Hotel's IP blocked - should I be worried? At a hotel currently. My habit on these crappy unencrypted wifi networks is to VPN to home, but the VPN timed out and a request was sent to SF in the clear. I was greeted by a...--prophetes.ai

Hotel's IP blocked - should I be worried? At a hotel currently. My habit on these crappy unencrypted wifi networks is to VPN to home, but the VPN timed out and a request was sent to SF in the clear. I was greeted by a concerning message: > ## We're sorry... > > This IP is only allowed to access our API. > > To protect our users, we can't process requests from this IP address. > > If you believe you have reached this page in error, contact us. 1. How's that happen? Shady hotel wifi is shady, but does that mean there's been active abuse from this IP? And if there has been abuse, why are they still allowed to use the API? 2. Since my session cookie was sent in the clear through a known abusive network, just to confirm: after logging out from that session, that cookie is immediately useless, right? 3. And, since my session cookie was sent in the clear through a known abusive network, can I take this opportunity to wonder aloud what the status is on setting up SSL?

**API Only:**
We limit AWS IPs to our API only. This is because historically we had a lot of abuse from AWS and it last time I checked AWS doesn't have a static IP only block -- therefore it is easy for AWS users to morph IPs.

**Cookie Snatching:**
In theory it is possible for someone to snatch your cookie and impersonate you. As far as I know this has never happened, and we could reverse any damage they did.

**SSL:**
There is a lot of work around SSL for us. As of now, we don't have a set date for full SSL support, or if it is even something we will work towards.

When it comes to one IP per site, we would be okay with a SAN cert (multidomain cert), but because of the way wildcard certs work we would probably need to change the naming meta scheme so we could just have *.stackexchange.com wildcard cert.