Namebio.com - UNUSUAL ACTIVITY DETECTED ?

[NYJimbo]

Suddenly for the past week if I go to namebio to check sales, I get this message:

UNUSUAL ACTIVITY DETECTED
Your access to the site has been temporarily disabled, please try again later. If you are using a VPN please turn it off and try again now. Some browsers such as Opera and Puffin, and some antivirus programs, act as a proxy and it is the same as using a VPN.

If you feel this was done in error please contact us and include your IP Address:

XX.XX.XX.XX​

Where my IP is listed as the VPN. I do not use a VPN and this IP has been in use for a year. No other site that checks for VPN reports it as such.

Anyone else seeing this ?

 

[joro001]

Yes me too.

 

[Hypersot]

If it helps, I've been using namebio everyday (incl. today) and I experienced no such thing. Using my real IP (no VPN) from Greece.

 

[cyc]

I have also same problem that accessing to namebio.com forwards my browser to the https://namebio.com/relax page.

Tried with two different ip addresses in Turkey (not VPN based) and submitted the contact from including my ip addresses.

Maybe @Michael provide us detail information about this issue as soon as possible via here.

 

[The Durfer]

hmmm my works fine with ip not vpn.

 

[Josytal]

Suddenly for the past week if I go to namebio to check sales, I get this message:

UNUSUAL ACTIVITY DETECTED
Your access to the site has been temporarily disabled, please try again later. If you are using a VPN please turn it off and try again now. Some browsers such as Opera and Puffin, and some antivirus programs, act as a proxy and it is the same as using a VPN.

If you feel this was done in error please contact us and include your IP Address:

XX.XX.XX.XX​

Where my IP is listed as the VPN. I do not use a VPN and this IP has been in use for a year. No other site that checks for VPN reports it as such.

Anyone else seeing this ?

Nothing unusual.

Bad bots are a big headache now a days. When they are not distorting your metrics with DDoS attack, they are probing your site for vulnerability. I go berserk each time I analyse our server's visitor access log files.

80% of visits are from bad bots.
20% from human beings.
19% of requests contains malicious codes.

And one thing common feature about these bots is that they all hide behind VPN, Public Proxies and Data Centers.

Humans don't access websites from data centers. The only legit traffic from data centers are the search engine robots, including google bots, bingo etc.So you can easily white-list those. Others are mostly nuisance!
And most VPN are hooked-up with Data Centers. Got the logic?!
Just read this article:
https://www.colocationamerica.com/blog/data-centers-and-vpns

The bad bot problem affects every industry. Ignore it at your peril. The success of your business just might depend on it.

To roundup my ramblings, measures are being taken, and that include, but not limited to before granting access, checking a visitor's IP with those in database of black-listed IPs. Range of IPs can also be probed. There are APIs already in place for that.

So if your IP is being blocked, first check the database.

https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/
https://www.abuseipdb.com/

It may turn out that your IP (or range) has been abused multiple of times.

 

[NYJimbo]

This was the response they sent me:

James,

You were automatically banned for abusing the price range filter to get around the 100 results limit. Since you have a solid history of using the site in a way that I wouldn't consider abusive I removed the ban, but please don't do that again. It's ok in small quantities like there are 300 results and you want all of them, but trying to take all the .org sales from the past year wouldn't be an acceptable use. Thanks and sorry for the inconvenience.

Michael Sumner, CEO
NameBio.com
​

I truly have no idea what they are talking about. I use their service a few times a month. I use no tools or bots, make no tricky maneuvers. I only click on the options they provide.

Right now it looks like they have something available they regret offering and want to blame people from using it. I did not try to get all .org sales for the past year, that is not true.

Pretty sad to blame people from just clicking on what is available AND THEN banning them with no explanation.

Anyone banned should post Nambios reasoning here in this thread. I think they are hurting themselves by banning people instead of posting warnings. Especially when you can't tell if you did something wrong.

 

[Josytal]

This was the response they sent me:

James,

You were automatically banned for abusing the price range filter to get around the 100 results limit. Since you have a solid history of using the site in a way that I wouldn't consider abusive I removed the ban, but please don't do that again. It's ok in small quantities like there are 300 results and you want all of them, but trying to take all the .org sales from the past year wouldn't be an acceptable use. Thanks and sorry for the inconvenience.

