Sometimes, when you go to a website or try to access a resource online, you may get a message saying, "Your IP address has been temporarily blocked" or something similar. This article explains why it happened and what steps you can take to resolve it.
- What is an IP Address?
- Okay, so why was my IP address blocked?
- What is a IP address blacklist or blocklist website?
- Existing bad history with your IP address
- Too many requests in a limited block of time
- Brute force attacks
- DDoS attacks
- Multiple unsuccessful login attempts
- Certain user-agents
- Certain software, extensions or malware running on your computer
- Using VPN or proxy server
- Your ISP may have been blocked
- How do I find if my IP address is on any blacklist or blocklist?
- So how do I get my IP addresses unblocked?
- Conclusion
What is an IP Address?
An IP address is a series of numbers that uniquely identifies a device on the network. Think of it as a telephone number or mailing address. Any device that gets on the network or Internet will be allocated an IP address by the Internet Service Provider (ISP). An IP address is retained by the device for a limited period of time, either temporarily or permanently.
Whenever you visit a website or access a resource, your IP is sent to the webserver, along with other bits of information about you (your browser, operating system info, screen resolution, languages supported by your browser, etc). You can find what all your browser is sending on our home page.
An IP address acts like a virtual address, and does not have to be permanent. It is usually assigned for a period of time.
Okay, so why was my IP address blocked?
If an Internet user abuses a website, the website / network administrators can block or ban that user from accessing that website and the resources on that website.
Website administrators and/or network administrators can control acccess to either the whole website or sections of it, depending on the website policies.
It is possible that someone within your network, beyond your router, was abusing a website or engaged in unlawful activities. There are a whole bunch of reasons. Some of these reasons may overlap with others. Read on for each possible reason and solution.
You can check if your IP address is on any blocklist or blacklist website
What is a IP address blacklist or blocklist website?
An IP address blacklist or blocklist website is a third party website that contains a list of IP addresses that have been involved in malicious activities.
Existing bad history with your IP address
How did your IP address get into one of these IP blacklist databases?
If your Internet Service Provider (ISP) had just assigned you an IP address and it was an IP with a bad history, that is, the previous person this was assigned to was a serial abuser or attacker or did malicious activities, your IP may be on a permanent block list. This is called block listing (or blacklisting).
The website blocked your IP address and other IP addresses within a range that included yours, but while the malicious user got assigned a new IP address, their tainted IP was reassigned to you.
How to resolve this
Turn off the modem, router or gateway router for 5 minutes or longer. Do a power cycle of the router. This may force the ISP to reassign you and new one.
Another option would be to contact the website and let them know that you were assigned an IP address that was previously blacklisted by this website and request them to remove the IP from their blacklist database.
Too many requests in a limited block of time
Some malicious spammers and abusers use automated programs to retrieve web pages. Frameworks like Selenium, as well as various libraries and tools make it easier to automate the retrieval of webpages. If they run the programs excessively, the website admins can block the IP address, either for a short period of time or permanently, depending on the terms of service.
Most websites and RESTful API services have limits and burst limits to restrict excessive access counts, in order to keep thw website up and allow other visitors to have a good user experience. So, they may have policies in place to automate blocks.
For example, Nginx web server has the option to limit access with rate limiting using limit_req_zone
directive.
Brute force attacks
A brute force attack is an old technique of cracking passwords or gaining unauthorized access to systems with credentials. Brute force attacks can also be used to decrypt encrypted data, and are used in several other scenarios.
Malicious users apply trial and error on the username/password combination to pass authentication. These combinations cycle within a range of known data. By flooding the system with a barrage of username/password credentials, at some point, it the combination may be the right one, and the system gets compromised. The user then gets to access the account like a regular user and do their intended goal. Dictionary words used as passwords can be found within a second. More complicated passwords can take longer.
If a user is constantly attempting a series of failed logins and the speed appears a little fast or the passwords appear to be sequential, it is a red flag for the system.
There are tools like Fair2Ban that detect and restrict brute force attacks to ban specific IP addresses after a noted number of attempts.
If the previous assignee of your IP address was into something malicious like this, there is a good chance that your IP address is in the ban list.
It is also possible that your IP address may have been in a blacklist database. You can check if your IP address is in a blacklist database with our online utility.
