Need help? Check out our Support site, then


Why WordPress.com block IP from China?

  1. Dear,
    I'm currently in China, when I visit directly(not via VPN and other proxies), I just get a "Connection reset by peer" error.
    But when I ping emacs.wordpress.com(I confirm that I'm not using VPN), I can access the host without timeout:
    ping emacs.wordpress.com
    PING lb.wordpress.com (76.74.254.123): 56 data bytes
    64 bytes from 76.74.254.123: icmp_seq=0 ttl=49 time=465.215 ms
    64 bytes from 76.74.254.123: icmp_seq=1 ttl=49 time=359.527 ms

    It seems that not the GFW of China but wordpress.com itself block IP from China, could anyone help to confirm this? Thanks in advance!

    So many great articles are in wordpress.com so it's very important for our Chinese people to visit wordpress.com, so I sincerely wish that the administrator of wordpress.com can solve this problem. Thanks.

  2. What you report is the reverse of what I thought was going on. That's why I am tagging this thread for a Staff follow-up. Please subscribe to the thread so you are notified when they respond and please be patient while waiting.

  3. Howdy!

    We can look into this further, but we need to know the public IP address (when not using a VPN) that you are attempting to access wordpress.com from

    If possible, please also provide a traceroute from there to wordpress.com as well as the output of a curl request (with -svv) to http://wordpress.com and https://wordpress.com

    Cheers

  4. Sorry for late replaying. Here's the result(not using VPN):
    1) the IP I got from "ping wordpress.com" is 66.155.11.243
    2) but the "traceroute wordpress.com" command results infinite stars("*"), I wait for a least ten minutes, but the traceroute seems won't stop at all
    3) the curl command's output are:
    a) # curl -svv "http://wordpress.com"
    * Adding handle: conn: 0x7fab33800800
    * Adding handle: send: 0
    * Adding handle: recv: 0
    * Curl_addHandleToPipeline: length: 1
    * - Conn 0 (0x7fab33800800) send_pipe: 1, recv_pipe: 0
    * About to connect() to wordpress.com port 80 (#0)
    * Trying 66.155.11.243...
    * Connected to wordpress.com (66.155.11.243) port 80 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.30.0
    > Host: wordpress.com
    > Accept: */*
    >
    * Recv failure: Connection reset by peer
    * Closing connection 0

    b) If I use "curl -svv https://wordpress.com", I can get the right content page of the site. I found out that I can visit wordpress via https! Hooray! Thanks!

    Are we supposed to visit wordpress via https?

  5. No problem - unfortunately, since the traceroute returned no information, we can't tell the IP address you're attempting to connect from. Please let us know your router's WAN port IP address.

  6. Howdy!

    On further inspection, here's what we can infer even without the tracert details: We suspect the Chinese govt. is blocking domains with “wordpress.com” in the HTTP Host header. For SSL traffic, they can’t see what is in the HTTP Host header because it’s encrypted, so they implement IP-based blocks. Our IPs changed a bit and ‘wordpress.com’ points to different IPs than ‘blog.wordpress.com’ so some stuff will be blocked and some won’t.

    Sad to say, there isn’t much we can do.

    If accessing https://wordpress.com/ works, then by all means do that. Otherwise you may want to consider a VPN service.

    Cheers

  7. “The latest trick, carried out by activists at Great Firewall monitoring site Greatfire.org, is to upload mirrored copies of blocked sites to cloud hosting services, challenging the Great Firewall operators to block major brands like Amazon and Google cloud hosting, or allow freer access to banned material. “ http://nakedsecurity.sophos.com/2013/11/25/great-firewall-of-china-bypassed-by-cloud-mirrors/

    As a workaround some have been using a VPN or proxy to access WordPress.com blogs. The following links provide some options:
    https://www.intl-alliance.com/store/index.php?main_page=index&cPath=1_119
    https://www.torproject.org/

    Some users have had luck simply by using Opera Turbo. http://www.opera.com/browser/turbo/

