Why do I get an error message that says, "Sorry, unable to complete requested action" when I try to submit an online form?
Published on: 1/7/2024
Summary: This is a unique message for transactions we block for very specific network security issues. They are almost always caused by your VPN provider assigning a risky IP address to your public-facing port. We purposely block certain IP addresses that are used by high-volume SPAMMERS and malware bad actors. This action is necessary to prevent malware from entering our system and to limit penetration attacks. This is the outermost layer of our multiple security protections. Unfortunately, normal people who use consumer-grade VPN services can get caught in this protection when the VPN service sells the use of their VPN service to bad actors. With almost all VPNs, the outward-facing IP address of the VPN hides your personal IP address. In all VPNs these outward-facing IP addresses are shared by all clients of the VPN. We have no technical way to tell the good actors from the bad once they are co-mingled onto the same IP address, so we have to ban all users of the IP address. If the VPN sells its service to one or more bad actors, the use of the shared IP address by the bad actor can pollute all users of the shared IP address provided by the VPN. Fortunately, the workaround is easy: just turn off your VPN when entering a form on our site (details below.)
Full Support Posting:
We purposely block certain IP addresses that high-volume SPAMMERS and malware bad actors use. This action is necessary to prevent malware from entering our system and limit penetration attacks.
This is the outermost layer of our security protections.
Unfortunately, normal people who use consumer-grade VPN services can also get caught in this protection when the VPN service sells the use of their VPN service to bad actors. With almost all VPNs, the outward-facing IP address of the VPN hides your personal IP address. In all VPNs these outward-facing IP addresses are shared by all clients of the VPN. Typically, thousands of people can share the same IP address. If the VPN sells its service to one or more bad actors, bad actors' malfeasance becomes associated with the shared IP address and can pollute all other users of the shared IP address provided by the VPN.
Unfortunately, obscured behind the IP address, we have no technical way to tell the good actors from the bad once they are co-mingled onto the same IP address, so we have no choice but to ban all users of the IP-polluted address.
This occurs because consumer-grade VPNs are inexpensive, making them attractive to you but also to high-volume bad actors. They become more attractive when the VPN operator does not vet its clients to weed out bad actors. Almost all professional-grade VPNs vet their clients and the clients are required to be authenticated so it is much less of an issue with more-professional services.
Since the outward-facing IP addresses provided by the VPN operators are shared, potentially by thousands of users, one bad actor can contaminate the IP address for all other legitimate users of the VPN.
We belong to an IP monitoring consortium operated by the large national and international tier-1 core Internet operators who track the use of IP addresses used by high-volume SPAMMERs (tens of millions of SPAM messages per day), cyber-criminals, malware providers and other bad actors. This is not a simple consumer-grade blocking service but one built and operated by larger network operators. To make the list, the use of the IP address must be really bad; these aren't judgment calls or even close calls. Many of the bad actors have "red notices" from INTERPOL or are Eastern European or Asian organized crime and even some state-actors. Most of the bad traffic originates overseas in areas where the laws are more "relaxed" about cybercrime. To make the bad traffic look like it comes from USA sources, the cyber-criminal passes it through a USA VPN provider using their shared IP addresses.
You come along and buy one of the VPN services that also sells to bad actors and the IP address given to you for your traffic is also used by the bad actors and you get caught up in the mess.
Our security consortium maintains the bad IP address list in real time, and our content management system (CMS) is programmatically linked to the "bad IP address" database in real time. The CMS is programmed to block any IP address on this list automatically. Also, if the IP address gets rehabilitated (removed from the list), our block in our CMS is instantly removed to allow the traffic into our network.
The low-cost consumer VPN providers are in a very competitive business with a very low-margin product. In their attempts to remain in business, the temptation to sell to anyone is great. All they really care about is that their client pays their low fee. IMHO, that is misguided but understandable. Personally, I find it ironic that a product like a VPN is sold and used to "make people safer online" is also used by some of the largest cybercriminals in the world to make them safer while doing online crime.
On our end, each of these rejected transactions is logged. In our log files, we see, "visitor's request was denied because the spam protection service reported that visitor's IP address was used by spammers."
If you ever get a transaction rejected for this reason, the workaround is simple: just turn off your VPN! By turning it off, your connection will revert to using your safe network-assigned IP address and the transaction will complete.
With our website, you don't need a VPN anyway. All transactions from all users are SSL encrypted end-to-end (from your browser to our servers and back again) using 256-bit public/private keys in both directions.
You can then turn your VPN back on after you finish your transaction with us if you wish.
We will only block your bad IP address when you try to interact with our system. If you are just browsing the website, we do not block viewing web pages until you attempt to interact with our backend servers.
Also, you can replace your VPN provider with a more professional-grade service that does not sell services to bad actors.