Simple-Server being marked as malicious and being blocked by many ISPs

Our server hosted at DO SH after 7 years just started having issues being blocked or identified as malicious by random ISPs or routers. Like TP-Link, nighthawk but Cisco’s and real enterprise equipment does not have issues near as much.

We found a random toolbox resource being marked as a virus by windows and Webroot.

The server is not infected. We ran rkhunter and many other tools including a 100% fresh updated VM.

We deleted it. Rebuilt a new VM did all the updates put it on a new IP. Cleaned and scanned the backup then rezipped removing all of tools and restored it.

Same issue. Different IP, different, network, different ASN. Different data center. Basically only the domain is the same which is hosted at cloudflair and they confirmed they do not see anything on their end. It’s not proxyed with through them. As that did cause issues in the past.

So my next step would be to make a use a new domain as a test.

The weird thing is if we use the VM we host simple help on and shut down simple help and put a temp Apache page it will pull up just fine on any network. I can trace route to it until I have SH running. Once it’s running the ISP will stop responding. Once it hits the server.

There’s a lot more back story on this. I’m willing to pay for an experts time to look into this with me via zoom.

About half of our Remote Access client do not work. Most of which we control the firewall and antivirus for. So even after white listing simple help it still does not.

I have several screenshots and can take videos.

I’m really just at a lost. Almost 50% of our machines do not connect to the remote service agent. To make matters more complex…. Some computers on the same network with the same AV and aD policy’s connect just fine. Fully updated windows.

Been using SH over 12 years and never had an issue like this.

Any ideas?

Thanks for anything who has a legit suggestion.

Hey @Josh_Barrett you figure this out?

I believe it was an issue with the URL being blacklisted for some reason. However I ended up deleting the VM moving to another DC, getting a new IP and fresh OS then simply restore the SimpleHelp backup.

It took about a week but no longer having issues I know of. I will say the SH staff was very helpful and knowledgeable. They gave very detailed information on what to look for. While they are not always the fastest in getting back to tickets I am very happy with their support team!

Thanks for checking back!

2 Likes

just an FYI for those with similar “being blocked” issues…
Comcast/Xfinity business Security Edge blocks Simplehelp
and unfortunately adding an ‘allow’ for your server IP in the Security Edge interface does nothing, the only way to resolve is to turn off SecurityEdge [SE] via your comcast account (business.comcast.com). And surprise, sometimes the service is in such a state of disarray that you can’t even turn it off and have to call comcast business support and have them turn it off for you. note also that it will eventually turn it self back on and you have to rinse and repeat.

So glad we don’t have Comcast here… It’s amazing how bad a company can be.