BIZARRE Web Connection Problem

Post by David Kaye
Okay, get this.
I was over at a friend's house and tried to go to www.honestdave.us but
Chrome timed out. Okay, I used IE and it timed out. Odd. I pinged
honestdave.us and the DNS came back with 31.170.163.79 but the test packets
wouldn't come back. I turned off the firewall, Avast, and everything else I
could think of. No dice. I even loaded in safe mode. Still nothing.
Neil's service is with Comcast.
[...]
Does anybody have ANY ideas about what's going on here?

I'm on Comcast in Los Altos.

Your website www.honestdave.us comes up fast and fine.

pinging honestdave.us is fine although strangly "long" for
a San Franciso destination -- it's more like a ping to the
USA East Cost, see below.

A traceroute shows routing through South Caroline on at least 3 hops,
see below. 67.23.161.143, 67.23.161.129 and 208.69.231.10 are all
in South Carolina.

I hope the traceroute provides a clue.

Thad

procyon bash 2990/2998> date
Fri Jan 10 01:01:52 PST 2014
procyon bash 2990/2998> ping honestdave.us
PING honestdave.us (31.170.162.184) 56(84) bytes of data.
64 bytes from 31.170.162.184: icmp_seq=1 ttl=48 time=85.1 ms
64 bytes from 31.170.162.184: icmp_seq=2 ttl=48 time=84.8 ms
64 bytes from 31.170.162.184: icmp_seq=3 ttl=48 time=84.4 ms
64 bytes from 31.170.162.184: icmp_seq=4 ttl=48 time=83.8 ms
64 bytes from 31.170.162.184: icmp_seq=5 ttl=48 time=83.8 ms
^C
--- honestdave.us ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4381ms
rtt min/avg/max/mdev = 83.831/84.421/85.119/0.518 ms
procyon bash 2990/2998> traceroute honestdave.us
traceroute to honestdave.us (31.170.162.184), 30 hops max, 60 byte packets
1 router (172.20.20.1) 1.369 ms 2.933 ms 3.202 ms
2 cablegw (24.6.16.1) 12.601 ms 18.012 ms 19.438 ms
3 te-0-1-0-6-ur06.santaclara.ca.sfba.comcast.net (68.85.216.13) 19.841 ms 19.932 ms 20.008 ms
4 te-0-5-0-1-ur05.santaclara.ca.sfba.comcast.net (69.139.198.101) 19.530 ms te-1-1-0-12-ar01.oakland.ca.sfba.comcast.net (69.139.199.102) 21.506 ms te-1-1-0-11-ar01.oakland.ca.sfba.comcast.net (69.139.199.98) 21.947 ms
5 te-1-1-0-4-ar01.sfsutro.ca.sfba.comcast.net (68.85.155.66) 25.160 ms be-90-ar01.sfsutro.ca.sfba.comcast.net (68.85.155.14) 23.243 ms 23.339 ms
6 he-3-8-0-0-cr01.sanjose.ca.ibone.comcast.net (68.86.94.85) 25.279 ms 24.832 ms 23.684 ms
7 pos-0-9-0-0-pe01.11greatoaks.ca.ibone.comcast.net (68.86.88.110) 28.556 ms 19.838 ms 21.245 ms
8 as20115-pe01.11greatoaks.ca.ibone.comcast.net (75.149.231.202) 21.209 ms 21.718 ms 17.665 ms
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 75-131-187-34.static.gwnt.ga.charter.com (75.131.187.34) 86.203 ms 84.792 ms 86.486 ms
18 67.23.161.143 (67.23.161.143) 91.116 ms 97.903 ms 96.582 ms
19 67.23.161.129 (67.23.161.129) 95.172 ms 97.921 ms 85.917 ms
20 ashv1.main-hosting.com (208.69.231.10) 91.277 ms 89.667 ms 89.354 ms
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
procyon bash 2990/2998>

Thad Floryan

2014-01-10 09:29:26 UTC

[...]
A traceroute shows routing through South Carolina on at least 3 hops,
see below. 67.23.161.143, 67.23.161.129 and 208.69.231.10 are all
in South Carolina.

Here's a thought: there may be some massive outages due to
the Polar Vortex hitting most of the USA right now causing
temperatures to approach those in Antarctica.

HOWEVER, http://www.internettrafficreport.com/ shows the USA to be OK

http://www.internetpulse.net/ shows LEVEL 3 to be in a critical doo-doo
state.

http://ipnetwork.bgtmo.ip.att.net/pws/current_network_performance.shtml
is not displaying anything right now -- AT&T must be down or something

http://www.verizonenterprise.com/about/network/latency/ seems OK

http://www.internetworldstats.com/america.htm seems OK

Thad

Thad Floryan

2014-01-10 09:47:43 UTC

Post by Thad Floryan
[...]
I hope the traceroute provides a clue.
[...]
7 pos-0-9-0-0-pe01.11greatoaks.ca.ibone.comcast.net (68.86.88.110) 28.556 ms 19.838 ms 21.245 ms
8 as20115-pe01.11greatoaks.ca.ibone.comcast.net (75.149.231.202) 21.209 ms 21.718 ms 17.665 ms
9 * * *
10 * * *

Seeing 11greatoaks.ca reminded me that Tata, from India, is located there
also and for unknown reasons often appears in "some" (not all) traceroutes
going through the 11 Great Oaks data nexus. Makes me wonder if India is
in "some" paths which could/would explain "some" problems.

The "offending" Tata IP is usually 209.58.116.22

I'm quite familiar with the "stealthed" facility at 11 Great Oaks in San Jose
because I've maintained many colo operations there; one example:

http://thadlabs.com/FILES/Thad_San_Jose_colo_2006.07.10.pdf 28kB

I reran the traceroute with -m 100 for a 100-hop timeout but nada, no

Post by Thad Floryan
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
[...]

Thad

Thad Floryan

2014-01-10 10:10:32 UTC

Post by David Kaye
[...]
Chrome timed out. Okay, I used IE and it timed out. Odd. I pinged
honestdave.us and the DNS came back with 31.170.163.79 but the test packets
[...]

This is interesting: I ping or traceroute honestdave.us and get 31.170.162.184
for the IP address.

Sounds like a DNS FUBAR SNAFU "somewhere".

Also note this (on a different system):

$ wget -S --spider http://www.honestdave.us
Spider mode enabled. Check if remote file exists.
--2014-01-10 02:08:32-- http://www.honestdave.us/
Resolving www.honestdave.us (www.honestdave.us)... 31.170.162.184
Connecting to www.honestdave.us (www.honestdave.us)|31.170.162.184|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Date: Fri, 10 Jan 2014 10:08:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Connection: close
Content-Type: text/html
Length: unspecified [text/html]
Remote file exists and could contain further links,
but recursion is disabled -- not retrieving.

Thad

David Kaye

2014-01-10 11:17:34 UTC

Post by David Kaye
[...]
Chrome timed out. Okay, I used IE and it timed out. Odd. I pinged
honestdave.us and the DNS came back with 31.170.163.79 but the test packets
[...]

This is interesting: I ping or traceroute honestdave.us and get 31.170.162.184
for the IP address.
Sounds like a DNS FUBAR SNAFU "somewhere".

In the time since my original post a couple hours ago the IP was moved from
*.79 to *.184. Since the hosting is done on a shared system I'm assuming
that it was moved for some kind of efficiency matter. In fact, now that
I've looked up my original records for each website host they've all changed
IPs. All are in the 31.170.*.* IP range, though.

I've used various traceroute hosts and indeed things seem to get stuck at
the second 11greatoaks hop. I just tested traceroute against archive.org
(which is actually running servers at Funston & Clement in SF) and there are
10 quick hops.

Hmmm...I've been trying some of the links on the archive.org website and
getting connection failures. I'm trying lumeta.com (the internet mapping
spin-off from Bell Labs) and I get DNS resolve, but no ping packets back.
Traceroute gets stuck at San Jose alter.net, which I assume is the Verizon
alter.net these days.

Roy

2014-01-10 14:52:30 UTC

The weirdness probably has to do with the fact that 31.170.162.184 is
controlled by the IP address people in Europe. It was issued to a
company in Lithuania.

