Why WordPress.com block IP from China?
-
Dear,
I’m currently in China, when I visit directly(not via VPN and other proxies), I just get a “Connection reset by peer” error.
But when I ping emacs.wordpress.com(I confirm that I’m not using VPN), I can access the host without timeout:
ping emacs.wordpress.com
PING lb.wordpress.com (76.74.254.123): 56 data bytes
64 bytes from 76.74.254.123: icmp_seq=0 ttl=49 time=465.215 ms
64 bytes from 76.74.254.123: icmp_seq=1 ttl=49 time=359.527 msIt seems that not the GFW of China but wordpress.com itself block IP from China, could anyone help to confirm this? Thanks in advance!
So many great articles are in wordpress.com so it’s very important for our Chinese people to visit wordpress.com, so I sincerely wish that the administrator of wordpress.com can solve this problem. Thanks.
-
What you report is the reverse of what I thought was going on. That’s why I am tagging this thread for a Staff follow-up. Please subscribe to the thread so you are notified when they respond and please be patient while waiting.
-
Howdy!
We can look into this further, but we need to know the public IP address (when not using a VPN) that you are attempting to access wordpress.com from
If possible, please also provide a traceroute from there to wordpress.com as well as the output of a curl request (with -svv) to http://wordpress.com and https://wordpress.com
Cheers
-
Sorry for late replaying. Here’s the result(not using VPN):
1) the IP I got from “ping wordpress.com” is 66.155.11.243
2) but the “traceroute wordpress.com” command results infinite stars(“*”), I wait for a least ten minutes, but the traceroute seems won’t stop at all
3) the curl command’s output are:
a) # curl -svv “http://wordpress.com”
* Adding handle: conn: 0x7fab33800800
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* – Conn 0 (0x7fab33800800) send_pipe: 1, recv_pipe: 0
* About to connect() to wordpress.com port 80 (#0)
* Trying 66.155.11.243…
* Connected to wordpress.com (66.155.11.243) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: wordpress.com
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0b) If I use “curl -svv https://wordpress.com”, I can get the right content page of the site. I found out that I can visit wordpress via https! Hooray! Thanks!
Are we supposed to visit wordpress via https?
-
No problem – unfortunately, since the traceroute returned no information, we can’t tell the IP address you’re attempting to connect from. Please let us know your router’s WAN port IP address.
-
Howdy!
On further inspection, here’s what we can infer even without the tracert details: We suspect the Chinese govt. is blocking domains with “wordpress.com” in the HTTP Host header. For SSL traffic, they can’t see what is in the HTTP Host header because it’s encrypted, so they implement IP-based blocks. Our IPs changed a bit and ‘wordpress.com’ points to different IPs than ‘blog.wordpress.com’ so some stuff will be blocked and some won’t.
Sad to say, there isn’t much we can do.
If accessing https://wordpress.com/ works, then by all means do that. Otherwise you may want to consider a VPN service.
Cheers
-
“The latest trick, carried out by activists at Great Firewall monitoring site Greatfire.org, is to upload mirrored copies of blocked sites to cloud hosting services, challenging the Great Firewall operators to block major brands like Amazon and Google cloud hosting, or allow freer access to banned material. “ http://nakedsecurity.sophos.com/2013/11/25/great-firewall-of-china-bypassed-by-cloud-mirrors/
As a workaround some have been using a VPN or proxy to access WordPress.com blogs. The following links provide some options:
https://www.intl-alliance.com/store/index.php?main_page=index&cPath=1_119
https://www.torproject.org/Some users have had luck simply by using Opera Turbo. http://www.opera.com/browser/turbo/
-
I saw a couple of places that Google could destroy the Great Firewall in a few minutes, just switch all their searches to https so the traffic is encrypted, then a person could look at a Cached page and that would be encrypted – and then see if China would blog all of Google, but then Google does a lot of business with China – so probably not happen – would not work for the dashboard, but maybe people could read more
-
Sorry for the delay. There was some errors of my VPN account, so I couldn’t visit here for several days.
I spent some hours this afternoon to summarise the problems that I encounter when try to visit WordPress, here’s what I have found:
wordpress.com has several IPs, some of them I can access from China, others I can’t. Although there are some IPs that we can’t access in China, I can always visit “https://wordpress.com” via browser(Safari, Chrome, etc.), it seems that the browsers have the ability to find out the right IP.
Here are results from my computer(without using VPN):
$ dig wordpress.com ; <<>> DiG 9.8.3-P1 <<>> wordpress.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9125 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;wordpress.com. IN A ;; ANSWER SECTION: wordpress.com. 299 IN A 192.0.82.252 wordpress.com. 299 IN A 76.74.254.126 wordpress.com. 299 IN A 66.155.11.243 ;; Query time: 28 msec ;; SERVER: 202.96.128.86#53(202.96.128.86) ;; WHEN: Thu May 8 17:51:43 2014 ;; MSG SIZE rcvd: 79$ dig www.wordpress.com ; <<>> DiG 9.8.3-P1 <<>> www.wordpress.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21075 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.wordpress.com. IN A ;; ANSWER SECTION: www.wordpress.com. 14116 IN CNAME lb.wordpress.com. lb.wordpress.com. 145 IN A 76.74.254.120 lb.wordpress.com. 145 IN A 66.155.11.238 lb.wordpress.com. 145 IN A 192.0.81.250 lb.wordpress.com. 145 IN A 76.74.254.123 lb.wordpress.com. 145 IN A 192.0.80.250 lb.wordpress.com. 145 IN A 66.155.9.238 ;; Query time: 27 msec ;; SERVER: 202.96.128.86#53(202.96.128.86) ;; WHEN: Thu May 8 17:51:57 2014 ;; MSG SIZE rcvd: 148Note: I can always access to 66.155.11.243, 66.155.11.238 and 66.155.9.238.