DDoS attacks
A distributed denial of service or DDoS attack is a series of multiple, concurrent attacks on a service (webserver, network device, applications, etc), where other people are unable to access the resources. This happens by making several HTTP requests and drowning the system with fake requests for data.
For example a DDoS attack can involve sending thousands of requests per second to a webserver and with this load, the webserver can crash. The crash can be due to CPU, RAM and/or network bandwidth being directly affected.
DDoS botnets are usually the hub of DDoS attacks, and these botnets consist of hundreds of thousands of zombie machines, and the owners probably do not even know that their machine is being used for something malicious.
If someone in your geographical viscinity or subnet was involved in a DDoS attack, the target of the bot attacks would have blocked everyone in the network. And if the targets publicize the IP address range of the botnet attackers, these IP addresses would probably be blocked on a global scale and find their way in most or all the blacklist databases.
Multiple unsuccessful login attempts
This is related to brute force attacks. Some people incorrectly make multiple login attempts manually and after a given number of attempts, their IP addresses can be blocked.
This is different from brute force attacks which usually is merciless and follows a pattern, like a sequence or a dictionary list alphabetically or so.
In this case, the IP block may usually be temporary.
Certain user-agents
Bots and automated scripts may sometimes contain user-agent strings showing what they are. They usually have the word bot
in their user-agent string. Certain websites will ban the IP address that hits them with any of these words in their user-agent strings:
(360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|majestic|mechanize|mj12bot|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|rogerbot|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg)
These are just a few bots and spiders that can create nuisance by flooding a website or API service with calls. Of course, if the developer spoofs the user-agent by using a regular Mozilla-themed user-agent, the bot or spider cannot be correctly dentified. I get several of this every now and then, and block the offending IP address that spams me. I usually block repeat offenders at firewall level or Nginx level.
Certain software, extensions or malware running on your computer
This is a silent reason for your IP address and range to be blocked. You may have installed a software or malware that constantly sends out undesirable web requests to servers that end up blocking your IP address.
There are even Google Chrome and other web browser extensions that spam the breath out of certain websites for which they do not have authorization.
There are coupon code saving extensions that can are silent spammers.
Using VPN or proxy server
Some websites have code to detect if you are using a VPN or proxy servers. You can check if you are behind a proxy server.
If you are, your IP address can automatically be dumped into a blocklist. There are several reasons for this. Maybe the website does not want people in a certain geographical area to access their resources, for political reasons. Maybe they have had a bad experience with visitors from that IP address range or geographical area. So, they decided to ban you and the entire area. That's just a possibility and has happened quite a bit.
Some video content providers want only visitors from what they call a "Tier 1 country", that is the US, England, Australia to have access to their website and automatically block everyone else. That is an example of whitelisting or allowlist.
Your ISP may have been blocked
Sometimes, spammers and nefarious users may continually be abusing web resources and their Internet Service Providers (ISP) may just be ignoring the repeated complaints. The web administrators would end up blocking all IP addresses owned by this ISP. This is not a rare scenario, though it affects innocent users.
How do I find if my IP address is on any blacklist or blocklist?
You can use our IP address blacklist checker utility to see if your IP address has been condemned.
So how do I get my IP addresses unblocked?
-
Email the website administrator of the website that's blocking you. Include in your email that you have nothing to do with the reasons for your IP address being blocked.
-
Change your IP address by turning off your router and waiting for at least 2 minutes.
-
If you use a proxy server, use a highly anonymous paid proxy service. Also, clear the browser cache before getting connected to the Internet. Your cookies may give you away.
-
If your IP address has been given a lifetime ban by those websites that you want to visit, you may still be able to access them by using a different ISP. This can be by accessing the resource from a public library or changing your Internet provider.
-
Change your Internet Service Provider. This can be a drastic move.
-
If you have intentionally abused web services or websites, or have been posting garbage comments, then shame on you! You deserve to be blocked.
Conclusion
This article contained a limited list of reasons for IP addresses being blocked, and will be updated regularly. There are always new reasons cropping up every now and then. If you have a related experience to share, you can comment below or email me. Thank you for reading.
Related Posts
If you have any questions, please contact me at arulbOsutkNiqlzziyties@gNqmaizl.bkcom. You can also post questions in our Facebook group. Thank you.