All devices (desktop and mobile) on my home IP (*, Delft, Zuid-Holland) can access the Postcrossing homepage, but whenever I try to navigate to the Community by clicking “Forum (NEW)”, it reports “Login Error: There is a problem with your account. Please contact the site’s administrator.” during SSO.
The virtual machine located at * (Delft, Zuid-Holland, currently in use) is not affected by the said error and can access both Homepage and Community.
sso_login:1 Failed to load resource: the server responded with a status of 500 ()
c715b2206d6afb0e5a97509fd693bdab3f78393b.js?__ws=community.postcrossing.com:83 Uncaught ReferenceError: jQuery is not defined
at c715b2206d6afb0e5a97509fd693bdab3f78393b.js?__ws=community.postcrossing.com:83
at c715b2206d6afb0e5a97509fd693bdab3f78393b.js?__ws=community.postcrossing.com:83
sso_login:1 Failed to load resource: the server responded with a status of 500 ()
I attempted to login on Edge and Chrome on my desktop PC, all returns login error. This is the same for my laptop. No additional security software is used other than built-in Windows Security.
My phone was able to access the forum (using previously save credentials) last night using home WiFi when posting the topic initially, but became inaccessible with the same error after the manual “logoff all” from VM.
I tried using mobile data and I was able to access the community page no problem. I can continue to use the page (without logout) after switching back to home Wi-Fi. It no longer works after sign out.
Probably this issue has something to do with my home IP somehow being blocked by a link in the authentication chain, which caused the login failure specific to this IP.
Somehow Discourse had added that IP to its list of “Screened IPs”. It’s not clear to me why and in which cases that happens. Normally it would be to prevent multiple signups but that doesn’t apply with this forum. Please let me know if it happens again and apologies for the trouble.
Also, thank you for all the help (and patience) in tracing this — if it happens to others, then we’ll know where to look first.
My ISP is using carrier NAT in this neighbourhood (simply, one public IP corresponds to many private client IP). I overlooked this fact during my troubleshooting as I incorrectly assumed that I was assigned a public IP by my ISP.
So it’s likely that some people in my neighbourhood using the same ISP was potentially spamming (or more likely, tried to legitimately sign up for forum) that cause Discourse to flag this IP.
I would admit, blacklisting IP address is a cruel & effective approach to stop spamming. But in a world where IPv4 addresses has already exhausted, it’s a less-elegant solution.
In cases of banning traffic based on IP addresses, the system might block the traffic of a spamming user by banning the user’s IP address. If that user happens to be behind carrier-grade NAT, other users sharing the same public address with the spammer will be mistakenly blocked. This can create serious problems for forum and wiki administrators attempting to address disruptive actions from a single user sharing an IP address with legitimate users.