IP Whitelisting
Why we don’t whitelist IP Addresses
One of the most important aspects of running a web-hosting business is providing a secure and reliable service. And while our customers happily use their websites and emails, there is a war going on behind the scenes. Every day our servers are blocking incoming hack attempts. But sometimes this war has some unfortunate consequences and friendly fire. Namely; Client IP Blocks.
Sometimes our servers will see a potential enemy IP address coming in, and as a result it raises the shields and blocks the IP. If it turns out it’s not an enemy after-all, we can lower the shields, unblock the IP and everything goes back to normal.
However, sometimes a customer gets continually blocked.. because their IP address ALWAYS looks suspicious. So why can’t we just permanently instruct our servers that the IP in question is friendly and to always allow access? Namely; Whitelisting the IP. The answer is no, because doing so compromises the security not only of the user, but the entire server and everyone else that is using it. To really understand this further we need to go over what an IP address actually is and why they get blocked.
Ok, so what is an IP Address?
IP stands for Internet Protocol and the address is a unique identifier for the device AND the network they use to access the internet. Each time a computer/device talks to a server it shows its IP address so the server knows who is talking and who to respond to.
When you check your email or visit a website, your modem takes your request, labels it with its IP address and sends it off to the appropriate server which then replies to your modem which sends it back to your device. If you have many devices on the same network, like in an office, they all use the same IP address. If you’re travelling around with a mobile device it might connect to lots of different networks and your IP address changes each time.
So what is this blocking business all about then?
IP addresses get blocked when someone is repeatedly trying to break into our server with invalid login details. This isn’t just someone trying to guess your password once or twice. Hackers try and break in using ‘brute force attacks’ — they use an algorithm weapon which can cycle through millions of password combinations a minute. If they get in, they’ll have complete access to your emails, your website files and they can set-up spam bots to send out bogus scams and virus from YOUR email address. It’s a very horrible thing, so we have to make sure we stay extremely vigilant and follow the correct procedure of blocking IP addresses that look suspicious. And trying to get access to our server repeatedly with incorrect login details looks VERY suspicious.
Unfortunately sometimes a clients device isn’t setup correctly and will try to access the server with incorrect login details and the IP gets blocked the same as a hacker.
Why whitelisting compromises YOUR security.
Unfortunately our servers have no way of knowing if an IP address belongs to you or a dirty hacker. IP addresses can actually be falsified, i.e pretend to be someone else. So whitelisting your IP address will let you in — but it might also let hackers in too. The other issue is that IP addresses can change. Your IP address for your office modem today doesn’t mean it will be the same one tomorrow.
Why Whitelisting is bad for everyone else on the server.
Each account on our server is protected individually from each other, so if one account gets hacked — the others are still safe. But if a hacker gains access to our server the damage the they can do to the reputation of the server can actually cause problems for everyone. For example, if a hacker gets access to an email account and uses it to send spam everywhere. It won’t take long before our server gets flagged as being dodgy. Then everyone will find their emails are automatically getting flagged as spam. In some ways we’re all in this together, so it’s our duty not to ever put all of our customers at risk by whitelisting an individual customers IP address.
What to do if you get blocked.
If you find suddenly that you can’t see your website and your emails aren’t working, but you can see other websites. Chances are you have been blocked. Call us, or raise a support ticket by emailing support@activehost.co.nz (of course you’ll need to do this outside of your network. So turn off the wifi on your mobile first). But before you do so, type ‘what is my IP’ into google and take note of your IP address.
- We will unblock your IP address.
- We can reset your password if required.
- We can send information on how to properly configure email settings.
- We will check that there hasn’t been any hacking attempts.
- We can provide off-site support via screen share to configure your devices correctly.
What to do if you keep getting blocked?
Usually this happens because there is a device somewhere on your network that hasn’t had the email settings entered correctly. Perhaps your email password was updated but an iPad is lurking about which wasn’t updated and somebody has picked it up and turned it on. Devices can automatically try and check for emails every few minutes. Remember it could be ANY device that connects to your network, such as employee’s device, or even an ex-employee who has popped in for a visit if their device can still connect to your network to check an old email address.
- Make sure ALL of your devices have the correct passwords. Maybe you typed one incorrectly when setting up. Often this happens with a new device.
- Check that you’re actually using the correct and latest email settings. If in doubt, check with us and we can resend your settings to you.
IT Tech Support
If you are unable to resolve the issue you’ll need to get an on-site IT Support Technician to come and go through all your devices and settings. As we are not a General IT Support company, we cannot offer this. We run the hosting servers but are not responsible for your internal IT affairs such as fixing printers, removing viruses or setting up computers. That is general IT support.
At times this can cause some confusion as to responsibility, especially when you are paying for a service but it’s not working. A good analogy is how you pay a power company to provide power to your house — but you cannot expect them to come and fix your fridge, you need an electrician.