Post by David Kaye
[...]
Chrome timed out. Okay, I used IE and it timed out. Odd. I pinged
honestdave.us and the DNS came back with 31.170.163.79 but the test packets
[...]

This is interesting: I ping or traceroute honestdave.us and get 31.170.162.184
for the IP address.
Sounds like a DNS FUBAR SNAFU "somewhere".

In the time since my original post a couple hours ago the IP was moved from
*.79 to *.184. Since the hosting is done on a shared system I'm assuming
that it was moved for some kind of efficiency matter. In fact, now that
I've looked up my original records for each website host they've all changed
IPs. All are in the 31.170.*.* IP range, though.
I've used various traceroute hosts and indeed things seem to get stuck at
the second 11greatoaks hop. I just tested traceroute against archive.org
(which is actually running servers at Funston & Clement in SF) and there are
10 quick hops.
Hmmm...I've been trying some of the links on the archive.org website and
getting connection failures. I'm trying lumeta.com (the internet mapping
spin-off from Bell Labs) and I get DNS resolve, but no ping packets back.
Traceroute gets stuck at San Jose alter.net, which I assume is the Verizon
alter.net these days.

Thad Floryan

2014-01-11 00:37:39 UTC

Post by Roy
The weirdness probably has to do with the fact that 31.170.162.184 is
controlled by the IP address people in Europe. It was issued to a
company in Lithuania.

Post by David Kaye
[...]
Chrome timed out. Okay, I used IE and it timed out. Odd. I pinged
honestdave.us and the DNS came back with 31.170.163.79 but the test packets
[...]

This is interesting: I ping or traceroute honestdave.us and get 31.170.162.184
for the IP address.
Sounds like a DNS FUBAR SNAFU "somewhere".

Hah hah! Yep, GoDaddy FUBAR SNAFU at its finest! :-)

And if one examines the inetnum range:

31.170.160.0 - 31.170.163.255

for whom the contact is ***@hostinger.com where one finds that Cyprus
and the Ukraine enter stage right for more fun and hilarity. I'm very
surprised Albania, Bulgaria and North Vietnam aren't party to this, too.

Sounds like good reasons to completely avoid GoDaddy.

Thad

Thad Floryan

2014-01-11 00:42:05 UTC

Post by Thad Floryan
[...]
and the Ukraine enter stage right for more fun and hilarity. I'm very
surprised Albania, Bulgaria and North Vietnam aren't party to this, too.

Sorry - I was laughing so hard I meant to type "... North Korea and Vietnam"

Thad

Roy

2014-01-11 15:40:55 UTC

I don't see why you are blaming Godaddy. That IP address is where the
website is and that is chosen by the OP

Post by Roy
The weirdness probably has to do with the fact that 31.170.162.184 is
controlled by the IP address people in Europe. It was issued to a
company in Lithuania.

Post by David Kaye
[...]
Chrome timed out. Okay, I used IE and it timed out. Odd. I pinged
honestdave.us and the DNS came back with 31.170.163.79 but the test packets
[...]

This is interesting: I ping or traceroute honestdave.us and get 31.170.162.184
for the IP address.
Sounds like a DNS FUBAR SNAFU "somewhere".

Hah hah! Yep, GoDaddy FUBAR SNAFU at its finest! :-)
31.170.160.0 - 31.170.163.255
and the Ukraine enter stage right for more fun and hilarity. I'm very
surprised Albania, Bulgaria and North Vietnam aren't party to this, too.
Sounds like good reasons to completely avoid GoDaddy.
Thad

David Kaye

2014-01-11 21:58:24 UTC

Post by Roy
I don't see why you are blaming Godaddy. That IP address is where the
website is and that is chosen by the OP

Exactly. I have not found any problems with pointing domains registered
with GoDaddy anywhere. And the propagation was remarkably fast. I'm used
to waiting a day or two, but Godaddy managed to propagate the changes within
minutes.

Now I've never had anything hosted by them and don't intend to; I don't
believe in having registration and hosting with the same folks -- too much
power.

Thad Floryan

2014-01-11 22:44:07 UTC

Post by Roy

Post by Roy
The weirdness probably has to do with the fact that 31.170.162.184 is
controlled by the IP address people in Europe. It was issued to a
company in Lithuania.

Post by David Kaye
[...]
Chrome timed out. Okay, I used IE and it timed out. Odd. I pinged
honestdave.us and the DNS came back with 31.170.163.79 but the test packets
[...]

This is interesting: I ping or traceroute honestdave.us and get 31.170.162.184
for the IP address.
Sounds like a DNS FUBAR SNAFU "somewhere".

[...]
I don't see why you are blaming Godaddy. That IP address is where the
website is and that is chosen by the OP

Oh? I really doubt David deliberately chose Lithuania.

Do a whois on all the relevant TLDs shown in the whois for hostinger.com
and you'll note GoDaddy is associated with ALL of them.

I don't know how you feel about yours, but I don't want the Ukraine, Cyprus,
and similar countries associated with my domain(s).

Plus, GoDaddy does NOT have a good reputation -- Google it.

Thad

David Kaye

2014-01-12 06:02:34 UTC

Oh? I really doubt David deliberately chose Lithuania. [....]
I don't know how you feel about yours, but I don't want the Ukraine, Cyprus,
and similar countries associated with my domain(s).

I figured that 000webhost.com was foreign, probably German or Polish, but
even if it's Lithuanian, it doesn't matter much to me as long as the web
service works, which it does. I mean, heck, what are people concerned about
when it comes to foreign hosting? Privacy...well, DUH, just take a look at
the way Target neglects to protect the privacy of its customers. NSA?
Well, don't look now, but the big American hosting companies roll over and
play dead when the NSA comes calling. Heck, it may be even better to be
hosted in Lithuania. But, my websites are simple, informative sites that
don't require e-commerce or anything fancy.

Plus, GoDaddy does NOT have a good reputation -- Google it.

The only bad thing I've head about GoDaddy is that it's hard to wrest
webhosting back from them when you don't want to use them anymore. Since I
don't use them for hosting, that's not an issue. When it comes to release
of domain name registration, well before GoDaddy I used Network Solutions,
and THAT was a pain to deal with. In fact, when I worked for TeleResults,
Network Solutions managed to have TWO domain records for them, one as
"teleresults.com" and one as "TeleResults.com", one pointing to the old host
and one pointing to the new host. It was a nightmare and something that NS
should have handled. While there is capitalization in Unix/Linus, case
doesn't matter in domain names. They should have caught that kind of thing.
I mean, heck, Network Solutions, the guys who started it all.

I went with GoDaddy because it had the most registrations, and I hadn't
heard anything bad about them, except the usual griping. I figured that if
they commanded 20% of the registrar traffic there must be a reason. Again,
as a registrar I've had no problem with them.

Roy

2014-01-12 06:25:59 UTC

Oh? I really doubt David deliberately chose Lithuania. [....]
I don't know how you feel about yours, but I don't want the Ukraine, Cyprus,
and similar countries associated with my domain(s).

Just because the IP address is registered to Lithuania doesn't mean that
the host is there. It could be in the US for that matter. In fact,it
would appear from the traceroutes I have run that honestdave.us
(31.170.162.184) is located in the SouthEastern US and most probably
Greenville, SC.

The problem can occur when the routing tables are changing. The specific
route to a US host could be lost and then a more general route to Europe
could take over.

Igor Sviridov

2014-01-12 06:26:59 UTC

hi,

Post by Thad Floryan
Plus, GoDaddy does NOT have a good reputation -- Google it.

Even easier:
http://en.wikipedia.org/wiki/Go_Daddy#Controversies

My personal problems with GoDaddy are constant attempts to upsell.
This makes their web UI incredibly cluttered, and things which can be done with just 1-2 clicks
in other registrars take many screens. Since it appears impossible to turn upselling off i just
move domains away from GoDaddy when i need to manage them.

GoDaddy does have a few convenient features, such as back-ordering; they do exist in other
registrars, but GoDaddy's implementation is good.

As far as registrars do i recommend Tucows (you need to become a reseller, use one of the resellers or use Hover)
and Gandi. Joker was alright too, but it had it's share of troubles.