  8. I saw a couple of places that Google could destroy the Great Firewall in a few minutes, just switch all their searches to https so the traffic is encrypted, then a person could look at a Cached page and that would be encrypted - and then see if China would blog all of Google, but then Google does a lot of business with China - so probably not happen - would not work for the dashboard, but maybe people could read more

  9. Sorry for the delay. There was some errors of my VPN account, so I couldn't visit here for several days.

    I spent some hours this afternoon to summarise the problems that I encounter when try to visit WordPress, here's what I have found:

    wordpress.com has several IPs, some of them I can access from China, others I can't. Although there are some IPs that we can't access in China, I can always visit "https://wordpress.com" via browser(Safari, Chrome, etc.), it seems that the browsers have the ability to find out the right IP.

    Here are results from my computer(without using VPN):

    $ dig wordpress.com
    
    ; <<>> DiG 9.8.3-P1 <<>> wordpress.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9125
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;wordpress.com.			IN	A
    
    ;; ANSWER SECTION:
    wordpress.com.		299	IN	A	192.0.82.252
    wordpress.com.		299	IN	A	76.74.254.126
    wordpress.com.		299	IN	A	66.155.11.243
    
    ;; Query time: 28 msec
    ;; SERVER: 202.96.128.86#53(202.96.128.86)
    ;; WHEN: Thu May  8 17:51:43 2014
    ;; MSG SIZE  rcvd: 79
    $ dig www.wordpress.com
    
    ; <<>> DiG 9.8.3-P1 <<>> www.wordpress.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21075
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;www.wordpress.com.		IN	A
    
    ;; ANSWER SECTION:
    www.wordpress.com.	14116	IN	CNAME	lb.wordpress.com.
    lb.wordpress.com.	145	IN	A	76.74.254.120
    lb.wordpress.com.	145	IN	A	66.155.11.238
    lb.wordpress.com.	145	IN	A	192.0.81.250
    lb.wordpress.com.	145	IN	A	76.74.254.123
    lb.wordpress.com.	145	IN	A	192.0.80.250
    lb.wordpress.com.	145	IN	A	66.155.9.238
    
    ;; Query time: 27 msec
    ;; SERVER: 202.96.128.86#53(202.96.128.86)
    ;; WHEN: Thu May  8 17:51:57 2014
    ;; MSG SIZE  rcvd: 148

    Note: I can always access to 66.155.11.243, 66.155.11.238 and 66.155.9.238.

    And Here are the traceroute results(sorry for the previous all "*" results, that's because I didn't know to specify to use "ICMP" protocol):

