Forum completely inaccessible in Brazil (Error 403 Forbidden)

[VictorFS]

I apologize for creating a new thread on the same subject covered in "An error occurred while the page was being generated". I replied to the thread but didn't get a response. I really need help.

The issue is: I'm from Brazil, and I can't access the forum. It tried to access it from home, from work and from my mobile phone. All different IP addresses, devices, internet providers and browsers. I always get the "Error 403 - Forbidden" message. It seems like the IP ban currently active to prevent bots from spamming the forum is also blocking many legitimate accesses and forum users. The only way I am being able to even post this is using a VPN hosted outside Brazil.

I kindly ask you to evaluate an alternative to the current IP blocking solution, as the current situation is making my work very difficult. I work and develop with Teensy microcontrollers on a daily basis and the forum is often the only source of information for Teensy-related matters. I have already used close to 1000 Teensy units in our products.

Thank you in advance for your help

 

[kd5rxt-mark]

Unless & until this changes, could you try using a VPN where the server is in a region other than Brazil ??

Mark J Culross
KD5RXT

 

[VictorFS]

Unfortunately, I have limitations in using a VPN on my work computer, where I do most of Teensy related work. I am being able to post in this forum with my phone using a free VPN app only, not the ideal situation.

 

[VictorFS]

As of today, August 26, 2025, Teensy forum is still inaccessible from anywhere here in my city in Brazil . It doesn't matter if its in my home, work, gym wifi, cell network, all blocked. "Error 403 - Forbidden" message is shown.

I can't help but feel left out by the Teensy community. The spam attack that PJRC was receiving months ago and caused the IP blocks isn't over yet? Couldn't any other solution be tried instead of completely blocking all users from a whole country from accessing the forum? @PaulStoffregen , could you please review this case again and see if anything can be done?

 

[HLC123]

An error occurred while the page was being generated". I replied to the thread but didn't get a response. I really need help.

The issue is: I'm from Brazil, and I can't access the forum. It tried to access it from home, from work and from my mobile phone. All different IP addresses, devices, internet providers and browsers. I always get the "Error 403 - Forbidden" message. It seems like the IP ban currently active to prevent bots from spamming the forum is also blocking many legitimate accesses and forum users. The only way I am being able to even post this is using a VPN hosted outside Brazil.

View attachment 37722

I kindly ask you to evaluate an alternative to the current IP blocking solution, as the current situation is making my work very difficult. I work and develop with Teensy microcontrollers on a daily basis and the forum is often the only source of information for Teensy-related matters. I have already used close to 1000 Teensy units in our products.

Thank you in advance for your help

It seems the forum's IP blocking is indeed blocking your normal access. Since you can log in normally using a VPN, the problem is likely with the forum's blocking rules. Your best bet is to contact the forum administrator directly, explain the situation (region, error code, number of Teensy devices you're using), and ask them to adjust or whitelist your account.

 

[PaulStoffregen]

@PaulStoffregen , could you please review this case again and see if anything can be done?

I looked at the server log files just now. We're still getting a lot of bot traffic, but it's currently at a pace the server can manage. Some of the access is *still* from the botnet that took down the forum on May 27, 2025, repeatedly trying to fetch pages over and over even though we've been answering all their accesses with 403 errors since June.

This forum is hosted from a single dedicated server (no other websites) running with a quad core Intel Xeon E3-1230 v6 processor, 16 GB RAM, and SSD storage. It can handle quite a lot of traffic since the entire server is dedicated only to this forum. Log file shows yesterday we got 454,771 accesses, which is pretty typical and well within the server's capacity. Sometimes we may run slowly, but the site stays up and usually responds promptly.

But our server is not a big cloud platform like Amazon Web Services. We just can't handle a huge amount of traffic those botnets generate when every request runs PHP and that PHP code makes several database queries just to run the site and generate a page which says an IP address was banned. I hope you can understand my reluctance to fully remove the blocking that returns 403 errors. Without the low overhead of a 403 error for the networks which launch large attacks, a huge surge in botnet traffic overwhelmes the server as happened on May 27, effectively taking the whole site down for everyone.

We're currently blocking about 2 dozen large networks with 403 errors. If you tell me the IPv4 address of your computer when it gets the 403 error (use What Is My IP Address to check), I can try unblocking part or all of its network. But please understand we're doing this 403 blocking because a huge attack (about half a million IP addresses all accessing the site quickly) took the whole forum down. If we get that kind of traffic again, I'm afraid the viable choice is ultimately blocking the networks hosting such abusive botnets.

 

[VictorFS]

Hi Paul, thank you for the reply and in depth explanation. Below are some IPs I have when I try to access the forum and get the 403 error. Please note that those may change, as my ISP provided dynamic IPs and everytime the modem is switched on, a new IP can be assigned. The list includes some IPs from home, work and mobile.

179.177.167.150
179.102.141.56
179.102.128.115
177.97.123.62

Please, check if its possible to unblock those IPs ranges.

 

[KaoH]

Would Apache mod_evasive module work for blocking "lot of bot traffic"? Then further ban ip address with fail2ban. This would be dynamic.

I've done similar with NGINX and limit_req_zone throttling (+fail2ban) when some unusual amount of traffic came from several hundred ip addresses. It worked / works very well. I think mod_evasive is similar but for Apache.

 

[PaulStoffregen]

I've disabled blocking for some of the large netblocks. Hopefully it will allow you to access the forum without VPN.

Would Apache mod_evasive module work for blocking "lot of bot traffic"?

Maybe, but this description from its documentation doesn't inspire confidence.

HOW IT WORKS

A web hit request comes in. The following steps take place:

- The IP address of the requestor is looked up on the temporary blacklist
- The IP address of the requestor and the URI are both hashed into a "key".
A lookup is performed in the listener's internal hash table to determine
if the same host has requested this page more than once within the past
1 second.
- The IP address of the requestor is hashed into a "key".
A lookup is performed in the listerner's internal hash table to determine
if the same host has requested more than 50 objects within the past
second (from the same child).

Sadly mod_evasive doesn't sound like a good fit for the massive traffic that took the site down a few months ago. The botnet was using such a vast number of IP addresses that no single IP address would trigger these detection mechanisms. I'm pretty sure the botnet operators design for these sorts of countermeasures. Every individual address made only dozens of requests, usually over a minute or two. But the combined total exceeded the server's capacity, causing the site to respond very slowly for everyone and even took the forum down. To be effective against such a massively distributed botnet, you need to get a large portion of all the requests answering an efficient 403. If you allow 50 requests which run PHP 50 times and each PHP instance generates several mysql queries, multiplied by the botnet using over 100,000 unique IP addresses, you suffer the too-high load problem. What's needed under that sort of attack is a way to immediately and efficiently block a large portion of all the botnet traffic, before it's able to bring the server to its knees.

 

[KaoH]

Every individual address made only dozens of requests, usually over a minute or two.

I think you are right. mod_evasive probably would not work in this case. It would work if they would come within seconds. Maybe some longer fail2ban jail could help but I see you have tried something like that.

If you are using PHP-FPM you could check that the number of child processes is not too high as all PHP processes take CPU and memory. When memory runs out, the server goes, not only slow and unresponsive for visitors, but down.

I've seen Cloudflare to be used for something like this but never used it myself.