--igor

Dave Barnett

2014-01-13 23:04:51 UTC

Post by David Kaye
I figured that 000webhost.com was foreign, probably German or Polish, but
even if it's Lithuanian, it doesn't matter much to me as long as the web
service works, which it does. I mean, heck, what are people concerned about
when it comes to foreign hosting? Privacy...well, DUH, just take a look at
the way Target neglects to protect the privacy of its customers. NSA?
Well, don't look now, but the big American hosting companies roll over and
play dead when the NSA comes calling. Heck, it may be even better to be
hosted in Lithuania. But, my websites are simple, informative sites that
don't require e-commerce or anything fancy.

Looking at that IP it's quite a few AS hops down the chain. You can
start here:

http://www.cidr-report.org/cgi-bin/as-report?as=47583&view=2.0

Two upstream providers - both of which I've never heard of. From the
route server at route-views.oregon-ix.net the best path is six hops away:

4436 20115 15085 15085 15085 47583

Hostinger --> Immedion (prepended 3 times) --> Charter --> Nlayer

It may also be blocked by some ISP's. But the connectivity is kinda
shaky to start with.

FWIW - it's working right now from Comcast in Nevada City, CA. Here's
my traceroute:

1 192.168.33.254 (192.168.33.254) 0.663 ms 1.439 ms 1.822 ms
2 (96.120.14.149) 11.423 ms 17.533 ms 18.562 ms
3 te-9-4-ur02.yubacity.ca.ccal.comcast.net (68.87.213.133) 18.769 ms
18.837 ms 18.888 ms
4 te-8-1-ar02.fresno.ca.fresno.comcast.net (68.87.200.33) 25.222 ms
26.178 ms 26.333 ms
5 he-1-1-0-0-10-cr01.losangeles.ca.ibone.comcast.net (68.86.95.33)
33.946 ms he-1-2-0-0-10-cr01.losangeles.ca.ibone.comcast.net
(68.86.93.113) 35.917 ms
he-1-1-0-0-10-cr01.losangeles.ca.ibone.comcast.net (68.86.95.33) 29.069 ms
6 pos-0-2-0-0-pe01.600wseventh.ca.ibone.comcast.net (68.86.87.154)
29.177 ms 32.856 ms 32.563 ms
7 prr01lsanca-tge-0-0-0-11.lsan.ca.charter.com (96.34.156.5) 31.520
ms 31.801 ms 31.859 ms
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 75-131-187-34.static.gwnt.ga.charter.com (75.131.187.34) 93.544 ms
89.515 ms 88.446 ms
18 67.23.161.143 (67.23.161.143) 95.803 ms 94.773 ms 100.080 ms
19 67.23.161.129 (67.23.161.129) 93.506 ms 93.630 ms 92.668 ms
20 ashv1.main-hosting.com (208.69.231.10) 101.064 ms 97.011 ms 93.605 ms
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

Dave B.

---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com

David Kaye

2014-01-11 21:51:31 UTC

Post by Thad Floryan
and the Ukraine enter stage right for more fun and hilarity. I'm very
surprised Albania, Bulgaria and North Vietnam aren't party to this, too.
Sounds like good reasons to completely avoid GoDaddy.
Thad

GoDaddy has nothing to do with it. Well, they do have something to do with
the fact that I can't point the mail anywhere, but that's another matter. I
point the GoDaddy domains to this web host, which goes by the name of
000webhost.com. Until now it's been working really well. I have used it to
host 5 websites (my games group, honestdave, my attempt at becoming a
software mogul, and some other personal sites) and all have worked extremely
well, fast loading, etc. UNTIL NOW.

Okay, 000webhost.com offers free basic hosting including scripts, mySQL,
etc. As long as it's not involved and traffic isn't havey, they host it for
free. I've been with them for years.

Previously one site was hosted on Monkeybrains, but Rudy is too busy to
return phone calls or emails, and I can't get write permissions anymore.
So, Monkeybrains is out. Laughing Squid? Well, ever since Scott Beale
moved to NYC and got into Serious Blogging, he makes more money off his
blogging than off his web hosting, and thus it seems to be a lower priority
I've been told.

So, if I continue to have trouble with 000webhost.com, can someone recommend
a local company or at least one on this continent that also offers free web
hosting, mySQL, etc? ANYONE?

Thanks.

Keith Keller

2014-01-11 22:26:45 UTC

Post by David Kaye
So, if I continue to have trouble with 000webhost.com, can someone recommend
a local company or at least one on this continent that also offers free web
hosting, mySQL, etc? ANYONE?

Free? You get what you pay for. If you're really cheap, your traffic
isn't heavy, and you can tolerate downtime, host your own server at home.
I do this for my personal site, and it works just fine, but my needs are
very basic. If one of these three doesn't apply, then you shouldn't
skimp. Pay a few bucks to go with someone reliable (again, Sonic is good
for web hosting, though I admit my needs there are simple too, so I
don't know how they fare for higher volume sites).

--keith

--
kkeller-***@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information

David Kaye

2014-01-11 22:44:30 UTC

Post by Keith Keller
Free? You get what you pay for. If you're really cheap, your traffic
isn't heavy, and you can tolerate downtime, host your own server at home.

But the fact of the matter is that the HOST is not having any problems! I
can access all 5 websites from here, each is hosted on a different server,
but all with 000webhost.com. The PROBLEM is that some traffic from the Bay
Area is not going through to them. I called up my friends Neil and Paul
about 30 minutes ago. Neil is on Comcast and Paul on AT&T. Neither one can
get any of my web pages. But someone here (sorry, was it Thad?) was able to
get honestdave.us just fine. And *I* am able to get them just fine. A
friend in Portland gets them fine. A friend in Hayward gets them fine. But
two people in SF using different ISPs can't get the pages.

Using traceroute on this machine, the response keeps crapping out at
11greatoaks, though I can get pages to load here. So I'm having a feeling
that both AT&T and part of Comcast (remember I'm also on Comcast and it
works fine for me) are hooked to the other side of 11greatoaks. Here's the
tracereoute response:

Tracing route to honestdave.us [31.170.162.184]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.11.1
2 10 ms 9 ms 9 ms 50.161.66.1
3 9 ms 10 ms 8 ms te-4-6-ur01.sffolsom.ca.sfba.comcast.
1.30.181]
4 13 ms 11 ms 11 ms te-1-14-0-6-ar01.sfsutro.ca.sfba.comc
.86.143.50]
5 14 ms 16 ms 15 ms he-1-5-0-0-cr01.sanjose.ca.ibone.comc
.86.90.93]
6 16 ms 16 ms 15 ms pos-0-4-0-0-pe01.11greatoaks.ca.ibone
t [68.86.87.150]
7 13 ms 14 ms 13 ms as20115-pe01.11greatoaks.ca.ibone.com
5.149.231.202]
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 79 ms 79 ms 81 ms 75-131-187-34.static.gwnt.ga.charter.
.187.34]
17 87 ms 86 ms 86 ms 67.23.161.143
18 112 ms 215 ms 217 ms 67.23.161.129
19 86 ms 86 ms 86 ms ashv1.main-hosting.com [208.69.231.10
20 87 ms 86 ms 86 ms 31.170.162.184

Trace complete.

Thad Floryan

2014-01-12 00:15:19 UTC

Post by David Kaye
[...]
But the fact of the matter is that the HOST is not having any problems! I
can access all 5 websites from here, each is hosted on a different server,
but all with 000webhost.com. The PROBLEM is that some traffic from the Bay
Area is not going through to them. I called up my friends Neil and Paul
about 30 minutes ago. Neil is on Comcast and Paul on AT&T. Neither one can
get any of my web pages. But someone here (sorry, was it Thad?)

Hi David,

Yes.

Post by David Kaye
was able to get honestdave.us just fine.

FAST and fine. And it's a very nice webpage, too.

Post by David Kaye
And *I* am able to get them just fine. A
friend in Portland gets them fine. A friend in Hayward gets them fine.
But two people in SF using different ISPs can't get the pages.

ISP names "might" help explain what's going on.