Michael Sumner, CEO
NameBio.com
​

I truly have no idea what they are talking about. I use their service a few times a month. I use no tools or bots, make no tricky maneuvers. I only click on the options they provide.

Right now it looks like they have something available they regret offering and want to blame people from using it. I did not try to get all .org sales for the past year, that is not true.

Pretty sad to blame people from just clicking on what is available AND THEN banning them with no explanation.

Anyone banned should post Nambios reasoning here in this thread. I think they are hurting themselves by banning people instead of posting warnings. Especially when you can't tell if you did something wrong.

And what makes you think you are the only one accessing Namebio with your current IP?
Even if it's a dedicated IP, there are chances that someone has used or is using that IP with ulterior motives. Get the basics.

 

[mitch007]

I have had that problem for several weeks

 

[NYJimbo]

And what makes you think you are the only one accessing Namebio with your current IP?
Even if it's a dedicated IP, there are chances that someone has used or is using that IP with ulterior motives. Get the basics.

Oh please, are we going to go into the "what if" thing to make Namebio feel better ? Its only me using it. You can create fantasy situations to absolve them of this heavy handed response, but it's all bullcrap.

 

[NYJimbo]

I have had that problem for several weeks

Go back to their site and post a complaint, lets see what their reason is.

 

[Michael]

Sometimes that message shows when you're temporarily rate limited, if you see it for more than a few minutes then it isn't temporary. In that case if you weren't doing something abusive do what it says on the page and contact us, I'm happy to manually review it and reverse it. Also just as a side note, the /relax page doesn't check if you're still banned or not, so don't just refresh that page. Always try to go back to the home page to see if it is still in effect.

@Josytal is spot on. The amount of abuse we receive is mind-boggling. Before we implemented our current security systems we'd have single IP addresses hitting us hundreds of thousands of times per day. There are a lot of ways to get banned now, and it has been like that for a few years. Without getting into everything, here are some examples:

- If you go over a certain number of searches in a day, you get banned.
- If you use a VPN, you get banned.
- If you use TOR or any other kind of proxy, you get banned.
- If you try to access the site from a hosting company, you get banned.
- If you start hitting a ton of details pages and you're not a search engine, you get banned.
- If you search sequentially like aa, ab, ac, ad, etc., you get banned.
- Even if you shuffle the above strategy randomly (za, qb, ed, etc.), you get banned.
- If you try to walk through all the results with small price bands, you get banned.
- If you try to walk through all the results with small length bands, you get banned.

There are others but you probably get the idea. In addition to all of that, we also check your IP address against a security service that uses machine learning to give you a risk score. If you are scored maximum risk, you get banned.

Considering that we serve more than a quarter of a million unique users a year that are doing multiple millions of searches from almost every country on the planet, the system has a very small number of false positives. And again I'm happy to review those manually and reverse them when appropriate.

Doing all of that allows the site to load nice and quickly for legitimate users, and keeps our hosting costs at a reasonable level. I do apologize for the inconvenience when you're banned and you shouldn't have been.

This was the response they sent me:

James,

You were automatically banned for abusing the price range filter to get around the 100 results limit. Since you have a solid history of using the site in a way that I wouldn't consider abusive I removed the ban, but please don't do that again. It's ok in small quantities like there are 300 results and you want all of them, but trying to take all the .org sales from the past year wouldn't be an acceptable use. Thanks and sorry for the inconvenience.

Michael Sumner, CEO
NameBio.com
​

I truly have no idea what they are talking about. I use their service a few times a month. I use no tools or bots, make no tricky maneuvers. I only click on the options they provide.

Right now it looks like they have something available they regret offering and want to blame people from using it.

Pretty sad to blame people from just clicking on what is available AND THEN banning them with no explanation.

Anyone banned should post Nambios reasoning here in this thread. I think they are hurting themselves by banning people instead of posting warnings. Especially when you can't tell if you did something wrong.

Anything we make available gets abused, period. When I changed the Date Range filter to allow users to select any custom range, it took less than two hours before it was being slammed with bots walking back through all the data one day at a time. So I had to switch it back to preset ranges and everybody lost out on a nice feature. Just because we make something available doesn't mean we're ok with it being abused.

