Second build sold out. Message will appear here when store is ready for third build ordering.

KiwiSDR unable to login with SDR.HU [caused by new Comcast/Xfinity "advanced security" feature]

Hello everyone, I have had a login issue with my KiwiSDR being unable (virtually) to connect to SDR.HU rendering it invisible to the world at large. It's been going for about three weeks, but I really haven't had the time to get this worked out for numerous reasons. Other than that, the installation works fine and has been doing so for over a year up to this point.

The log tells me that it is able to login to KIWISDR.COM without fail, but not the SDR.HU main site. And so all day long it tries to login and can't connect. I can connect through my local network, stray visitors have showed up via saved IP (I guess), but it still doesn't show up on the map.

I did make a Mode change in moving to three channels instead of four; a mode reset back to four receivers today resulted in a successful login with SDR.HU for about an hour, before losing the connection. Manually trying to reconnect to SDR.HU has failed so far. Firewalls at all levels are and have been set correctly for port forwarding. I'm on Comcast here in the States for my ISP; haven't heard of any security changes from them, but they are Comcast...

Vitals: v1.383, http://71.197.249.8:8073

Brendan WA7HL

Comments

  • jksjks
    edited April 2020
    but it still doesn't show up on the map

    Which map? rx.linkfanel.net (aka map.kiwisdr.com)? Or the map section of sdr.hu?
    If your Kiwi is listed on kiwisdr.com/public (aka rx.kiwisdr.com) then it should appear on the rx.linkfanel.net map since the kiwisdr.com listing site is where linkfanel.net gets its data from currently.

    As you point out sdr.hu is an entirely independent (and now optional) registration path. It is quite possible that there might be an intermittent connection issue with sdr.hu, yet people are still finding your Kiwi via {rx,map}.kiwisdr.com rather than saved browser history.

    What exact error message is sdr.hu returning in the log when the registration attempts from your Kiwi fail?

    Update: I'll answer my own question. Your Kiwi is reporting this:
    Wed Apr  1 01:57:01 00:49:07.685 ....      sdr.hu registration: DOWN
    
    So that's a problem we've seen from sdr.hu before. And it's something Andras will have to fix since we have no control over his site.
    Brendan_W
  • It doesn't show on either map for me, RX.LINKFANEL.NET or SDR.HU. Your map has intermittently shown my rcvr when I've tried to reconnect both servers, but it doesn't last long either. Log shows consistently that KIWISDR.NET is logging in fine, but again, the map doesn't reflect that. I prefer the RX.LINKFANEL.NET/KIWI.SDR map anyway: easier to get to and simpler than Andras'. I've no problem with sending this on to the SDR.HU side, but since it affects both for me at least, I thought I'd try here.
    Many, many thanks for all your work by the way, I truly appreciate the KiwiSDR project.
  • jksjks
    edited April 2020
    At the moment I can't connect to http://71.197.249.8:8073
    It just times out. If you hover over your purple icon on rx.linkfanel.net it says "Last online: 7 hours ago".

    So I think you've got incoming connectivity problems. Now I was able to get in fine an hour ago to check your log messages. So it hasn't been completely down. On the admin "network" tab if you click the "check open port" button do you get a status of "YES" to either of those paths? That button makes a request to kiwisdr.com to check connectivity to your Kiwi (in the incoming direction) using both the DNS-based and IP-based paths.
    Brendan_W
  • No, not getting YES, getting this: "http://71.197.249.8:8073 :Error checking port status" twice. I did see the purple flag on my rcvr, that first showed as actively online, then going off after an hour or so while I was making dinner. Is this more like my ISP connection is giving me problems versus anything else? I checked the port status for our cable system, and it's open for both this port and IP specifically as it has been. Been going back and forth on this at this end for a while and it's getting on my nerves now that I'm cooped up at home.
  • From the two seconds connection I managed looks like a nice view, super quiet location.
    That to me, feels like a firewall somewhere (ISP?)
    I connected from one PC then remembered I'd have audio issues there so connected from another very quickly. got a few seconds then timeout.
    "Feels like Firewall" because I made two fast incoming connections and then it would not talk to either browser again for a few minutes then got another couple of seconds connection.

    Ping seems pretty stable so doesn't look like loading / network breaks
    50 packets transmitted, 50 received, 0% packet loss, time 108ms
    rtt min/avg/max/mdev = 181.104/185.854/190.107/2.152 ms

    I'd see if your ISP offers security as part of it's standard network features and, if it does, see if you can allow a service or lower the general level - with obvious caveats for don't lower your ISP security unless you have a good local router/firewall.

    As for cooped up at home, with that view! Pah.

    73 Stu
    Brendan_W
  • FWIW, I had very similar symptoms when Comcast/Xfinity (US cable ISP) changed to a new on-line administration tool for my router. They 'kindly' added something that must be akin to an iptables entry at their gateway which flagged all the kiwi traffic as 'malicious' or a threat and blocked it. I got the same error as you. This seemed to come and go, per some algorithm that I couldn't discern. After several hours on the phone (with someone in the Phillipines) I found the sub-menu on the web site which let me revert the security settings to avoid them shutting down access.