A list of the DNS servers being used by you and the two people in
SF at different ISPs "might" provide some clues.

FWIW, I'm using Comcast's DNS at 75.75.75.75 and 75.75.76.76
which are provided to my router via DHCP from Comcast.

Post by David Kaye
Using traceroute on this machine, the response keeps crapping out at
11greatoaks, though I can get pages to load here. So I'm having a feeling
that both AT&T and part of Comcast (remember I'm also on Comcast and it
works fine for me) are hooked to the other side of 11greatoaks. Here's the
Tracing route to honestdave.us [31.170.162.184]
[...]
6 16 ms 16 ms 15 ms pos-0-4-0-0-pe01.11greatoaks.ca.ibone
t [68.86.87.150]

VERY odd: that 68.86.87.150 is listed as Comcast in New Jersey. 15ms is
w-a-y too short for it to really be located in New Jersey.

Post by David Kaye
7 13 ms 14 ms 13 ms as20115-pe01.11greatoaks.ca.ibone.com
5.149.231.202]
8 * * * Request timed out.
[...]
16 79 ms 79 ms 81 ms 75-131-187-34.static.gwnt.ga.charter.
.187.34]

The above line is Charter Cable in Georgia (USA)

Post by David Kaye
17 87 ms 86 ms 86 ms 67.23.161.143
18 112 ms 215 ms 217 ms 67.23.161.129
19 86 ms 86 ms 86 ms ashv1.main-hosting.com [208.69.231.10

The above three are Immedion, LLC in South Carolina.

Post by David Kaye
20 87 ms 86 ms 86 ms 31.170.162.184
Trace complete.

And the above is Hostinger in Lithuania.

Again I wonder if the present "Polar Vortex" hasn't caused outages which
result in wacky routing like we're seeing in the above.

Thad

Igor Sviridov

2014-01-12 03:39:11 UTC

hi,

IP range 31.170.160.0/22 containing 31.170.162.184 (honestdave.us)
is blocked (but not very consistently) by AT&T and Comcast, allegedly due to phishing.

At the first glance this range is not in any public blacklists though;
so 000webhost/Hostinger needs to talk directly to AT&T/Comcast.

https://mailman.stanford.edu/pipermail/liberationtech/2013-December/012392.html
http://forums.att.com/t5/Features-and-How-To/I-can-not-access-sites-from-000webhost/td-p/3842847

This is a common danger of shared hosting; but it's quite unusual to have whole IP ranges blocked and usually
means ISP was not responsive to malware/phish sites removal/blocking requests.

I can recommend Dreamhost and Sonic; both are quite cheap, but not free.
If you can administer your own server there are tonns of choices, many even cheaper.

--igor

David Kaye

2014-01-13 11:26:39 UTC

Post by Igor Sviridov
IP range 31.170.160.0/22 containing 31.170.162.184 (honestdave.us)
is blocked (but not very consistently) by AT&T and Comcast, allegedly due to phishing.
At the first glance this range is not in any public blacklists though;
so 000webhost/Hostinger needs to talk directly to AT&T/Comcast.

How did you find out about the blocking? I looked up a bunch of blacklists
and didn't see anything on them. Actually, all 5 sites I have up appear to
not work. All are in the range 31.170.*.*

But again, the blocking isn't consistent. I'll write to 000webhost.com and
ask them about this.

Igor Sviridov

2014-01-13 22:10:10 UTC

How did you find out about the blocking? I looked up a bunch of blacklists
and didn't see anything on them. Actually, all 5 sites I have up appear to
not work. All are in the range 31.170.*.*

I've looked up BGP-announced IP block containing your address and then googled it.

Post by David Kaye
But again, the blocking isn't consistent. I'll write to 000webhost.com and
ask them about this.

AT&T and Comcast are quite large; so it's not surprising blocks on their networks
are not absolute; but it seems they're doing a reasonably good job.

I'm not sure i blame them - this relatively small IP block hosts hundreds, if not thousands active phishing sites:

https://www.phishtank.com/asn_search.php?asn=47583&valid=All&active=All&Search=Search
http://bgpranking.circl.lu/asn_details?date=;source=;asn=47583

It appears that Hostinger / Main Hosting fails to remove those timely; obviously because service
is free and responding to abuse is overhead... I am not too happy to see this kind of blocking,
but i can see this as natural outcome of Hostinger business model.

--igor

David Kaye

2014-01-14 04:32:07 UTC

Post by Igor Sviridov
AT&T and Comcast are quite large; so it's not surprising blocks on their networks
are not absolute; but it seems they're doing a reasonably good job.

Interesting findings I'm getting...

Don -- he's in Richmond and uses Comcast. His DNS was configured as the
Comcast vanity DNS servers, 75.75.75.75 and 75.75.76.76. He tried to load
honestdave.us and sfgames.org, two of my websites. Long lag and then could
not load. He pinged sfgames.org and the ping came back fine. He then tried
loading sfgames.org again and it came up instantly. He tried honestdave.us
and after about a 10 second wait, honestdave.us came up fine. There was no
cache of the sfgames.org attempt on his computer.

Paul -- he's in SF's Mission/Castro area. His DNS is the default AT&T
Uverse, which are
99.99.99.53 and 99.99.99.153. Blocked web service and blocked ping.
Traceroute stalls at AT&T's Santa Clara hub. He then used his previous AT&T
ADSL DNS, 68.94.156.1 and 68.94.157.1. Same thing. Pages time out and no
ping response.

Neil -- I can't reach him yet, so I don't know what DNS he's using. He is
the guy with the Comcast that resolves DNS but can't find my web pages.

I tried using all 4 AT&T DNS from my computer and they work for all kinds of
other sites, but not for honestdave.us or sfgames.org.

I have been using Google's DNS from my router, 8.8.8.8 and Concast's
75.75.75.75 and have always been getting DNS resolving, pinging, and page
loading. I tried the preferred Comcast DNS servers for the Bay Area,
68.87.76.178 and 68.87.78.130, and both pass everything just fine.

CONCLUSION: So, my conclusion so far is that AT&T and *maybe* some portion
of Comcast are blocking access to the webservers in the range of
31.170.160.* to 31.170.163.*

I've sent email to AT&T and to Hostinger about this.

Roy

2014-01-14 07:04:37 UTC

One other problem:

A query of the global routing table shos that the IP address range in
question is being advertised by AS number 47583.

The AS number is also controlled by RIPE in Europe but shows as
"Unassigned".

It could be that some networks like AT&T are rejecting routes from
unregistered AS numbers.

Igor Sviridov

2014-01-14 08:34:30 UTC

Post by Roy
A query of the global routing table shos that the IP address range in
question is being advertised by AS number 47583.
The AS number is also controlled by RIPE in Europe but shows as
"Unassigned".
It could be that some networks like AT&T are rejecting routes from
unregistered AS numbers.

Not to me:

$ whois -h whois.ripe.net as47583
...

% Information related to 'AS47583'

% Abuse contact for 'AS47583' is '***@main-hosting.com'

aut-num: AS47583
as-name: HOSTINGER-AS
descr: Hostinger International Limited
org: ORG-ARta1-RIPE
import: from AS15085 accept ANY
import: from AS9009 accept ANY
export: to AS15085 announce AS47583
export: to AS9009 announce AS47583
admin-c: HN1858-RIPE
tech-c: HN1858-RIPE
mnt-by: RIPE-NCC-END-MNT
mnt-by: MNT-HOSTINGER
source: RIPE # Filtered

organisation: ORG-ARta1-RIPE
org-name: Hostinger International Limited
org-type: LIR
address: Hostinger International Ltd.
address: 61 Lordou Vyronos Lumiel Building, 4th floor
address: 6023
address: Larnaca
address: CYPRUS
phone: +37064503378
fax-no: +37064503378
descr: Hostinger International Ltd.
abuse-mailbox: ***@main-hosting.com
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: MNT-HOSTINGER
mnt-by: RIPE-NCC-HM-MNT
abuse-c: HA2755-RIPE
source: RIPE # Filtered

person: Hostinger NOC
address: Hostinger, UAB
address: Europos pr. 32, Kaunas
address: Lithuania
remarks: ---------------------------------------------------
remarks: Abuse and intrusion reports should be sent to:
remarks: ***@main-hosting.com
remarks: ---------------------------------------------------
phone: +37064503378
abuse-mailbox: ***@main-hosting.com
nic-hdl: HN1858-RIPE
mnt-by: HN19812-MNT
source: RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.70.1 (WHOIS4)

