Unable to access publishers site - 403 forbidden

Hello,

Upon visiting https://publishers.basicattentiontoken.org/ I got a rather unexpected 403 Forbidden error. I haven’t done anything to end up in this situation and in fact, I haven’t visited the publisher website since 10th of June or so.

This looks like an IP based deny rule which targeted my IP address. The address itself hasn’t changed for a long time now. Obviously, I can’t post the address in a public forum.

• Does not work in my main profile, private session, or curl in command line - which is a different HTTP client altogether
• Works if I access the website from private session + TOR. In fact, I could authenticate just fine, so there’s no issues with my account itself.
• Oddly enough, despite returning the forbidden error, if I try to use the authentication URL under the circumstances which return the 403 error, the session is expired. This indicates that the request actually hits your application server before getting the 403 error, so it’s not your edge networking who’s denying the request.

curl -i https://publishers.basicattentiontoken.org/log-in
HTTP/1.1 403 Forbidden
Connection: keep-alive
Server: Cowboy
Content-Type: text/plain
Cache-Control: no-cache
X-Request-Id: 5a6adcf3-4482-498a-abd0-5a130d71001e
X-Runtime: 0.002242
Strict-Transport-Security: max-age=31536000; includeSubDomains
Via: 1.1 vegur
Accept-Ranges: bytes
Date: Thu, 02 Jul 2020 18:23:18 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy19258-LCY
X-Cache: MISS
X-Cache-Hits: 0
Vary: Accept-Encoding
transfer-encoding: chunked

Forbidden

By edge networking I mean Fastly. Just a simple look at the HTTP headers suggested that you may be using them, even before resolving publishers.basicattentiontoken.org to remove all doubt. I’ve been in the web business for far too long.

Please look into this.

Thanks,
Ștefan

Hey! Thanks for the great info, yesterday we deployed a change to our systems to front Fastly before access to the server.

Weirdly I do see 403’s on the log-in path, and i’m trying to track it down. Can you list the first two segments of your IP? I’m seeing some IPs but it’s hard to know if those IP addresses are valid client IPs or hitting our rate-limiting code.

Thanks for looking into this. Huh, that is weird as it expired my token, then returned 403. Anyway, DM sent with the requested info.

Hi Cory. I’m wondering if I’m affected by this. I tried to access my publisher account and it says on the top left in small print “Forbidden”. I don’t know if I’m related to this issue. I use a Macbook.

I’ve had the same for 2 days

I’ve got the same issue as well. Any web
site relating to Publishers is forbidden.

If this is what you’re seeing, then yes, this is the right thread:

Screen Shot 2020-07-04 at 19.18.361792×1088 36.6 KB

Same issue also here

When trying to login to https://publishers.basicattentiontoken.org/

I can only see the text “Forbidden”; this is now a persistent problem and I can’t login.

It’s the same why I try from home or on mobile 4G.

same it’s been like 3 days now.

After around 4 days of having this “forbidden” issue, I now have access to my publishers account. I never did anything personally to remedy this so have no explanation.

Hey there,

I’ve created an issue to investigate this here - https://github.com/brave-intl/publishers/issues/2791

If anyone else who has been affected could send me a direct message with their IP address that would be very helpful.

I have sent you a private message, also facing same issue @cory

It looks fixed to me now, thank you!

I have the same problem. Cory, I messaged you. If you solve it, I’ll be grateful to you. Thanks.

Talked too early, i’m back to forbidden…

logged in twice since then now back to forbidden message.

yes I’m still having problems my referal https://brave.com/?ref=wem909

Same issue here, i got back in and it was all working fine, next day then same again back to forbidden message. No help whatsoever

exactely what I get.