The price range filter is an annoying one. I want it there because it is helpful when trying to isolate wholesale or retail sales. And I'm also ok with someone using it occasionally to get around the 100 results limit, like if there are 200-300 results and you want them all that's fine. But when search after search after search is doing that, we ban because it's almost always a bot and even when it isn't it is unwanted activity.

I could prevent everyone from using small price ranges if you like, that's the easiest solution. I personally feel like that would be a step backwards though, like the date ranges. I don't display warnings because that would just allow abusers to go right up to the edge of getting banned every time, and then come back later for more abuse. I like to give bots enough rope to hang themselves. Sure, it snags a few innocent people from time to time, but that's just the nature of it unfortunately.

I'm not sure how you don't know what I'm talking about though. It's not usual activity to want to see all .org sales from the past year between $225 and $250, among various other tiny price ranges, with no other filters used at all. That's almost always someone trying to copy/paste large amounts of data, and even when it isn't it is still suspicious enough that I'm comfortable banning it and reviewing it manually.

Thanks for posting my private email to you and encouraging others to do it as well. If you get banned again I think your email is going to get lost in my spam filter

 

[NYJimbo]

Thanks for posting my private email to you and encouraging others to do it as well. If you get banned again I think your email is going to get lost in my spam filter

Gee, pretty weak if you asked me. Are you afraid of people questioning you ? If you are randomly banning, why should people not ask about it? Other PROFESSIONALS on this forum can deal with criticism, why not you ?

I guess instead of you tweaking your site to be more user friendly, you would prefer people just coming up with work arounds to abuse it. Ok, can do.

 

[Josytal]

Oh please, are we going to go into the "what if" thing to make Namebio feel better ? Its only me using it. You can create fantasy situations to absolve them of this heavy handed response, but it's all bullcrap.

Fantasy situations?
It's no fantasy. It's real.

To make Namebio feel better?!
Ridiculous ! I'm not affiliated to Namebio, so I've no conflict of interest. I've only related your issues to possible scenario, based on my experience.
No hard feelings.
I'm off here.

 

[Michael]

Gee, pretty weak if you asked me. Are you afraid of people questioning you ? If you are randomly banning, why should people not ask about it? Other PROFESSIONALS on this forum can deal with criticism, why not you ?

I guess instead of you tweaking your site, you would prefer people just coming up with work arounds to abuse it. Ok, can do.

Nope, I don't mind people questioning me or criticizing me publicly. I just don't think it is very professional to post private conversations with this ridiculous "gotcha" attitude. I replied to your email within a few hours on a Sunday and resolved your issue. I've publicly explained various measures we have in place and why they are there. I'm not sure what more you want from me... you don't even pay to use the site.

We're not "randomly" banning. Everything is geared towards detecting ways that bots usually go about trying to take all of the data. It's pretty rare for a legitimate user to get tripped up, and so far everyone has been understanding about it except for you. Your signature is spot on by the way.

And again @Josytal is correct, it's very possible to be banned and it not even be your fault. Someone else from this thread happened to get cycled onto a banned IP address that another user abused the site with seven months ago. That's pretty darn rare though considering how many IP addresses there are. Can also happen on corporate networks where hundreds or even thousands of people share the same IP.

 

[mitch007]

I have had that problem for several weeks

Here is the response back I just received. Not really sure what I did to warrant the ban.

Mitch,

That IP address was banned more than seven months ago for visiting the same details page over and over and over again without doing anything else. I think you just got cycled onto it by chance. I removed the ban, let me know if you have any more issues. Sorry for the inconvenience.

Michael Sumner, CEO
NameBio.com

 

[NYJimbo]

Nope, I don't mind people questioning me or criticizing me publicly. I just don't think it is very professional to post private conversations with this ridiculous "gotcha" attitude.

You are blocking people from using functions clearly available on your site and then giving them this response that THEY are abusing it.

If I didn't post the email, nobody else would know why they might be blocked and THEY SHOULD post their reason they were, so we can find out why this is suddenly happening.

Go ahead and block me, do it to everyone who uses the functions you make available, but don't explain why you did it. I am sure it will bring you lots of paying customers.

 

[NYJimbo]

Here is the response back I just received. Not really sure what I did to warrant the ban.

You said several weeks, they said 7 months. Do you know if you used it in the last 7 months ?

 

[mitch007]

You said several weeks, they said 7 months. Do you know if you used it in the last 7 months ?

yes, the ban has been 7 months at least.... i just never followed up on it until now

 

[Michael]

You are blocking people from using functions clearly available on your site and then giving them this response that THEY are abusing it.