And Here are the traceroute results(sorry for the previous all “*” results, that’s because I didn’t know to specify to use “ICMP” protocol):
$ sudo traceroute -P ICMP wordpress.com traceroute to wordpress.com (66.155.11.243), 64 hops max, 72 byte packets 1 113.89.228.1 (113.89.228.1) 21.846 ms 17.649 ms 17.867 ms 2 113.89.228.1 (113.89.228.1) 17.551 ms 17.098 ms 17.869 ms 3 119.136.1.149 (119.136.1.149) 18.669 ms 20.606 ms 19.975 ms 4 59.40.49.90 (59.40.49.90) 25.468 ms 18.530 ms 17.812 ms 5 121.34.242.254 (121.34.242.254) 22.827 ms 22.855 ms 23.821 ms 6 202.97.33.214 (202.97.33.214) 20.491 ms 21.454 ms 24.288 ms 7 202.97.61.246 (202.97.61.246) 25.007 ms 23.362 ms 21.617 ms 8 202.97.58.230 (202.97.58.230) 194.471 ms 194.548 ms 198.059 ms 9 202.97.49.26 (202.97.49.26) 183.942 ms 180.062 ms 179.491 ms 10 chinanet-gw.peer1.net (216.187.88.253) 191.687 ms 190.750 ms 192.141 ms 11 10ge.xe-2-3-0.lax-600w-sbcor-2.peer1.net (216.187.124.121) 194.337 ms 210.415 ms 191.659 ms 12 10ge-ten1-2.dal-eqx-cor-1.peer1.net (216.187.88.131) 314.015 ms 306.967 ms 306.867 ms 13 10ge.ten3-4.dal-eqx-cor-2.peer1.net (216.187.89.193) 306.904 ms 305.957 ms 306.711 ms 14 10ge-ten2-1.atl-telx-cor-1.peer1.net (216.187.124.118) 257.733 ms 306.534 ms 307.024 ms 15 10ge-ten1-1.atl-101mar-cor-1.peer1.net (216.187.120.226) 307.121 ms 306.858 ms 306.911 ms 16 10ge.xe-1-0-0.wdc-eqx-dis-1.peer1.net (216.187.115.37) 383.832 ms 447.116 ms 512.115 ms 17 10ge.xe-3-1-0.wdc-sp225-sbcor-2.peer1.net (216.187.115.234) 264.057 ms 364.258 ms 307.680 ms 18 10ge-xe-0-0-1.wdc-sp225-sbdis-2.peer1.net (216.187.120.118) 306.275 ms 306.975 ms 307.354 ms 19 wordpress.com (66.155.11.243) 306.620 ms 259.327 ms 352.096 ms$ sudo traceroute -P ICMP www.wordpress.com traceroute: Warning: www.wordpress.com has multiple addresses; using 76.74.254.123 traceroute to lb.wordpress.com (76.74.254.123), 64 hops max, 72 byte packets 1 113.89.228.1 (113.89.228.1) 36.517 ms 38.793 ms 40.910 ms 2 113.89.228.1 (113.89.228.1) 38.628 ms 47.170 ms 33.631 ms 3 119.136.1.117 (119.136.1.117) 23.172 ms 22.898 ms 30.714 ms 4 59.40.49.90 (59.40.49.90) 44.032 ms 120.792 ms 42.635 ms 5 119.145.47.58 (119.145.47.58) 40.830 ms 40.969 ms 44.273 ms 6 202.97.33.206 (202.97.33.206) 44.005 ms 21.711 ms 20.169 ms 7 202.97.34.66 (202.97.34.66) 36.664 ms 23.516 ms 22.916 ms 8 202.97.52.154 (202.97.52.154) 179.443 ms 170.449 ms 171.921 ms 9 202.97.90.126 (202.97.90.126) 176.267 ms 178.702 ms 180.770 ms 10 chinanet-gw.peer1.net (216.187.88.253) 179.287 ms 178.307 ms 177.728 ms 11 10ge.xe-2-3-0.lax-600w-sbcor-2.peer1.net (216.187.124.121) 177.730 ms 177.392 ms 197.442 ms 12 10ge-ten1-2.dal-eqx-cor-1.peer1.net (216.187.88.131) 307.599 ms 306.461 ms 307.104 ms 13 216.187.124.39 (216.187.124.39) 306.972 ms 292.172 ms 306.814 ms 14 10ge.xe-0-0-1.sat-8500v-sbdis-1.peer1.net (216.187.124.66) 306.564 ms 305.900 ms 306.764 ms 15 (76.74.254.123) 307.199 ms 305.014 ms 212.028 msWhen not using VPN, the resulting page of “https://wordpress.com” is different from when using VPN(there is a ‘Log In’ button in the right of the top bar), and the “Log In” button in the homepage will redirect to “http://wordpress.com/wp-login.php” rather than “https://wordpress.com/wp-login.php”, since I can’t visit the non-https pages, I have to add the ‘https://’ header manually in the browser, that’s quite annoying. Quite strangely, if I visit “https://wordpress.com” without VPN, and then enable VPN, click the “Log In” button, the page will redirect to “https://wordpress.com/wp-login.php”, I’m really curious about the difference.
One more thing I have noticed: this forum(en.forums.wordpress.com) can’t use https, so the only way for me to visit here is to use VPN. Is there any plan to support https for this forum?
- The topic ‘Why WordPress.com block IP from China?’ is closed to new replies.
WordPress.com Forums 