    $ sudo traceroute -P ICMP wordpress.com
    traceroute to wordpress.com (66.155.11.243), 64 hops max, 72 byte packets
     1  113.89.228.1 (113.89.228.1)  21.846 ms  17.649 ms  17.867 ms
     2  113.89.228.1 (113.89.228.1)  17.551 ms  17.098 ms  17.869 ms
     3  119.136.1.149 (119.136.1.149)  18.669 ms  20.606 ms  19.975 ms
     4  59.40.49.90 (59.40.49.90)  25.468 ms  18.530 ms  17.812 ms
     5  121.34.242.254 (121.34.242.254)  22.827 ms  22.855 ms  23.821 ms
     6  202.97.33.214 (202.97.33.214)  20.491 ms  21.454 ms  24.288 ms
     7  202.97.61.246 (202.97.61.246)  25.007 ms  23.362 ms  21.617 ms
     8  202.97.58.230 (202.97.58.230)  194.471 ms  194.548 ms  198.059 ms
     9  202.97.49.26 (202.97.49.26)  183.942 ms  180.062 ms  179.491 ms
    10  chinanet-gw.peer1.net (216.187.88.253)  191.687 ms  190.750 ms  192.141 ms
    11  10ge.xe-2-3-0.lax-600w-sbcor-2.peer1.net (216.187.124.121)  194.337 ms  210.415 ms  191.659 ms
    12  10ge-ten1-2.dal-eqx-cor-1.peer1.net (216.187.88.131)  314.015 ms  306.967 ms  306.867 ms
    13  10ge.ten3-4.dal-eqx-cor-2.peer1.net (216.187.89.193)  306.904 ms  305.957 ms  306.711 ms
    14  10ge-ten2-1.atl-telx-cor-1.peer1.net (216.187.124.118)  257.733 ms  306.534 ms  307.024 ms
    15  10ge-ten1-1.atl-101mar-cor-1.peer1.net (216.187.120.226)  307.121 ms  306.858 ms  306.911 ms
    16  10ge.xe-1-0-0.wdc-eqx-dis-1.peer1.net (216.187.115.37)  383.832 ms  447.116 ms  512.115 ms
    17  10ge.xe-3-1-0.wdc-sp225-sbcor-2.peer1.net (216.187.115.234)  264.057 ms  364.258 ms  307.680 ms
    18  10ge-xe-0-0-1.wdc-sp225-sbdis-2.peer1.net (216.187.120.118)  306.275 ms  306.975 ms  307.354 ms
    19  wordpress.com (66.155.11.243)  306.620 ms  259.327 ms  352.096 ms
    $ sudo traceroute -P ICMP www.wordpress.com
    traceroute: Warning: www.wordpress.com has multiple addresses; using 76.74.254.123
    traceroute to lb.wordpress.com (76.74.254.123), 64 hops max, 72 byte packets
     1  113.89.228.1 (113.89.228.1)  36.517 ms  38.793 ms  40.910 ms
     2  113.89.228.1 (113.89.228.1)  38.628 ms  47.170 ms  33.631 ms
     3  119.136.1.117 (119.136.1.117)  23.172 ms  22.898 ms  30.714 ms
     4  59.40.49.90 (59.40.49.90)  44.032 ms  120.792 ms  42.635 ms
     5  119.145.47.58 (119.145.47.58)  40.830 ms  40.969 ms  44.273 ms
     6  202.97.33.206 (202.97.33.206)  44.005 ms  21.711 ms  20.169 ms
     7  202.97.34.66 (202.97.34.66)  36.664 ms  23.516 ms  22.916 ms
     8  202.97.52.154 (202.97.52.154)  179.443 ms  170.449 ms  171.921 ms
     9  202.97.90.126 (202.97.90.126)  176.267 ms  178.702 ms  180.770 ms
    10  chinanet-gw.peer1.net (216.187.88.253)  179.287 ms  178.307 ms  177.728 ms
    11  10ge.xe-2-3-0.lax-600w-sbcor-2.peer1.net (216.187.124.121)  177.730 ms  177.392 ms  197.442 ms
    12  10ge-ten1-2.dal-eqx-cor-1.peer1.net (216.187.88.131)  307.599 ms  306.461 ms  307.104 ms
    13  216.187.124.39 (216.187.124.39)  306.972 ms  292.172 ms  306.814 ms
    14  10ge.xe-0-0-1.sat-8500v-sbdis-1.peer1.net (216.187.124.66)  306.564 ms  305.900 ms  306.764 ms
    15   (76.74.254.123)  307.199 ms  305.014 ms  212.028 ms

    When not using VPN, the resulting page of "https://wordpress.com" is different from when using VPN(there is a 'Log In' button in the right of the top bar), and the "Log In" button in the homepage will redirect to "http://wordpress.com/wp-login.php" rather than "https://wordpress.com/wp-login.php", since I can't visit the non-https pages, I have to add the 'https://' header manually in the browser, that's quite annoying. Quite strangely, if I visit "https://wordpress.com" without VPN, and then enable VPN, click the "Log In" button, the page will redirect to "https://wordpress.com/wp-login.php", I'm really curious about the difference.

    One more thing I have noticed: this forum(en.forums.wordpress.com) can't use https, so the only way for me to visit here is to use VPN. Is there any plan to support https for this forum?

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags