Firewall Frustration

Firewalls provide excellent protection and generate great consternation. Face it. We’d love a world with unfettered access to all the things we want. At the same time, just the thought of strangers running their fingers over our private possessions and information raises the hair on the back of our necks. So the best security solutions hide themselves from legitimate users. That’s the rationale behind fingerprint and face recognition logins. Similar unique identifications exist for the online world. That’s why it frustrates us so much when our face or finger fails to grant us the access we expect.

In our role as hosts Barbara and I see that frustration associated with firewall problems more than any other system. A typical scenario involves a client email or phone call desperately asking why a website fails to load. Of course, like the car that behaves well when taken to the mechanic, we don’t see a problem. Firewalls strike again!

Firewalls and the Cloak of Invisibility

Making something invisible protects it from unwanted attention. Camouflage works that way in nature and humans use it in all kinds of applications, from military to hiding cell phone towers that look like trees. So, our firewall hides your website from hackers. Of course, when your website disappears in front of you, you may think the server went down or something much less charitable.

With multiple servers and even more websites, we see this kind of thing all the time. Sometimes an entire server just disappears and we need to politely explain to the server that it needs to talk to us. Really, some days it feels like the servers act like a bunch of ill behaved children.

Things to Know

Knowledge proves the best defense against firewalls and their foibles. Here’s a list:

  • A good firewall trusts no one. It’s not you but everyone poses a potential threat and everyone includes, well, everyone.
  • The server knows you by your IP (Internet Protocol) address. Unless you pay for a static IP, your internet provider will change your IP for a long list of reasons, including their own schedule to change IP addresses. Most customer lockouts happen because of a changed IP address.
  • You can get your current public IP address from IPChicken, Google, or What’sMyIP. We also added your IP information at the bottom of all the pages on LyonsHost.com.
  • If you know that your IP address doesn’t match your white listed (allowed) address, get new and temporary addresses white listed before you work extensively on your website. This applies for travel or even moving between home and office.
  • When in doubt, check your website from another network. Disconnect your smartphone or tablet from your local network and connect to a separate network, like cellular or a neighboring WiFi network that you can access. Connecting with another provider make an especially effective test because that can uncover other possible issues.
  • How you behave matters. The average website user will never raise the attention of the firewall. On a server each function gains access on a specified port. Port 80 carries regular http (web page) traffic. Email goes in and out on another handful of ports (that’s another topic). The same is true for FTP, SSH, telnet, etc…. If you connect to a user account on two or more ports, you better belong there. Port knocking (as in, “knock knock, are your home.”) gets immediately blocked.
  • So many passwords, how do you remember yours? We use 1Password from Agilebits but you can choose from many similar products. The server looks for brute force and dictionary attacks. One or two mistakes can be forgiven but you don’t want someone standing at your door picking the locks. That means the account will be locked to all access from your IP for too many failed logins. Know your password or call us for a secure password reset.
  • Cross site scripting attacks connect unaffiliated websites to each other for attacks on other servers or to hijack traffic. Ultimately the nefarious goal involves some kind of criminal mischief. Normally a hosting customer avoids tripping this security measure, but an innocent action can look threatening to a nervous firewall. More likely, that cool plug-in you found at “Bob’s Free Plug-Ins” or “Truckloads of Great Free Themes” had something hidden in the code. Always vet anything you add to your website for validity. Most legitimate themes, plug-ins and templates come from providers who are well known to the community supporting the content management system you use.
  • Don’t spam people. I say this frequently. If your email address gets too many bounced messages (indicating bad addresses) too close together, you will be locked out of email. Everyone “fat fingers” an email address. That’s not the issue. If you send hundreds of messages and you can count on a lot of them bouncing back, clean your list.

Firewalls are not Your Enemy

With all the threats to your hosted services, firewalls really protect your interests. Knowing a little about these threats helps you avoid looking like a threat to your own website. That means that your website and email won’t mysteriously stop working when you have that 2:00 am inspiration. Also, if your website suddenly disappears, check to see if it loads on another network. If you do encounter a firewall problem, report it with your current IP and we can usually clear you within minutes.

Leave a comment

Leave a Reply