Roy

2014-01-14 14:51:35 UTC

Post by Igor Sviridov

$ whois -h whois.ripe.net as47583
...
% Information related to 'AS47583'
aut-num: AS47583
as-name: HOSTINGER-AS
descr: Hostinger International Limited
org: ORG-ARta1-RIPE
import: from AS15085 accept ANY
import: from AS9009 accept ANY
export: to AS15085 announce AS47583
export: to AS9009 announce AS47583
admin-c: HN1858-RIPE
tech-c: HN1858-RIPE
mnt-by: RIPE-NCC-END-MNT
mnt-by: MNT-HOSTINGER
source: RIPE # Filtered
organisation: ORG-ARta1-RIPE
org-name: Hostinger International Limited
org-type: LIR
address: Hostinger International Ltd.
address: 61 Lordou Vyronos Lumiel Building, 4th floor
address: 6023
address: Larnaca
address: CYPRUS
phone: +37064503378
fax-no: +37064503378
descr: Hostinger International Ltd.
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: MNT-HOSTINGER
mnt-by: RIPE-NCC-HM-MNT
abuse-c: HA2755-RIPE
source: RIPE # Filtered
person: Hostinger NOC
address: Hostinger, UAB
address: Europos pr. 32, Kaunas
address: Lithuania
remarks: ---------------------------------------------------
remarks: ---------------------------------------------------
phone: +37064503378
nic-hdl: HN1858-RIPE
mnt-by: HN19812-MNT
source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.70.1 (WHOIS4)

Ah, I didn't know you had to add the "AS". The ARIN whois works without it

Thad Floryan

2014-01-11 23:02:11 UTC

Post by David Kaye
[...]
So, if I continue to have trouble with 000webhost.com, can someone recommend
a local company or at least one on this continent that also offers free web
hosting, mySQL, etc? ANYONE?
Thanks.

A number of folks still active in ba.internet may remember best.com
in Mountain View because it was the provider for many of us until
the mid-1990s when it was sold to Verio.

Verio is now NTT-Verio. NTT = Nippon Telephone and Telegraph, Japan's
equivalent to the original AT&T, and is an enterprise-class world wide
operation. I've been with NTT-Verio since 1995 and had ZERO problems.

Uptime? See for yourself (and it's so low (815 days, normally it's
over 2000 days) due to a software update a few years ago):

thadlabs bash 95107/95112> date
Sat Jan 11 14:49:03 PST 2014
thadlabs bash 95107/95112> uptime
2:49PM up 815 days, 13:06, 4 users, load averages: 0.00, 0.00, 0.00
thadlabs bash 95107/95112> uname -sn
FreeBSD thadlabs.com
thadlabs bash 95107/95112>

FWIW, 'thadlabs.com' is hosted in Verio's colo in Milpitas or Fremont (I'm
not sure which of the 2 cities -- it's been almost 20 years since I took a
tour) and I get sub-15-second ping times along with the .99999 uptime.

Though I have a grandfathered account from 1995 at $24.95/month with a lot
of developer capabilities including dual-disk backups and more, NTT-Verio
has $9.95/month accounts with FreeBSD, shell, mySql, ssh, gcc, Apache,
WordPress and many other freebies; see here:

http://www.verio.com/web-hosting/plans/

Over 30 of my friends have that $9.95/month account per my recommendation
and they're ALL very happy campers.

Thad

Thad Floryan

2014-01-11 23:57:30 UTC

Post by Thad Floryan
[...]
FWIW, 'thadlabs.com' is hosted in Verio's colo in Milpitas or Fremont (I'm
not sure which of the 2 cities -- it's been almost 20 years since I took a
tour) and I get sub-15-second ping times along with the .99999 uptime.
[...]

Having a late lunch of the re-heated uneaten portions of last night's pizza
and typing with one hand occasionally causes typos.

The above should have read:

tour) and I get sub-15-MILLIsecond ping times along with the .99999 uptime.

15 seconds would definitely be unacceptable even over a string:tin-can
or dial-up modem Internet connection. :-)

Thad

David Kaye

2014-01-12 06:11:54 UTC

Post by Thad Floryan
A number of folks still active in ba.internet may remember best.com
in Mountain View because it was the provider for many of us until
the mid-1990s when it was sold to Verio.

Best was good. When Verio took it over it was billing hell and it was
nearly impossible to get support. In those days they hosted 3 very
important websites I was responsible for. I hated dealing with Verio. As
for NTT, I haven't tried since the sale to NTT.

sms

2014-01-12 15:27:20 UTC

On 1/10/2014 12:22 AM, David Kaye wrote:

<snip>

Post by David Kaye
I'm totally mystified. I'm in the eastern part of SF while my friends are
in the Mission and Castro districts. But, remember, one is on Comcast and
the other on AT&T.

The paid version of Malwarebytes is constantly blocking certain foreign
IP addresses even though I suspect that there's nothing really wrong
with them. But OTOH, the application I was using really had no reason to
be contacting any sites at all other than the one I gave it, so perhaps
something was not kosher. It does not block your site but some other
Malware or AV application may be blocking it.

Did you check his hosts file? Usually when I can't load a page it's
because the hosts file prevents it.

David Kaye

2014-01-13 11:44:08 UTC

Post by sms
Did you check his hosts file? Usually when I can't load a page it's
because the hosts file prevents it.

First thing I did on Neil's computer was look for the hosts file. Nothing
there but localhost. Paul's computer is a Mac and I doubt that there are
any hosts file entries there, either.

Looked at firewall configurations, scanned for malware, redirects, proxy
servers, all that stuff. Nothing.

I'm inclined to go along with the blacklisting thing. I'm writing an email
to 000webhosts.com about this.

sms

2014-01-13 19:40:13 UTC

Post by sms
Did you check his hosts file? Usually when I can't load a page it's
because the hosts file prevents it.

First thing I did on Neil's computer was look for the hosts file. Nothing
there but localhost. Paul's computer is a Mac and I doubt that there are
any hosts file entries there, either.
Looked at firewall configurations, scanned for malware, redirects, proxy
servers, all that stuff. Nothing.
I'm inclined to go along with the blacklisting thing. I'm writing an email
to 000webhosts.com about this.

At Tech Shop San Jose I tried your site. I cannot connect ("request
timed out"). Once I'm on Sonic's VPN I can connect. So obviously it's
not a hosts file thing. Tech Shop is using either Comcast or AT&T, not
sure which.

Screenshot: <Loading Image...

>

Maybe they block all sites from Iceland, since "geoblocking" is pretty
common among ISPs. Maybe they are filtering on URL name rather than IP
address. No offense, but if I didn't know differently, I'd be very wary
of any site with "honest" as part of the URL since it screams scam or
ripoff.

In any case, you probably are better off finding another hosting company
that gives you a U.S. IP address then trying to fight this thing.

David Kaye

2014-01-13 21:02:54 UTC

Post by sms
In any case, you probably are better off finding another hosting company
that gives you a U.S. IP address then trying to fight this thing.

Well, if worse comes to worse and I have to pay for hosting sites that don't
bring me any income (honestdave.us has only brought me 2 customers ever, and
neither came directly from the site) then I'd simply go with Laughing Squid.
I've known Scott Beale for ages and I know he runs a good hosting company.
But I'd prefer a freebie, given that my needs are ridiculously sparse and
I'm not making any money on this.

It's funny; I know boatloads of people who have websites and none of them
make any income from them. The only person I've heard of who has actually
made any money from the web was someone who sold ati.com to ATI.

sms

2014-01-14 16:01:22 UTC

Post by sms
In any case, you probably are better off finding another hosting company
that gives you a U.S. IP address then trying to fight this thing.

Perhaps you would have gotten more than two customers if your site was
reachable by everyone. I think it's safe to say that a sizable number of
web users in the Bay Area can't get to your site.