    I don't know if this is related to your cause or not, but I thought it might be helpful.

    Glenn n6gn
    Brendan_W
  • Hi Stu and Glenn, Thank you both for investigating, I truly appreciate the sleuthing. Bitching about the virus while having this view is just sour grapes on my part, and it really isn't that bad. BUT, I'm caregiving for my 90 year parents, so it's still a bit wearing and we've already been isolating ourselves for nearly a month so far.

    Yes, Comcast is the ISP here, and I'm thinking it's them. I went into our main account settings a couple of weeks ago and found a (new to me) security setup that didn't exist before, where I added the Kiwi 8073 IP and port. This was a new requirement/capability from them, as it previously operated very nicely without my having to do that. Not a damn thing changed after that 'fix' on this end, so I assumed it wasn't them.

    I think I know what I'm going to have to do today...
    Thanks to everyone, 73 for now,
    Brendan
  • Glenn - you were correct! Comcast/Xfinity implemented "Advanced Security" across its' system in the past couple of months. I found an implementation announcement in our Comcast email, which no one ever reads of course. Yes, it's in a sub-menu under "More" on the XFi menu system. I should say it's a sub-menu of a sub-menu of a sub-menu, and not all easy to find. A FAQ question led me to it in the end. They definitely don't want you to have a device with open ports nor make it easy for you to turn this BS off. Typical Comcast action.

    The receiver had already hooked up when I got to look at the admin pages: YES!!!

    Thanks to everyone for the suggestions and kibitzing.
    Powernumpty
  • jksjks
    edited April 2020
    Thanks Brendan and everyone who contributed. Documenting these investigations is so important because now when someone reports a vaguely similar problem far in the future a little alarm bell will go off in the back of our heads and we'll ask "Oh, does your ISP happen to be Comcast? :/ ".
    Brendan_W
  • Wow that's a clean VLF/LF/MW spectrum from that 60m dipole. You must have ditched/upgraded all the SMPSs at your place. It's funny to see Jim Creek sitting +20 dB over a flat spectrum. Did you see that you have a beeper with a little bit of frequency wander on 176.65 kHz? I've always wondered if these were leftover LoJack systems before they moved to VHF. Maybe just NFC/ISM stuff? Will never know I suppose.
    Brendan_W
  • They are rather notorious for typically implementing changes that screw it all up. A bit like MS, in retrospect. One other thing: while this "Advanced Security" was in effect, I couldn't log into KiwiSDR.com either. My browser (FF) acted like it was a DNS error, and couldn't find it. A strange linkage on this end.

    Perhaps next year I'll be visiting the Antipodes: a niece is at Uni Otago in Dunedin and she deserves a visit from her uncle. I was thinking about doing it this year, but that is no longer 'on' for obvious reasons. NZ has been on my travel list for years, and I'll be across the pond soon enough.
  • HA! That 176 signal is probably my Qi charger in idle. You should see the charging data appear when powered up, that thing leaks all over LF and into MW. NFC on my smartphone beacons very visibly on 13560 or so in the ISM band. For obvious reasons, I only use the charger at night when I'm asleep, and NFC never at home. I found as many old linear PS's as I could to power stuff, and threw in some ferrites of course. At least you've seen it when the washing machine isn't running, which is going to require a big ferrite on the AC. When I first saw it on HF I thought the radio apocalypse had occurred.
  • edited April 2020
    For future reference for we American types, here are the Comcast/Xfinity menu selections to allow a KiwiSDR through their system.

    1. Go to Xfinity's website, login, select the "XFi" (WiFi) menu.
    2. Select the tab marked "More."
    3. Select the "My Services" tab.
    4. "Advanced Security" should be the only service listed, click to disable.
    5. Exit.

    This info accurate as of 02 April 2020.


    Tags: #Comcast #Xfinity #KiwiSDR #ISP #connection #trouble
    WA2ZKDPowernumpty
  • Brendan,

    what is all that noise you have around 5 MHz?
  • I thought I knew all the usual suspects sources I hadn't killed yet. While trying to blame that noise on a neighbor's LED lights just now, I realized it's a LED TV in the house. We haven't used that set much, but right now it's being used a lot more. Damn, gotta get the ferrites out!
  • Brendan_W: Your Comcast/Xfinity fix above didn't work for me. I disabled security, and set up a port forward for 8073 and my KiwiSDR still will not show up for the public. I have learned that people who have complained to Xfinity about this same problem are being told to just get their own routers!
  • Be careful that their "Advanced Security" (https://internet.xfinity.com/connect) is not enabled. It ends up blacklisting multiple sites that are necessary! Everything quit for me when I enabled it and it took a while to figure out how "helpful" they were being to protect me...
Sign In or Register to comment.