[Mailman]

Originally Posted by DebF_EONNext

@Mailman it's just our security settings they are high as it ensures that our customer data is protected 😊

Not at all sure why barring VPN connections is better for data protection at all. From my end not being able to use VPN is worse for my data protection. I can connect to much more important financial sites via VPN (not even from the UK) such as HMRC.

If Eon Next is concerned so much about customer data why not use 2 factor logons (text to phone/verified email address) that are the norm on quite a few sites now for example HMRC only allowing the customer to 'remember me for 7 days' and for other some sites I have to use this is down to an hour or two max.

It matters not except that Eon Next is the only 'important' site for me that barrs VPNs.🤔

[DebF_EONNext]

@Mailman I completely get what you're saying it does seem a bit much, however a lot of "scammers" or bots will use VPN so it may be that it's easier to have a blanket stop rather than risking them getting through, I mean I don't know if that's the reason it's just where my thought process takes me! 😊

[Mailman]

@DebF_EONNext

Another way round this issue which would stop spammers posting in the boiler section is to redirect any posts from a newly created account into some kind of 'pending tray' until some time as the mods can look at the post (to see if it is genuine) and kick out the email etc of any such user that is obviously designed for clickbait. As it stands I can access this forum via VPN (with all the boiler forum clickbaits to come) but not my online account which has little/zero scope anyway to inject clickbait for spammers (unless you consider Eon's own links 😁)

Just my thoughts 👍

[ksim]

@DebF_EONNext why my home IP address was banned as VPN? But if I spin up a VPN server on AWS or Oracle cloud account works fine? I do not think EOn Next has any technology to detect VPN. It is just pretend security.

[DebF_EONNext]

@ksim Hey welcome to the community 👋

We don't ban IP addresses, however, if a VPN is detected then you will be unable to log in from this IP until it is turned off. You may also need to check your firewall settings as this can occasionally restrict your access.

Some things you can check:

• Check your VPN is switched off & firewall settings are't blocking access
• Clear all cookies and cache
• Try from another browser
• Try from another device
• Check if the issue is a problem online only / app only / both online and on app

If you've tried this and still can't log in you could try

• Reset your router
• Check if you can log in from another internet service such as using mobile data

If you find you cannot log in from another internet service and have completed all of the above get in touch with an energy specialist who can support you. How to contact E.ON Next

If however you can log in on another internet service then this is not an issue with the account itself you will need to contact your internet service provider. If you find a VPN is detected but you aren't using one then you should check your internet settings or contact your internet service provider as this wouldn't be a setting that we could change for you.

[ksim]

@DebF_EONNext

We don't ban IP addresses, however, if a VPN is detected then you will be unable to log in from this IP until it is turned off.

You definitely do, that IP was fine until the 18th July, after you started to return 403 on API requests. You have no VPN detection, you just ban IP you suspect to be VPN, As I said I set up a VPN using AWS Lightsail, and your system allows me to login. Your "VPN detection" is a simple request counter from an IP, you have no way of detecting VPN except by the VPN server IP. so everyone using CGNAT might get unlucky and stuck not be able to login. Your policy of VPN and the implementation is an embarrassment of cybersecurity industry, looks like the company IT stuff do not understand how the Internet works at all.

You may also need to check your firewall settings as this can occasionally restrict your access.

are you thinking I am stupid? no firewall can force your system to return 403, my firewall is absolutely fine, it works as expected, your support has the har file to see all the logs.

Check your VPN is switched off & firewall settings are't blocking access

VPN is off, my firewall settings are blocking what they suppose to block.

Clear all cookies and cache

neither fresh browser profile helps, as you just blocking all request to API with 403 from my IP and that is it.

Try from another device

every device in my home network has this issue, also everyone who is unlucky to share the same IPv4 address, and sure you failed to implement IPv6.

Check if the issue is a problem online only / app only / both online and on app

sure it is for both, as you are blacklisted my IP in the API

Reset your router

Make 0 sense, as the issue has nothing to do with my router.

Check if you can log in from another internet service such as using mobile data

Of course, I can, I can run up the hill, get cellular signal, and I can log in, as you blacklisted only my LitFiber IP!

get in touch with an energy specialist who can support you

no help.

If you find a VPN is detected but you aren't using one then you should check your internet settings or contact your internet service provider as this wouldn't be a setting that we could change for you.

change what? what my provider should change? Or what I should change? I know EON just blames customer for everything, but maybe for once you just go and check why the IP 188.74.124.195 which is https://www.whois.com/whois/188.74.124.195 residential broadband IP is banned? You can't even have VPN server on that address as it is CGNAT.