If I didn't post the email, nobody else would know why they might be blocked and THEY SHOULD post their reason they were, so we can find out why this is suddenly happening.

Go ahead and block me, do it to everyone who uses the functions you make available, but don't explain why you did it. I am sure it will bring you lots of paying customers.

Like I said, just because a filter is available doesn't mean we're ok with it being abused. For example we have a free-form keyword filter, but that doesn't mean we're ok with you typing a, b, c...z, aa, ab, ac...zz, aaa, aab, aac...zzz trying to take all of the sales. So while it's "clearly available" like you keep parroting, that doesn't mean I'm ok with you using it to take all of the data. I shouldn't need to give a warning not to do that, it should be common sense. It's pretty difficult to get banned if you aren't trying to get around limits.

I prefer to allow as much functionality as possible and ban when someone abuses it, rather than just not making it available or severely limiting it. It's difficult to just not allow something entirely too. There's nothing wrong with searching "aaa" as the keyword, it's not until you've followed that with aab, aac, aad, etc. that we know you're up to no good. So we can only block it once we see a pattern. Same for price ranges, although there are very few legitimate scenarios for doing $25 wide price bands like you did, so maybe I should just not allow price ranges tighter than a few thousand to avoid this abuse. Anyway that's why some things are possible to do on the site even though you shouldn't do too much of it.

None of this is sudden, these systems have been in place for years. Just because it is the first time you experienced it doesn't mean it is something new. It should actually show you how infrequently it happens. And like it says on the Relax page you just have to contact me and I'll take care of it, no need to start a witch hunt. Most people read that, do what it says, and get on with their day.

I guess I need to go on the record and say "I'm not ok with you copying and pasting large amounts of data, and if you search in a way that facilitates that (even if it wasn't your intention) you're almost definitely going to get banned. But if it wasn't your intention let me know and I'll fix it." So that means if you want to search for 4L where the first two letters are the same, don't search aa, bb, cc...zz at the start because that'll look like bot activity, instead search AALL as the pattern and be done with it. And if you want all .org sales from the past year then pay for a membership and export them rather than screwing around with price ranges.

Mystery solved.

 

[cyc]

Like I said, just because a filter is available doesn't mean we're ok with it being abused. For example we have a free-form keyword filter, but that doesn't mean we're ok with you typing a, b, c...z, aa, ab, ac...zz, aaa, aab, aac...zzz trying to take all of the sales. So while it's "clearly available" like you keep parroting, that doesn't mean I'm ok with you using it to take all of the data. I shouldn't need to give a warning not to do that, it should be common sense. It's pretty difficult to get banned if you aren't trying to get around limits.

I prefer to allow as much functionality as possible and ban when someone abuses it, rather than just not making it available or severely limiting it. It's difficult to just not allow something entirely too. There's nothing wrong with searching "aaa" as the keyword, it's not until you've followed that with aab, aac, aad, etc. that we know you're up to no good. So we can only block it once we see a pattern. Same for price ranges, although there are very few legitimate scenarios for doing $25 wide price bands like you did, so maybe I should just not allow price ranges tighter than a few thousand to avoid this abuse. Anyway that's why some things are possible to do on the site even though you shouldn't do too much of it.

None of this is sudden, these systems have been in place for years. Just because it is the first time you experienced it doesn't mean it is something new. It should actually show you how infrequently it happens. And like it says on the Relax page you just have to contact me and I'll take care of it, no need to start a witch hunt. Most people read that, do what it says, and get on with their day.

I guess I need to go on the record and say "I'm not ok with you copying and pasting large amounts of data, and if you search in a way that facilitates that (even if it wasn't your intention) you're almost definitely going to get banned. But if it wasn't your intention let me know and I'll fix it." So that means if you want to search for 4L where the first two letters are the same, don't search aa, bb, cc...zz at the start because that'll look like bot activity, instead search AALL as the pattern and be done with it. And if you want all .org sales from the past year then pay for a membership and export them rather than screwing around with price ranges.

Mystery solved.

@Michael Of course, you're right to prevent abuse for possible Botnet attacks, but, as long as you provide people many search variations, your firewall seems very aggressive about this.

