“Blocked because of an intrusion attack. Your computer has been blocked because an intrusion attack originating from your system was detected. For more information, contact the system administrator.”
What is the issue you’re encountering
When certain users access the website, they are prevented from accessing it and served with the “Blocked because of an intrusion attack” error. Other users can access the website without issue.
What steps have you taken to resolve the issue?
I’m trying to figure out who is blocking it.
On Cloudflare, I…
Went to Security > Events and checked for any blocked requests within the last 30 minutes. I did not see anything blocked. I even tried accessing it again through my mobile data, and I still did not see anything blocked.
I also checked in Analytics & Logs > Security and did not see anything either.
I contacted Network Solutions and asked about the issue. They said they were not blocking anything on their end. They then recommended I check with my ISP.
I’m trying to find out if it’s Cloudflare or Network Solutions that is causing the issue. I have created no rules or anything on Cloudflare; just set up the SSL Certificate in the flexible setting. I suspect the issue is with Network Solutions. Of course, Network Solutions claims it isn’t them. Hoping to find a way to determine if the issue is with Cloudflare, or Network Solutions just blocking Cloudflare.
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Flexible
What are the steps to reproduce the issue?
It’s hit or miss; some computers can access the website, some cannot. For example, I used my phone and my computer to access the website from my WiFi. I was able to access it without issues. Then I turned off my WiFi on my phone, and access it using mobile data - I was served the error.
No, I am not running anything like that anywhere. The website is hosted on Network Solutions, so I’m not sure if they have anything going on for their end that could cause that. When trying through my mobile device, it uses Unreal Mobile (which would be the “ISP”/data). I don’t have any Fortinet security appliances between my phone and the website, so it would have to be either from Network Solutions, Cloudflare, or Unreal Mobile.
You can cross Cloudflare off the list. That is definitely not a message that originates at Cloudflare.
Reading over the topic that you linked makes me think that your webhost is not restoring original visitor IPs and is erroneously attributing malicious activity to Cloudflare proxy IPs.
You may want to review the following guide and consider sharing it with the support at your host.
Thank you for your response. I have a similar feeling that Network Solutions is blocking the proxy IPs from Cloudflare. After digging around, I found a list of Cloudflare’s proxy IPs: IP Ranges
Today, I will call Network Solutions and ask if they will allowlist the IPs. It doesn’t sound like they have any intention of admitting fault (it’s much easier for them to just insist we pay for an SSL certificate or security package), but perhaps this may resolve the issue. I don’t think it’s the ISP, because we have gotten the same error message from multiple sources with different ISPs. Unfortunately, even if Network Solutions say they will allowlist the IPs, there is no way to ensure they actually have.
I suppose my Plan B would be to switch to a different web host to see if that resolves the issue, however this is not ideal as we have already paid for Network Solutions up until 2033 (this was prior to me taking over).
In a bit of stressful news to this situation, it looks like the Google Crawler updated the search results for the website to reflect the “Attack Detected” page:
My guess is that when the crawler tried accessing the page (where Cloudflare is the reverse proxy), it too happened to get the “Attack Detected” page, then updated the index to reflect the “new” page. Given that the Google Crawler is getting the error page, I feel like it’s almost certain to be from Network Solutions. Would this be a good reason to rule out the ISP being at fault?
Also, I can now access the website with my phone via mobile now. Not sure if I’m accessing it with a different proxy, but it does work.
I’ll post again in this topic with an update once I talk to Network Solutions.