Personally, if I try a web site and it doesn't work I simply assume that
the business has shut down. It would never occur to me that the
businesses IP address was being blocked by my ISP.

Since you can get reliable hosting for well under $4 per month the cost
is almost lost in the noise. Even getting two customers, each with a one
hour service, would pay for five years of hosting.

Justhost.com offers the first 48 months for $2.25 per month
<http://www.goodwebhosts.com/linkittwo.php?a=topreview-justhost-link3>

Bluehost and Hostmonster are $4.95 per month
<http://www.goodwebhosts.com/linkittwo.php?a=topreview-bluehost-link3>
<http://www.hostmonster.com/>

All of these are for unlimited space and bandwidth. They are much less
costly than Laughingsquid.

Keith Keller

2014-01-14 17:44:22 UTC

Post by sms
Bluehost and Hostmonster are $4.95 per month
<http://www.goodwebhosts.com/linkittwo.php?a=topreview-bluehost-link3>

I am just one person, so take with some grains of salt. I had Bluehost
for a little while, and was not very happy with either performance,
reliability, or their admin tools. YMMV of course.

--keith

--
kkeller-***@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information

Igor Sviridov

2014-01-14 21:50:58 UTC

Post by Keith Keller

Post by sms
Bluehost and Hostmonster are $4.95 per month
<http://www.goodwebhosts.com/linkittwo.php?a=topreview-bluehost-link3>

I am just one person, so take with some grains of salt. I had Bluehost
for a little while, and was not very happy with either performance,
reliability, or their admin tools. YMMV of course.

Seconded. Dreamhost is no dream either, but much better IMHO. With VPS it's quite tolerable;
you're sort of getting best of both worlds, VPS with hosting-level web control panel.

It's hard to run high volume hosting where customers expect to pay $5 per month and still
provide good customer experience; i think Dreamhost does a reasonably good job (but then they charge $9 ;-)

For many with skills running your own server $5-10 VPS would be a better option.

Post by Keith Keller
--keith

--igor

David Kaye

2014-01-15 12:18:01 UTC

Post by sms
Perhaps you would have gotten more than two customers if your site was
reachable by everyone. I think it's safe to say that a sizable number of
web users in the Bay Area can't get to your site.

Until the last few days it WAS reachable by everyone.

Post by sms
Since you can get reliable hosting for well under $4 per month the cost is
almost lost in the noise. Even getting two customers, each with a one hour
service, would pay for five years of hosting.

I'm bright enough to know that online I compete with hundreds of other
techies doing the same work I do. When I advertise offline I get much of the
business to myself. Thus, I've had great success doing yellow pages
advertising, and advertising in weekly newspapers, etc. Currently I'm not
in phone books due to rate increases and decreased distribution, but AT&T is
so anxious to get me back that they're offering me an attractive rate to
come back. And yes, the yellow pages DOES get results!

The only reason I have a website for Honest Dave is because it complements
the Yelp listings. I didn't even have the honestdave domain name until
after someone had reviewed me on Yelp.

But another site I run, SF Games (sfgames.org) continues to get new game
players, even with the current blockage by AT&T. That's because SF Games is
unique, whereas Honest Dave is not. Enter a Google or Duck Duck Go or Yahoo
or Dogpile search for "games" or "game night" and "San Francisco" and SF
Games comes up immediately. Do that for "tech support" or "virus" or
"malware" and "San Francisco" and There will likely be hundreds of entries
that come up long before Honest Dave shows. Now, when I paid for Google
placement, I got the hits sooner, but still they were on 3rd or 4th pages.

David Kaye

2014-01-16 22:41:52 UTC

Response from 000webhost.com about the blockage issue:

"We are aware about this issue, but unfortunately we can not do anything
about it. It happens because it is shared hosting and many users are using
same shared IP. If your ISP blocks abusing user's IP, your website will also
be blocked. To resolve this you can either contact your ISP and ask them to
unblock your website's IP or upgrade to our premium version which does not
have any problems with your ISP and IP can be changed at any time.
http://www.000webhost.com/upgrade

Kind Regards,
Helpdesk Staff
www.000webhost.com"

Well, heck, with that I could just go to Laughing Squid and be done with it.
I do notice they have fast resolve and load times, though. And as I
understand it, they also have servers in the U.S., given that their parent
operates in a bunch of countries.

Anyhow, it's not that big a deal, I guess. Who uses AT&T for internet
anymore anyway?

Igor Sviridov

2014-01-16 23:29:56 UTC

Post by David Kaye
Well, heck, with that I could just go to Laughing Squid and be done with it.
I do notice they have fast resolve and load times, though. And as I
understand it, they also have servers in the U.S., given that their parent
operates in a bunch of countries.

I remember finding Laughing Squid limited - they do not offer ssh (or VPS); their limits are also miniscule
(space/bw/email accounts/domains); Dreamhost does not limit those; it also has ssh included and VPS at small extra cost;
you can get first year at Dreamhost for only $20, or less than $2/month.

I would expect Laughing Squid to be more reliable; they use Rackspace and charge more for less.

Now i probably would not place e-commerce service on Dreamhost (or on any shared hoster for that matter).

--igor

sms

2014-01-20 01:29:33 UTC

Post by Igor Sviridov

I remember finding Laughing Squid limited - they do not offer ssh (or VPS); their limits are also miniscule
(space/bw/email accounts/domains); Dreamhost does not limit those; it also has ssh included and VPS at small extra cost;
you can get first year at Dreamhost for only $20, or less than $2/month.
I would expect Laughing Squid to be more reliable; they use Rackspace and charge more for less.
Now i probably would not place e-commerce service on Dreamhost (or on any shared hoster for that matter).

I've been using PHPWebhosting for many years. I suppose I could move to
another service and save $4 a month or so but it's not worth the hassle.
They have no bandwidth limit and no storage limit. They take care to say
that it's "unmetered" not unlimited.

David Kaye

2014-01-17 12:36:06 UTC

Can someone who is on AT&T's DSL service try to load my web page or ping to
the server: www.honestdave.us for me?

Reason is that apparently AT&T is passing the connection just fine, as is
Comcast. The culprit appears to be OpenDNS(!)

I was checking the DNS entries on a friend's computer who has AT&T and
noticed that while his computer passed the DNS to the router, I had assumed
that the router was passing DNS to AT&T and that his problem was AT&T
blocking the connection. But every blacklist I have looked at shows that
the IP for honestdave.us is not on ANY of them!

Well, his router had 208.67.222.222 and 208.67.220.220 on it -- OpenDNS.

Sure enough, when I change this computer to OpenDNS I can't get through.
But I'd like to verify that AT&T is not involved.

Roy

2014-01-17 15:06:16 UTC

Post by David Kaye
Can someone who is on AT&T's DSL service try to load my web page or ping to
the server: www.honestdave.us for me?
Reason is that apparently AT&T is passing the connection just fine, as is
Comcast. The culprit appears to be OpenDNS(!)
I was checking the DNS entries on a friend's computer who has AT&T and
noticed that while his computer passed the DNS to the router, I had assumed
that the router was passing DNS to AT&T and that his problem was AT&T
blocking the connection. But every blacklist I have looked at shows that
the IP for honestdave.us is not on ANY of them!
Well, his router had 208.67.222.222 and 208.67.220.220 on it -- OpenDNS.
Sure enough, when I change this computer to OpenDNS I can't get through.
But I'd like to verify that AT&T is not involved.

I am not on AT&T.

I ran tests using Charter and Cogent. Both 208.67.222.222 and
208.67.220.220 are returning the correct IP address for honestdave.us.

It doesn't seem to be an OpenDNS problem

Keith Keller

2014-01-17 17:43:10 UTC

Post by David Kaye
Reason is that apparently AT&T is passing the connection just fine, as is
Comcast. The culprit appears to be OpenDNS(!)

Did you even bother asking OpenDNS directly? (Of course not, that would
make too much sense.)

