Saturday, March 21, 2009

403 Forbidden - March 2009

This week, we're seeing more reports of the return of an old friend (not)
We're sorry...

... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now.


When asked about this in the forums in the past, Blogger has described it as a problem with "fuzzy detection". Like many chronic Blogger problems, it doesn't have a simple solution.

Google, like every large Internet presence on the face of the earth, is constantly under attack. If the bad guys use a large and varied army of botted computers, the Google attack detection servers have to look for a pattern in the attack. In some cases, they will see an attack coming from a block of Internet addresses. You may be unlucky enough to have your connectivity using an address similar to the block detected in the attack, and the fuzzy logic will see your address as part of the attack.

If you seem to be affected by this detection more often, that may not be your imagination. Internet advertising being what it is, a certain type of Internet customers are attracted to certain ISPs. A large ISP, with customers more interested in high bandwidth and file sharing, will provide good targets for the bad guys. The bad guys use can file sharing to hack their victims computers, giving them lots of new botted computers, which they can then use to launch their attacks against Google and other corporations.

If you are using the same Internet service as your neighbours (maybe not those geographically near you), even though you may not do file sharing so intently, and you may keep your computer clean, you may still be seen as a possible attack vector by Google, simply because you are part of the same address block as a detected botnet which may be actively in use.

When you see this error on your screen, you could consider this a wakeup call, and seek reliable and professional help, like DSLR Forums - Security Cleanup - if you're at all uncertain about the status of your computer. The advice provided at Security Cleanup is free, but the helpers there are carefully moderated, and they are very professional and respectful to those asking for help. Observe the *Mandatory Steps Before Requesting Assistance*, and you'll be starting properly there.

Also, remember that, unless your readers are very homogenous in their Internet access and use, even though you see this error, it's not a given fact that this error is affecting access to your blog, specifically. This error appears to have an affinity based upon Internet access, not upon Internet content.

>> Top

4 comments:

Kris Nelson said...

I was pegged by this earlier in the morning, but luckily it cleared up after a few hours. After testing from different computers at home and getting the same results, I tried my mobile broadband connection (having a different outbound IP address) and was able to access my blogs without a problem.

It had me slightly worried for a moment because I had just installed a Linksys Media Center Extender the night before, which required me to make a few firewall policy changes. My first assumption was something new really was spamming out on my machine after the firewall changes, but after some initial testing and thanks to your post I soon realized it was on their end, not mine.

Adding it to my list of reasons to consider as switching to installing WordPress instead of with Blogger.

Chuck said...

Kris,

You can travel in a bus (Google) or in a personal auto (WordPress), but if you're on the Interstate highway (Internet) and there's a traffic accident up ahead (bot attack by the bad guys), you'll be affected.

WordPress will be under attack too occasionally, they may not be as able to defend themselves though. WordPress is a good alternative for many - I'm not sure that freedom from false botnet attack detection is one advantage.

And if you're in a traffic jam, being on a bus with a rest room may be a wonderful thing.

Elaine Garrett said...

I've never seen that message in all the years I've been traveling around the web -- until this afternoon! What a timely blog!

I'm glad you explained it.

Rarity said...

Maybe you can help us?

I have - and quite a few others - been posting about an acute log in problem (blogger.com just wont load) for days now, and no one "in charge" seems to respond.

Do any of the technical guys even read the Blogger Help Group - and if they do - why can they not give some kind of answer to at least let us know that they are looking into it? (sorry! I'm not holding you resposible for their (in)action... :o)

I can only post THIS comment because I'm not on my home computer right now... the login problem seemed to make it impossible even to post a comment here on your site as well. I must admit I don't know your connection to blogger/google - but if you DO have some pull - would you consider helping us out?

Here is an example: http://groups.google.com/group/blogger-help-loginissues/browse_thread/thread/76b9b828959e4d54

Appreciate it!

Rarity :o)

(Have a good day, now!)