Bigcommerce problem

Started by passeri, November 14, 2025, 12:57:25 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 14, 2025, 12:57:25 AM
My wife raised that she could not reach a NZ web site, miwoollies.com, with whom we have dealt occasionally over many years. I found I could, then realised I was still on the VPN so obviously Qfeeds was stopping her, which proved true. The address in question is 192.200.160.14 which threat lookup shows to be Bigcommerce Inc. This is the same site, different IP,  I raised a few days ago when she was trying to reach the Australian luxury goods site Oroton, although the problem was less important then. The relevant list is James Brine Bruteforce IPs feed

As we discussed before, bigcommerce is used by both legitimate and non-legitimate players. Is the solution to whitelist selected IPs as they arise, in floating rules? If I install a VPN on her machine she will probably wind up leaving it on, bypassing Qfeeds. Is the bigcommerce listing open to refinement?
Deciso DEC697
November 14, 2025, 08:54:00 AM #1
We've reviewed the Bigcommerce IPs and for now removed them from our list for now. Thank you for pointing it out and sorry for the inconvenience! You can force to pull the new list by hitting Apply in the plugin.

Your Threat Intelligence Partner  qfeeds.com
Today at 02:42:42 AM #2 Last Edit: Today at 02:46:54 AM by vk2him
Quote from: passeri on November 14, 2025, 12:57:25 AMIf I install a VPN on her machine she will probably wind up leaving it on, bypassing Qfeeds

I thought Qfeeds would filter the VPN (if you added within the floating rule) the interface list that currently has WAN?

Today at 02:45:24 AM #3
Quote from: vk2him on Today at 02:42:42 AM
Quote from: passeri on November 14, 2025, 12:57:25 AMIf I install a VPN on her machine she will probably wind up leaving it on, bypassing Qfeeds

I thought Qfeeds would filter the VPN if you added it to the interface list that currently has WAN?

This is most likely a possibility but only in 2 cases:
1. If that VPN IP is on the IoC
2. Depending how you implemented the rules

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
Today at 03:18:26 AM #4
Quote from: vk2him on Today at 02:42:42 AMI thought Qfeeds would filter the VPN (if you added within the floating rule) the interface list that currently has WAN?

I have set up daily Time Machine backups for her to the NAS. These will fail silently while she is on an external VPN.

@Qfeeds Thank you. Possible festive presents are being contemplated once more, without intervention by me. :-)
Deciso DEC697
Today at 03:24:31 AM #5
I just tested with Wireguard and it does block if you add the Wireguard interface into the two Qfeeds floating rules:

It blocked a known malicious IP on my LAN and Wireguard interfaces:

Today at 05:28:56 AM #6
Quote from: vk2him on Today at 03:24:31 AMI just tested with Wireguard and it does block if you add the Wireguard interface into the two Qfeeds floating rules:

It blocked a known malicious IP on my LAN and Wireguard interfaces:

I think we are talking about different things. If I am out and using my VPN server at home, the Wireguard interface is in Qfeeds and traffic is normal from its point of view. If I am at home and using a VPN provider so it is not my home address, Qfeeds sees only an encrypted stream to my VPN provider. It is the latter case I was discussing.
Deciso DEC697
Print
Go Up Pages1
User actions