$ dig @208.67.222.222 www.honestdave.us

; <<>> DiG 9.4.3-P3 <<>> @208.67.222.222 www.honestdave.us
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53540
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.honestdave.us. IN A

;; ANSWER SECTION:
www.honestdave.us. 172800 IN CNAME honestdave.us.
honestdave.us. 172800 IN A 31.170.162.184

;; Query time: 145 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Fri Jan 17 09:21:22 2014
;; MSG SIZE rcvd: 65

Same answer from OpenDNS's other server. Your user may have an issue
with connectivity to OpenDNS's servers, but the servers themselves are
giving the right answers.

Post by David Kaye
But every blacklist I have looked at shows that
the IP for honestdave.us is not on ANY of them!

Many blacklists are private, so you have to be a subscriber in order to
do lookups. The few times I've had to deal with them, their user
usually gets some sort of error message (e.g., "this host has been
blocked because it is a suspected malware site") but I don't know if
that's something that blacklists would require their clients to do for
their users. So you have not eliminated being blacklisted as a source
of your issues.

--keith

--
kkeller-***@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information

Roy

2014-01-17 17:55:23 UTC

Keith,

Please indicate what ISP you used for these tests.

Roy

Post by Keith Keller

Post by David Kaye
Reason is that apparently AT&T is passing the connection just fine, as is
Comcast. The culprit appears to be OpenDNS(!)

Did you even bother asking OpenDNS directly? (Of course not, that would
make too much sense.)
; (1 server found)
;; global options: printcmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53540
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;www.honestdave.us. IN A
www.honestdave.us. 172800 IN CNAME honestdave.us.
honestdave.us. 172800 IN A 31.170.162.184
;; Query time: 145 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Fri Jan 17 09:21:22 2014
;; MSG SIZE rcvd: 65
Same answer from OpenDNS's other server. Your user may have an issue
with connectivity to OpenDNS's servers, but the servers themselves are
giving the right answers.

Post by David Kaye
But every blacklist I have looked at shows that
the IP for honestdave.us is not on ANY of them!

Keith Keller

2014-01-17 18:08:04 UTC

Post by Roy
Please indicate what ISP you used for these tests.

This is on Sonic's network, a Fusion line in San Francisco.

--keith

--
kkeller-***@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information

Mike Stump

2014-01-14 20:38:33 UTC

I did a check that checks against about 50 blacklists, and everything
came back okay.

So, I'd have the ISP chase it down.

Did you check the network blacklists, or the email blacklists? The
email ones won't do it.

Does anybody have ANY ideas about what's going on here?

Given that someone said that the network is polluted with phishing, it
could be DDOS mitigation, _routing_ blacklist or a simple line down
and a network admin too incompetent to route around it.

So, I did see one thing I don't like in the traceroutes, people not
returning traceroute packets. I tend to think very poorly of networks
that feel the need to do this. The think they are right, and they
will give you 1000 reasons why they do this, they are wrong.

So, I'd collect a traceroute from a good system and a bad system and
compare them. The issue is likely related to the first one that
doesn't respond.

From a good host, one sees the below. 11greatoaks, charter and
main-hosting.com all look dodgy to me. I'd dump them all, if
possible.

7 as20115-pe01.11greatoaks.ca.ibone.comcast.net (75.149.231.202) 17.539 ms 20.868 ms 16.817 ms
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 75-131-187-34.static.gwnt.ga.charter.com (75.131.187.34) 78.362 ms 78.875 ms 94.206 ms
17 67.23.161.143 (67.23.161.143) 83.781 ms 82.928 ms 85.557 ms
18 67.23.161.129 (67.23.161.129) 83.462 ms 82.784 ms 83.556 ms
19 ashv1.main-hosting.com (208.69.231.10) 84.413 ms 83.715 ms 85.639 ms
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *

sms

2014-01-14 23:26:34 UTC

I did a check that checks against about 50 blacklists, and everything
came back okay.

So, I'd have the ISP chase it down.
Did you check the network blacklists, or the email blacklists? The
email ones won't do it.

Does anybody have ANY ideas about what's going on here?

Given that someone said that the network is polluted with phishing, it
could be DDOS mitigation, _routing_ blacklist or a simple line down
and a network admin too incompetent to route around it.

If you do a Whois for 31.170.162.184 then you get a "Query error: No
whois server known for the given domain." I wonder if some
administrators blacklist any IP address where Whois doesn't return a
valid result. When I do a Whois on the IP address of one of my sites it
returns a valid result.

Igor Sviridov

2014-01-15 00:21:21 UTC

Post by sms

I did a check that checks against about 50 blacklists, and everything
came back okay.

So, I'd have the ISP chase it down.
Did you check the network blacklists, or the email blacklists? The
email ones won't do it.

Does anybody have ANY ideas about what's going on here?

Given that someone said that the network is polluted with phishing, it
could be DDOS mitigation, _routing_ blacklist or a simple line down
and a network admin too incompetent to route around it.

This depends on your whois client; contemporary clients follow referrals
(in below case from ARIN to RIPE):

$ whois 31.170.162.184

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

#
# Query terms are ambiguous. The query is assumed to be:
# "n 31.170.162.184"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=31.170.162.184?showDetails=true&showARIN=false&ext=netref2
#

NetRange: 31.0.0.0 - 31.255.255.255
CIDR: 31.0.0.0/8
OriginAS:
NetName: RIPE-31
NetHandle: NET-31-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate:
Updated: 2010-05-18
Ref: http://whois.arin.net/rest/net/NET-31-0-0-0-1

OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
RegDate:
Updated: 2013-07-29
Ref: http://whois.arin.net/rest/org/RIPE

ReferralServer: whois://whois.ripe.net:43

OrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName: Abuse Contact
OrgAbusePhone: +31205354444
OrgAbuseEmail: ***@ripe.net
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3850-ARIN

OrgTechHandle: RNO29-ARIN
OrgTechName: RIPE NCC Operations
OrgTechPhone: +31 20 535 4444
OrgTechEmail: ***@ripe.net
OrgTechRef: http://whois.arin.net/rest/poc/RNO29-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '31.170.160.0 - 31.170.163.255'

% Abuse contact for '31.170.160.0 - 31.170.163.255' is '***@main-hosting.com'

inetnum: 31.170.160.0 - 31.170.163.255
netname: HOSTING
descr: Main Hosting Servers
country: US
admin-c: HN1858-RIPE
tech-c: HN1858-RIPE
status: ASSIGNED PA
mnt-by: MNT-HOSTINGER
source: RIPE # Filtered

person: Hostinger NOC
address: Hostinger, UAB
address: Europos pr. 32, Kaunas
address: Lithuania
remarks: ---------------------------------------------------
remarks: Abuse and intrusion reports should be sent to:
remarks: ***@main-hosting.com
remarks: ---------------------------------------------------
phone: +37064503378
abuse-mailbox: ***@main-hosting.com
nic-hdl: HN1858-RIPE
mnt-by: HN19812-MNT
source: RIPE # Filtered

% Information related to '31.170.160.0/22AS47583'

route: 31.170.160.0/22
descr: HOSTINGER US
origin: AS47583
mnt-by: MNT-HOSTINGER
source: RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.70.1 (WHOIS1)

Thad Floryan

2014-01-15 00:30:58 UTC

Post by Igor Sviridov
[...]
This depends on your whois client; contemporary clients follow referrals
$ whois 31.170.162.184
[...]

Hi Igor,

Amazing. We both replied within seconds of each other. :-)

Thad

Thad Floryan

2014-01-15 00:21:24 UTC

Post by sms

I did a check that checks against about 50 blacklists, and everything
came back okay.

So, I'd have the ISP chase it down.
Did you check the network blacklists, or the email blacklists? The
email ones won't do it.

Does anybody have ANY ideas about what's going on here?

Given that someone said that the network is polluted with phishing, it
could be DDOS mitigation, _routing_ blacklist or a simple line down
and a network admin too incompetent to route around it.

