itman 1,659 Posted May 13, 2023 Share Posted May 13, 2023 (edited) Whenever I mouse click on a posted link in the forum, I get the below CATCHA warning. This just started about an hour ago. Worse, if I copy a link from a forum posting, open a new FireFox tab, and post the link in that tab, I get the same warning. Edited May 13, 2023 by itman Link to comment Share on other sites More sharing options...
itman 1,659 Posted May 13, 2023 Author Share Posted May 13, 2023 Much worse is I am no longer connected to the Eset forum and try to connect to an Eset knowledge article, I receive the same CATCHA warning; Link to comment Share on other sites More sharing options...
Marinos 0 Posted May 13, 2023 Share Posted May 13, 2023 6 minutes ago, itman said: Much worse is I am no longer connected to the Eset forum and try to connect to an Eset knowledge article, I receive the same CATCHA warning; Look I really don't know what is happening but I am connected from my phone and the captcha thing doesn't happen Link to comment Share on other sites More sharing options...
itman 1,659 Posted May 13, 2023 Author Share Posted May 13, 2023 (edited) Maybe this is the issue. My ISP, AT&T, uses 6rd tunneling on their issued gateways and there are thousands of these in the U.S. 6rd, like 6to4 tunneling, requires use of tunnel brokers. The gateway converts the IPv6 address to an tunnel compatible IPv4 address which is forwarded to like tunnel broker IPv4 address. The hilarious part about this is if Eset detected botnet activity from my device, why is not ESSP Botnet protection detecting this? Is this a friggin botnet ........? Get real, Eset. Edited May 13, 2023 by itman Link to comment Share on other sites More sharing options...
el el amiril 0 Posted May 14, 2023 Share Posted May 14, 2023 following Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted May 14, 2023 Administrators Share Posted May 14, 2023 13 hours ago, itman said: Whenever I mouse click on a posted link in the forum, I get the below CATCHA warning. This just started about an hour ago. I assume this is when you clicked a link to a KB at https://support.eset.com ? If you click a link to a non-ESET website the warning doesn't appear? We'll check it out. I've asked a colleague to find out if an unusual activity has been recently detected by WAF from your IP address. Of course, it doesn't necessarily mean that the suspicious activity originated from your machine. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted May 14, 2023 Administrators Share Posted May 14, 2023 3 hours ago, el el amiril said: following What do you mean by "following"? Was unusual activity detected from your IP address as well? Link to comment Share on other sites More sharing options...
el el amiril 0 Posted May 14, 2023 Share Posted May 14, 2023 2 hours ago, Marcos said: What do you mean by "following"? Was unusual activity detected from your IP address as well? No sir just a comment to follow the updates on this topic. Link to comment Share on other sites More sharing options...
itman 1,659 Posted May 14, 2023 Author Share Posted May 14, 2023 6 hours ago, Marcos said: I assume this is when you clicked a link to a KB at https://support.eset.com ? No CAPTCHA warning from that link. This link: https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab?ref=esf , triggers the warning each time. Perhaps related to accessing Eset server hosting knowledge base articles. 6 hours ago, Marcos said: If you click a link to a non-ESET website the warning doesn't appear? Correct, only Eset web sites and a "hit or miss" on those. Link to comment Share on other sites More sharing options...
itman 1,659 Posted May 14, 2023 Author Share Posted May 14, 2023 (edited) Interesting tracert output for support.eset.com: Quote Tracing route to support.gtm.eset.com [52.4.210.140] over a maximum of 30 hops: 1 6 ms 4 ms 4 ms dsldevice.attlocal.net [192.168.x.xxx] 2 6 ms 6 ms 6 ms 162-226-252-1.lightspeed.bcvloh.sbcglobal.net [xxx.xxx.xxx.xxx] 3 7 ms 8 ms 8 ms 71.151.85.132 4 * * * Request timed out. 5 * * * Request timed out. 6 15 ms 13 ms 13 ms 32.130.17.221 7 27 ms 16 ms 15 ms 12.87.195.70 8 * * * Request timed out. 9 * * * Request timed out. First, the tracert timed out prior to reaching any Eset destination. Also the auto changing of URL to support.gtm.eset.com. The DNS resolved IP address for support.eset.com is not 91.228.166.47 or 91.228.167.128 in Slovakia, but an Amazon server in the U.S; I assume for support.gtm.eset.com. The last hop IP address shown of 12.87.195.70 equates to an AT&T relay server in the U.S.. Edited May 14, 2023 by itman Link to comment Share on other sites More sharing options...
itman 1,659 Posted May 14, 2023 Author Share Posted May 14, 2023 I am pretty sure I know what is causing these Eset web site CAPTCHA warnings. If you make more than a couple of requests to support.est.com/* sub-domains in a short time interval, Eset servers think you're a bot and put you on some type of Eset temp CAPTCHA only block list. Link to comment Share on other sites More sharing options...
Recommended Posts