Help Center

  • FAQ
  • New & Release
  • Monthly Express
  • Threat Intelligence
  • Video Tutorials
    • EnglishTiếng ViệtРусскийไทย中文(台灣)