On a Vic-20 or Apple ][ that may be true, but on a real computer:

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Information related to '31.170.160.0 - 31.170.163.255'

% Abuse contact for '31.170.160.0 - 31.170.163.255' is '***@main-hosting.com'

inetnum: 31.170.160.0 - 31.170.163.255
netname: HOSTING
descr: Main Hosting Servers
country: US
admin-c: HN1858-RIPE
tech-c: HN1858-RIPE
status: ASSIGNED PA
mnt-by: MNT-HOSTINGER
changed: ***@hostinger.com 20131202
source: RIPE

person: Hostinger NOC
address: Hostinger, UAB
address: Europos pr. 32, Kaunas
address: Lithuania
remarks: ---------------------------------------------------
remarks: Abuse and intrusion reports should be sent to:
remarks: ***@main-hosting.com
remarks: ---------------------------------------------------
phone: +37064503378
e-mail: ***@hostinger.com
abuse-mailbox: ***@main-hosting.com
nic-hdl: HN1858-RIPE
mnt-by: HN19812-MNT
changed: ***@hostinger.com 20131202
source: RIPE

% Information related to '31.170.160.0/22AS47583'

route: 31.170.160.0/22
descr: HOSTINGER US
origin: AS47583
mnt-by: MNT-HOSTINGER
changed: ***@hostinger.com 20131202
source: RIPE

% This query was served by the RIPE Database Query Service version 1.70.1 (WHOIS1)

David Kaye

2014-01-15 12:33:57 UTC

Post by Mike Stump
So, I'd collect a traceroute from a good system and a bad system and
compare them. The issue is likely related to the first one that
doesn't respond.

Oddly enough both the computers that can reach my websites and the ones that
can't all seem to stall at 11greatoaks, the co-lo/exchange point in south
San Jose.

Post by Mike Stump
From a good host, one sees the below. 11greatoaks, charter and
main-hosting.com all look dodgy to me. I'd dump them all, if
possible.

Uh, how do you "dump" 11greatoaks (an exchange point) or charter (an ISP
that is only a hop in the route)?

All traceroute aside, my pages load fast, even if the servers are in
Lithuania.

Roy

2014-01-15 14:49:45 UTC

Post by Mike Stump
So, I'd collect a traceroute from a good system and a bad system and
compare them. The issue is likely related to the first one that
doesn't respond.

Oddly enough both the computers that can reach my websites and the ones that
can't all seem to stall at 11greatoaks, the co-lo/exchange point in south
San Jose.

Post by Mike Stump
From a good host, one sees the below. 11greatoaks, charter and
main-hosting.com all look dodgy to me. I'd dump them all, if
possible.

Uh, how do you "dump" 11greatoaks (an exchange point) or charter (an ISP
that is only a hop in the route)?
All traceroute aside, my pages load fast, even if the servers are in
Lithuania.

The servers are in the SouthEastern US

Here are some working traceroutes. The second one is via Charter Cable
which seems to be the main Internet connection

traceroute honestdave.us
traceroute to honestdave.us (31.170.162.184), 30 hops max, 60 byte packets
1 router.garlic.com (216.139.0.65) 0.411 ms 0.450 ms 0.465 ms
2 vl203.mag03.sfo01.atlas.cogentco.com (38.99.42.233) 2.188 ms
2.247 ms 2.244 ms
3 te0-0-0-14.ccr21.sfo01.atlas.cogentco.com (154.54.47.45) 4.068 ms
4.072 ms 4.068 ms
4 be2133.ccr22.mci01.atlas.cogentco.com (154.54.30.66) 40.161 ms
be2105.mpd22.lax01.atlas.cogentco.com (154.54.6.109) 15.660 ms
be2256.mpd21.mci01.atlas.cogentco.com (154.54.6.90) 40.117 ms
5 be2067.mpd21.iah01.atlas.cogentco.com (154.54.7.161) 51.223 ms
be2157.ccr22.ord01.atlas.cogentco.com (154.54.6.118) 52.342 ms
be2156.ccr21.ord01.atlas.cogentco.com (154.54.6.86) 52.121 ms
6 be2172.ccr21.atl01.atlas.cogentco.com (154.54.29.17) 67.786 ms
be2101.mpd22.atl01.atlas.cogentco.com (154.54.29.82) 69.914 ms
be2098.ccr21.atl01.atlas.cogentco.com (154.54.29.98) 69.993 ms
7 be2037.ccr21.atl04.atlas.cogentco.com (154.54.3.170) 69.992 ms
be2034.ccr21.atl04.atlas.cogentco.com (154.54.6.114) 68.037 ms
be2037.ccr21.atl04.atlas.cogentco.com (154.54.3.170) 70.288 ms
8 38.122.47.10 (38.122.47.10) 71.994 ms 38.122.46.90 (38.122.46.90)
70.115 ms 38.122.46.94 (38.122.46.94) 70.196 ms
9 * * *
10 * * *
11 * * *
12 * * *
13 75-131-187-34.static.gwnt.ga.charter.com (75.131.187.34) 76.959 ms
74.823 ms 74.834 ms
14 67.23.161.143 (67.23.161.143) 128.060 ms 252.730 ms 252.618 ms
15 67.23.161.129 (67.23.161.129) 81.191 ms 81.150 ms 81.020 ms
16 ashv1.main-hosting.com (208.69.231.10) 79.006 ms 78.965 ms 81.167 ms

traceroute honestdave.us
traceroute to honestdave.us (31.170.162.184), 30 hops max, 60 byte packets
1 10.10.100.253 (10.10.100.253) 0.560 ms 0.520 ms 0.696 ms
2 68-189-122-41.static.mghl.ca.charter.com (68.189.122.41) 2.037 ms
2.034 ms 2.020 ms
3 dtr01glryca-tge-0-1-0-1.glry.ca.charter.com (96.34.120.235) 2.108
ms 2.097 ms 2.079 ms
4 dtr03snloca-tge-0-1-0-2.snlo.ca.charter.com (96.34.120.52) 6.213
ms dtr03snloca-tge-0-4-0-1.snlo.ca.charter.com (96.34.122.6) 6.184 ms
dtr03snloca-tge-0-1-0-2.snlo.ca.charter.com (96.34.120.52) 6.332 ms
5 bbr01snloca-bue-3.snlo.ca.charter.com (96.34.2.0) 10.537 ms 8.877
ms 8.865 ms
6 bbr01mtpkca-bue-5.mtpk.ca.charter.com (96.34.0.26) 14.217 ms
13.802 ms 13.780 ms
7 bbr01rvsdca-bue-1.rvsd.ca.charter.com (96.34.0.22) 20.040 ms
20.028 ms 20.014 ms
8 bbr01dllstx-bue-6.dlls.tx.charter.com (96.34.0.20) 57.653 ms
57.649 ms 57.635 ms
9 bbr02dllstx-bue-3.dlls.tx.charter.com (96.34.0.19) 53.645 ms
53.657 ms 53.644 ms
10 bbr01slidla-bue-4.slid.la.charter.com (96.34.0.31) 70.309 ms
70.298 ms 70.284 ms
11 bbr02slidla-bue-1.slid.la.charter.com (96.34.0.33) 67.237 ms
70.842 ms 70.773 ms
12 bbr01atlnga-bue-4.atln.ga.charter.com (96.34.0.35) 84.492 ms
82.022 ms 81.992 ms
13 crr01sghlga-bue-3.sghl.ga.charter.com (96.34.2.71) 83.725 ms
83.577 ms 83.535 ms
14 dtr01sghlga-tge-0-2-0-21.sghl.ga.charter.com (96.34.73.42) 78.405
ms dtr01sghlga-tge-0-2-0-0.sghl.ga.charter.com (96.34.73.32) 77.784 ms
dtr01sghlga-tge-0-2-0-2.sghl.ga.charter.com (96.34.73.36) 78.050 ms
15 acr02atlnga-bue-200.atln.ga.charter.com (96.34.78.93) 79.568 ms
79.269 ms 79.237 ms
16 75-131-187-34.static.gwnt.ga.charter.com (75.131.187.34) 72.664 ms
72.664 ms 72.767 ms
17 67.23.161.143 (67.23.161.143) 79.494 ms 79.457 ms 79.441 ms
18 67.23.161.129 (67.23.161.129) 79.735 ms 79.724 ms 79.709 ms
19 ashv1.main-hosting.com (208.69.231.10) 80.489 ms 80.477 ms 79.197 ms

sms

2014-01-15 18:41:28 UTC