phlarebot's profile

New Poster

 • 

2 Messages

Thu, Feb 13, 2020 1:00 PM

Closed

xFi Advanced Security is blocking my company's website

One of my company's product domains is being blocked by xFi Advanced Security.

https://v2.hostfully.com is the subdomain that serves our guidebook platform, and it works fine when i have this featured disabled, but when i turn on xFi Advanced Security, I get a message (different depending on the browser) about not being able to load the page because a secure connection cannot be established.

 

Can this be investigated to find out why?    I had a similar issue about 4 months ago with Xfinity's "Protected Browsing" which was (at least then) powered by the categorization database at https://tools.zvelo.com/

fixing our negative categorization there resolved the issue, but now a few months later the issue reappears even though Zvelo still shows our site as safe (as does every other categorization site i can find)

anyway,  any help to point me in the right direction would be useful.   At the moment i just tell any customers that report this to turn off this feature in xFi because it's buggy, but i'd like to solve the root cause.

EG

Expert

 • 

90.4K Messages

1 y ago


@josephpannone wrote:

Not an IP issue


I didn't say that it was. I just was replying to others with some info.

New Poster

 • 

1 Message

1 y ago

I'm having the same problem accessing my company website.  I'm able to access it on my iphone when going through the Sprint network but not from my home xfinity network.  I have disabled XFi Advanced Security but it is still not working. When I do a traceroute I get a "Request timed out" at hops 9,10,11,12,13, and 14 and then get a message that "destination protocol unreachable".  Please help.

Frequent Visitor

 • 

6 Messages

1 y ago

My domains are also being blocked!  Who do we complain to?  Going on 5 days now!

Support keeps asking the same questions.

Comcast acknowledges this is their issue, but won't fix it!

 

NFrankel236

Contributor

 • 

138 Messages

1 y ago

Let's face it - THEY DON'T CARE!   I have a bunch of sites being blocked as well - THEY DON'T CARE!

Frequent Visitor

 • 

6 Messages

1 y ago

I found a workaround.

 

I switched from the Comcast DNS to another and I can get to my sites.

 

 

New Poster

 • 

1 Message

1 y ago

Xfi was completely blocking my Mac from connecting to my wifi.  I had to shut off "Advanced" Security to remedy.  Basically Xfinitiy decided that my companies security software was a risk.  Cost me 3 days.  Be looking for alternatives to comcast in the near future.

Regular Visitor

 • 

2 Messages

1 y ago

Comcast/Xfinity,

 

I'm having the same issue, what is the deal? I cannot access any of our corporate websites all of a sudden. This is a major issue that needs a quick resolution.

 

Turning off advanced security is NOT a solution. How am I supposed to advise potential customers using xFi? Our websites utilize a shared IP and run on a secure server that has a real-time Malware scanner/blocker. This is not a shared hosting setup, this is a Managed VPS setup.

 

We need a solution ASAP.

 

Kind regards,

John

XfinityJosh

Official Employee

 • 

131 Messages

1 y ago

Hi @johnnybravo1  We understand how upset everyone on this forum is about their website being blocked by the xFi advance security and we have a ticket put in to fix the issues.  We will need you all to post the URL of each website and we will add those to the list with the others we already have.  We do have a ticket linking all of them together to be unblocked etc.   Thanks again we are doing it as fast as possible!  The only thing that can be done in the time being is for each person trying to access a blocked website to turn off advanced security etc. 

Frequent Visitor

 • 

8 Messages

1 y ago

After 2 weeks clear,  getting blocked from work website again.

-Can get through with vpn
-Website is clear of all blacklists
-Comcast ip appears on 3 blacklists,   guessing that could be the culprit.

When things work, Comcast is the best service around, you also pay a premium price for it to run properly.

This  issue has remained unresolved for far too long. I  believe that Comcast has experts who can solve this, but there's not enough similar cases to justify a systemic issue &  layers of incompetence holding up a fast fix. For that reason, unless catastrophic, I generally avoid going through Comcast support ladder, wasting a lot of time on script jockeys,  getting to a qualified tech.


Thanks for trying though.

 

 

 

Frequent Visitor

 • 

8 Messages

1 y ago

Forgot add Comcast ip, is on the following blacklists.

 

dul.dnsbl.sorbs.net
dnsbl.spfbl.net
dnsbl.sorbs.net

Frequent Visitor

 • 

6 Messages

1 y ago

I turned off "advanced security" that does not help.  Read the thread above, please.

Frequent Visitor

 • 

8 Messages

1 y ago

FYI, I can access your sites on  comcast

Frequent Visitor

 • 

6 Messages

1 y ago

I cannot access:

www.cwdash.com 

www.forzadash.com

 

I believe it's something the sites are referring to that you have blocked.  

New Poster

 • 

3 Messages

1 y ago

Our website is also getting blocked by xFi Advanced Security so many Xfinity/Comcast users can't access our website right now. When many Xfinity/Comcast users visit our website they see this (or similar) error message no matter which browser they use:

SSL_PROTOCOL_ERROR

And the only way they can access our site is to go into xFi Advanced Security settings and disable it. Once they do this, the site loads fine. When visitors go into their xFi Advanced Security "threat history" it says "1 suspicious site visit" and then it says "content from ____________ was blocked" (our website URL is listed; however, I do not want to post it publicly because it could hurt reputation). And this block is causing this error which prevents Xfinity/Comcast users from visiting our site.

Our site is 100% safe and clean and always has been. We're not on any type of blacklist and no other ISP or security programs have issues with our website. This is a false positive in the xFi Advanced Security settings and we need Comcast/Xfinity to whitelist our domain so this stops happening as soon as possible.

In this thread @ComcastJosh says he will whitelist domains that are being accidentally blocked by xFi advanced security. So we would like to know how to get our website whitelisted as soon as possible because this block that xFi Advanced Security put into place is really hurting our small family run business right now.

Please private message me to get website URL. I do not want to publicly post our URL since it will do additional damage to our reputation.

Regular Visitor

 • 

2 Messages

1 y ago

Hi All,

 

After 3 days of banging my head against my screen and multiple calls to Support with no resolution. I figured out what was causing my problem. Unsecure FTP.

 

I have 27 websites running off a single IP, when I FTP into each, I usually do so over SFTP. One of my FTP accounts was connecting over standard FTP.  I tested this theory and I was able to recreate the block.

 

First thing you need to do, log into your Xfinity account online, go to Internet > Network > Advanced Security. From here, click on your device, if you see "Unauthorized Access Attempt" chances are you are facing the same problem I did. Don't click "Help Me Fix It" because it won't. Instead click "More About This Threat" and then Click on "Threat History" you should see your sites IP address there with a message like; "Are you or someone you know trying to access this device" and a random port number. Click allow access, and see if you can now access your site.

 

Try connecting to FTP unsecure again and it will trigger another block. I did this several times to confirm that FTP was the culprit. I re-setup my FTP connnection to use SFTP and tried this experiment again and all is well. No more blocking.

 

One thing that helped me in this process was https://downforeveryoneorjustme.com/ - Everysite I tested was just down for me. 

 

Hopefully this helps someone.

 

Kind regards,

John

New to the Community?

Start Here