itman 1,790 Posted May 13, 2023 Posted May 13, 2023 (edited) Whenever I mouse click on a posted link in the forum, I get the below CATCHA warning. This just started about an hour ago. Worse, if I copy a link from a forum posting, open a new FireFox tab, and post the link in that tab, I get the same warning. Edited May 13, 2023 by itman
itman 1,790 Posted May 13, 2023 Author Posted May 13, 2023 Much worse is I am no longer connected to the Eset forum and try to connect to an Eset knowledge article, I receive the same CATCHA warning;
Marinos 0 Posted May 13, 2023 Posted May 13, 2023 6 minutes ago, itman said: Much worse is I am no longer connected to the Eset forum and try to connect to an Eset knowledge article, I receive the same CATCHA warning; Look I really don't know what is happening but I am connected from my phone and the captcha thing doesn't happen
itman 1,790 Posted May 13, 2023 Author Posted May 13, 2023 (edited) Maybe this is the issue. My ISP, AT&T, uses 6rd tunneling on their issued gateways and there are thousands of these in the U.S. 6rd, like 6to4 tunneling, requires use of tunnel brokers. The gateway converts the IPv6 address to an tunnel compatible IPv4 address which is forwarded to like tunnel broker IPv4 address. The hilarious part about this is if Eset detected botnet activity from my device, why is not ESSP Botnet protection detecting this? Is this a friggin botnet ........? Get real, Eset. Edited May 13, 2023 by itman
Administrators Marcos 5,408 Posted May 14, 2023 Administrators Posted May 14, 2023 13 hours ago, itman said: Whenever I mouse click on a posted link in the forum, I get the below CATCHA warning. This just started about an hour ago. I assume this is when you clicked a link to a KB at https://support.eset.com ? If you click a link to a non-ESET website the warning doesn't appear? We'll check it out. I've asked a colleague to find out if an unusual activity has been recently detected by WAF from your IP address. Of course, it doesn't necessarily mean that the suspicious activity originated from your machine.
Administrators Marcos 5,408 Posted May 14, 2023 Administrators Posted May 14, 2023 3 hours ago, el el amiril said: following What do you mean by "following"? Was unusual activity detected from your IP address as well?
el el amiril 0 Posted May 14, 2023 Posted May 14, 2023 2 hours ago, Marcos said: What do you mean by "following"? Was unusual activity detected from your IP address as well? No sir just a comment to follow the updates on this topic.
itman 1,790 Posted May 14, 2023 Author Posted May 14, 2023 6 hours ago, Marcos said: I assume this is when you clicked a link to a KB at https://support.eset.com ? No CAPTCHA warning from that link. This link: https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab?ref=esf , triggers the warning each time. Perhaps related to accessing Eset server hosting knowledge base articles. 6 hours ago, Marcos said: If you click a link to a non-ESET website the warning doesn't appear? Correct, only Eset web sites and a "hit or miss" on those.
itman 1,790 Posted May 14, 2023 Author Posted May 14, 2023 (edited) Interesting tracert output for support.eset.com: Quote Tracing route to support.gtm.eset.com [52.4.210.140] over a maximum of 30 hops: 1 6 ms 4 ms 4 ms dsldevice.attlocal.net [192.168.x.xxx] 2 6 ms 6 ms 6 ms 162-226-252-1.lightspeed.bcvloh.sbcglobal.net [xxx.xxx.xxx.xxx] 3 7 ms 8 ms 8 ms 71.151.85.132 4 * * * Request timed out. 5 * * * Request timed out. 6 15 ms 13 ms 13 ms 32.130.17.221 7 27 ms 16 ms 15 ms 12.87.195.70 8 * * * Request timed out. 9 * * * Request timed out. First, the tracert timed out prior to reaching any Eset destination. Also the auto changing of URL to support.gtm.eset.com. The DNS resolved IP address for support.eset.com is not 91.228.166.47 or 91.228.167.128 in Slovakia, but an Amazon server in the U.S; I assume for support.gtm.eset.com. The last hop IP address shown of 12.87.195.70 equates to an AT&T relay server in the U.S.. Edited May 14, 2023 by itman
itman 1,790 Posted May 14, 2023 Author Posted May 14, 2023 I am pretty sure I know what is causing these Eset web site CAPTCHA warnings. If you make more than a couple of requests to support.est.com/* sub-domains in a short time interval, Eset servers think you're a bot and put you on some type of Eset temp CAPTCHA only block list.
Recommended Posts