My business website has been blocked

Hello everyone

I’ve been self-employed for some time and had a website built. I checked that my hosting is reputable and offers an SSL certificate. Unfortunately, it happened again and again that my website was blocked by Swisscom users, or there were messages like ‘An SSL error has been reported’ and others like ‘no secure connection could be established’. Afterwards I contacted Hosting and they assured me that the domain had no malware and that the SSL certificate was correct. I had my website checked again using a form from Swisscom and it was unblocked.

Unfortunately my luck didn’t last long because it was blocked again. Hosting again claims everything is fine and in fact nothing has been changed on the website. I don’t understand why the problem keeps arising and how can I solve this permanently or prevent further bans? This is the website: https://physio2move.ch/

Can I ask you for your help?

Show original language (German)
  • WalterB has responded to this post.

    Interesting problem.

    The web server and its encryption are exemplary according to Qualys.

    However, my browser reports an SSL problem from my Swisscom Anschluss. When I access the site via VPN, it works. A test with nslookup shows that Swisscom’s DNS firewall is actually blocking something:

    C:\
    slookup physio2move.ch
    Server: internetbox.home
    Address: 2a02:1234:5678:abcd:a3c5:13ff:fe86:5b60

    Non-authoritative answer:
    Name: physio2move.ch
    Address: 195.186.208.193

    C:\
    slookup physio2move.ch 8.8.8.8
    Server: dns.google
    Address: 8.8.8.8

    Non-authoritative answer:
    Name: physio2move.ch
    Address: 5.252.229.221

    C:\

    Your web server has the IP 5.252.229.221, the reputation of this IP with IPQS and with [Talos](https:// www.talosintelligence.com/reputation_center/lookup?search=5.252.229.221) is in Order.

    Several hundred other websites are running on the same server. Perhaps one of these other websites is not entirely clean and Swisscom has immediately classified the entire web server as problematic? Just a guess.

    Either way, I come to the same conclusion as you, that Swisscom is causing a false alarm. Maybe @ChristianEb can help?

    Show original language (German)

    Have you tried turning it off and on again?

      Hello @Meimmepleth27

      No you can’t.

      Most likely the IP address is on the blacklist at Swisscom.

      The reasons can be due to a lot.

      As the previous speakers have said, several websites are hosted on such an IP. Most likely, such a website sends illegal information, etc.

      Only Swisscom knows whether Swisscom can put your host name on a withe list.

      Ask there but be persistent because your ticket has to be forwarded, the first level helpdesk cannot do that.

      Greetings Lorenz

      Show original language (German)

      @Meimmepleth27 wrote:

      Can I adjust something with my website so that DNS for Swisscom is always correct?

      Anyway, I find this strange since the website is configured correctly.

      My own site is with Hoststar and I had a problem with the Swisscom DNS a few years ago and Hoststar had adjusted something. I can’t say whether that’s the case for you too.

      You have to try whether Swisscom gives you information about what the problem is that the page is blocked by the Swisscom DNS, or pass on the information to your host that it works with DNS 1.1.1.1.

      Show original language (German)

      Installationen, Netzwerk, Internet, Computertechnik, OS Windows, Apple und Linux.

      @Meimmepleth27 wrote:

      Can I adjust something with my website so that DNS for Swisscom is always correct?

      First of all I would report the page again for unblocking:

      [https://www.swisscom.ch/de/privatkunden/internet-abo/schutz-sicherheit/internet-guard-details/formular.html](https://www.swisscom.ch/de/privatkunden/internet- subscription/protection-security/internet-guard-details/formular.html)

      Otherwise, the only option is direct contact with Swisscom. In any case, I don’t see any fault on your part or your hoster’s part.

      Show original language (German)

      @Meimmepleth27 wrote:

      Can I adjust something with my website so that DNS for Swisscom is always correct?

      As already written: No, unfortunately not.

      It’s best not to change anything, including not fiddling with the local DNS settings. Even if some people “solve” the problem without understanding it, your website remains unavailable to the remaining 6 million Swisscom customers. Only Swisscom can and must fix this.

      Show original language (German)

      Have you tried turning it off and on again?

      As @krypton and @PowerMac have already written, it’s best to report it again as only Swisscom can solve the problem.

      Below are a few more technical details if you are interested.

      Your domain has been blocked by Internet Guard, such blocks are always based on the domain and not on the IP address.

      It’s relatively easy to see if a domain is blocked by Internet Guard by running a DNS query.

      ; <<>> DiG 9.18.27 <<>> physio2move.ch
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39831
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;physio2move.ch.			IN A

;; ANSWER SECTION:
physio2move.ch.		0 IN A 195,186,210,241

;; Query time: 206 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Oct 01 09:42:36 CEST 2024
;; MSG SIZE rcvd: 59

      The IP (195.186.210.241) you see here belongs to Swisscom.

      The entry also has a TTL of 0, which clearly indicates a blacklist entry at Swisscom.

      When you access the website via HTTPS, an error is displayed because the certificate is invalid or the connection is not possible.

      This is also correct, because Swisscom cannot create a certificate for your domain.

      However, you can now access the IP address that is displayed in the DNS lookup directly via HTTP and you will then see that the site is blocked by Internet Guard.

      http://195.186.208.193/

      IG.png

      On the page you will also find the link to report the page as a false positive.

      Swisscom will probably have a mix of its own blacklists and blacklists from external providers.

      There are various providers of such lists and hardly any company does this exclusively themselves.

      If you have already reported the site once, it may have been removed from the whitelist before it was removed from the external list and is now being blocked again.

      It’s best to simply report again using the form, unfortunately you have no other choice.

      Show original language (German)

      I have now described the problem via the SME form and sent it. I’m curious when and what kind of feedback will come. This will affect my business a lot if the website for 6mil. User is considered unsafe…

      Show original language (German)

      So far no response from Swisscom. The strange thing is, the first time it was unlocked relatively quickly using the Internet Guard form. Now I get no answers at all…

      Show original language (German)

        Yes, that’s right. But I still haven’t received an answer from Swisscom as to why this even happened (twice!). It can’t be the case that it’s always hanging by a thread whether my business is blocked or not.

        Show original language (German)
        3 months later

        The website was unblocked without explanation and it worked fine for months. Now it’s blocked again “due to malware”… but all test sites can confirm that my website has no malware or anything like that… VERY annoying.

        Show original language (German)