People at worldwide making queries at Google Search as an example, millions and/or billions or more of queries maybe, but their system is perfectly configured for mitigating bots.

Time based limiting for search queries is the first option, using Web Application Firewall (WAF) is the second and then reCAPTCHA are mostly better than the system you use recently.

Banning an ip addres is not a different thing than shutting down the services.

 

[NYJimbo]

I guess I need to go on the record and say "I'm not ok with you copying and pasting large amounts of data, and if you search in a way that facilitates that (even if it wasn't your intention) you're almost definitely going to get banned. But if it wasn't your intention let me know and I'll fix it." So that means if you want to search for 4L where the first two letters are the same, don't search aa, bb, cc...zz at the start because that'll look like bot activity, instead search AALL as the pattern and be done with it. And if you want all .org sales from the past year then pay for a membership and export them rather than screwing around with price ranges.

None of which I was doing, but I see you are sticking to this lie, so what can I do ?

But since you just blocked me again out of spite, there is no point in responding or keeping this thread open.

 

[Michael]

@Michael Of course, you're right to prevent abuse for possible Botnet attacks, but, as long as you provide people many search variations, your firewall seems very aggressive about this.

People at worldwide making queries at Google Search as an example, millions and/or billions or more of queries maybe, but their system is perfectly configured for mitigating bots.

Time based limiting for search queries is the first option, using Web Application Firewall (WAF) is the second and then reCAPTCHA are mostly better than the system you use recently.

Banning an ip addres is not a different thing than shutting down the services.

Google is actually not perfectly configured, otherwise MOZ, SpyFu, SEMRush and a myriad of other SEO/SEM tracking services wouldn't exist. Google has an army of people with PhD's working for them too but they still can't stop the bots. Given their massive infrastructure it's not much of an issue though.

We do rate limit, but that isn't effective when it's pretty easy to get a new IP address these days. That's actually the first system we had in place but it didn't work well. I also tried invisible reCAPTCHA but I got a flood of complaints from people around the world that the service doesn't work correctly in their country (especially China), so that experiment only lasted a few days.

As far as I know WAF is mainly geared towards blocking hacking/exploits. Services like CloudFlare can help stop bot activity, but it doesn't do a very good job other than for large-scale DDoS attacks. Plus a decent amount of the bot activity is hobbyists on their residential ISP running scripts on their home computer, CloudFlare isn't going to stop that.

Our system is not aggressive. 99.99%+ of people using the site each day manage to not get themselves banned. The activity that can get you banned is very much targeted to strategies bots use to take all of the data, each one was put in place to mitigate an actual attack. It's very rare for a human with good intentions to trigger the checks, and when that does happen I try to be quick to correct it and if they have a reasonably static IP address I'll often add them to a whitelist.

I appreciate your input but I guarantee you I'm more familiar with what is happening on our server and how it is possible to stop unwanted activity while minimizing false positives. I've spent weeks of my life over the course of years thinking about it, dealing with it, and adjusting as needed.

None of which I was doing, but I see you are sticking to this lie, so what can I do ?

But since you just blocked me again out of spite, there is no point in responding or keeping this thread open.

If you're going to call me a liar you don't leave me much choice but to post your search history. See the below screenshot for the tail end of it. It goes on like this for hundreds of more searches where you're messing with price ranges for .org, .tv, and .co, although you didn't need as small of price ranges for those ccTLDs due to the lower volume of sales.

But that's still trying to get around the 100 results limit in large volume. So exactly like I said, $25 price bands at the end and other similarly small ranges. You didn't do it enough to concern me, which is why I manually reversed the ban when you contacted me, but I still needed to explain why just so you could avoid the automatic ban in the future.

And yes, after you called me a liar I reserved the right to not serve you. Not so much out of spite but because I choose not to deal with toxic people. Let's just say I'm keeping back 500 feet as your signature suggests. I removed the ban in a timely manner and gave you a warning about price ranges, defended myself in public against your bad-mouthing as politely as I could muster, all while continuing to let you benefit from my hard work for free.

Libel is where I draw the line and show you the door.

 

[Michael]

I just changed the Relax page so that if you are no longer banned, refreshing the page will send you back to the home page rather than keeping you there. I also updated the page to give users more information, that way you know if the ban is temporary or permanent, and why it happened. I was already explaining that when users contact me, but hopefully this will help a bit.