Support

There is no such URL on our site. Moreover, we do not perform any kind of redirection. Either your ISP is doing something weird or you have some malware on your computer. This is most definitely NOT normal and NOT something that originates from our site (at least the portion that's under our, not our host's control).

Being aware of Comcast's legendary levels of bad practices I wouldn't put it past them trying to inject their JavaScript on the page and / or perform shadow redirects. Just to make sure, let's try the following, ideally from a different computer and browser without any browser extensions, antivirus or Internet security / firewall products installed. Make sure you type https://www.akeebabackup.com in your browser address bar. Make sure that HTTPS and www are used. The page should load without CAPTCHA. If it loads with the CAPTCHA please check the SSL certificate. Our certificate is an Extended Validation SSL (EV SSL) certificate issued by COMODO EV SSL with the Organization Name set to Akeeba Ltd. If you see anything else then your ISP (Comcast) is essentially performing a Man In The Middle attack which means that they can read your private communications with SSL sites like ours. If that's the case you should contact them at once.

If, however, you do get a redirect to a CAPTCHA with the valid SSL certificate I want you to tell me your IP address and the exact time and city you were in when this happened so I can talk to SiteGround. I have never heard of them doing a CAPTCHA automatically but that doesn't mean they don't have some security feature I never heard about.

This looks like something SiteGround is doing. I have demanded further information from them. I am not very happy with them right now. This is not a documented feature and they didn't ask me or inform me about it. In fact, this is an antifeature which actively interferes with the way we conduct business (providing updates to subscribers through our site). Thank you for bringing this to my attention.

I'll keep you posted once I have further information about this.

It appears that SiteGround is, indeed, responsible for this redirection. They are supposedly using an "AI" system to detect potential attacks and cause them to be redirected to a CAPTCHA page. They enabled this crap without asking or telling anyone.

The first obvious thing is that it's definitely not AI. It's just a simple filter based on a database of attack patterns. Comcast is a very popular host. Many script kiddies use it to attack sites. Therefore Comcast gets blocked by default.

The second very obvious problem they seem to have missed is that not all legitimate requests to our site come from a human-machine interface such as a browser. In fact, a good number of requests regard software downloads and updates. The immediate problem is that people see their updates failed, we think they have entered the wrong Download ID and waste our time trying to figure out what the heck is going on. In the end of the day people no longer trust us.

The third very obvious issue is that many people coming to our site get a CAPTCHA instead of our marketing material. Lost sales, here we come.

Again, thank you for the heads up. Now that we know that this thing happens we asked them to stop it.

Apparently the only way to get good, reliable hosting without surprises these days is to build and run your own server. Looks like we may have to end up wasting a not so negligible proportion of our time becoming systems administrators in the not so distant future. What can I say...

I guess that you can now also access our site just fine since I asked SiteGround to disable this feature for our account.

As to how your IP gets blocked: as I said, Comcast is a very popular ISP and there are too many script kiddies launching attacks from their computers connected to the Internet through Comcast. If you use an automated system trying to find out patterns of common attacks and block "similar" attacks it follows that you will end up blocking Comcast and other major ISPs and hosting providers.

That's the crux of the problem. SiteGround makes arbitrary assumptions about the kind of traffic hitting our sites and takes arbitrary risk management decisions without consulting the affected party (its clients). For our business, the cost of "dirty" traffic is far lower than the cost of missed sales and failed updates due to an arbitrary CAPTCHA. In fact, we have our own defenses in place to deal with "dirty" traffic both at the web server and at the web application level. It's not like we do that for a living. I'm joking. Of course we do. We develop Admin Tools which offers exactly this kind of protection and it's configurable according to our business needs.

I don't blame them for their intentions. However, the road to Hell is paved with good intentions...