deny
-
Posts
26 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by deny
-
-
I'm surprised that MBAM does not only block exploit websites (actually not website but IP address/ IP ranges with a couple hundred/ thousand website)
but also website with suspicious content (who can take such a role to decide what is good content and what not) - without any exploit.
And the websites that supposedly cheats Clickbank or whatever - that's are again website without exploit?
I'm seriously thinking about dropping of using MBAM because of very bizarre dealing with supposedly exploits and
about the way that websites are blocked (option "website blocking" should be renamed to "IP address" blocking.
You block actually not website but you block IP addresses with thousand websites).
:angry:
-
I'm planning on finishing this particular case up today (as mentioned previously, this isn't the only case I'm working on - there's well over 3,000 others).
Hmmm.... We are 3 days later and nothing has been changed. Not at all.
-
Check out this thread http://forums.malwar...howtopic=106036
There is nothing wrong with ip-address.org and not with 290 other websites using same IP address.
I believe that there is logical problem with working of Malwarebytes for "Website blocking" options. And wonder of anyone else did complained about about it.
Instead of blocking only infected sites Malwarebytes blocking IP address and very often IP ranges. As you probably know there can be 1000 websites using same IP address or 10.000 websites using same IP ranges.
This way many innocent websites are blocked. I do not see any logic in this way of blocking.
If your neighbour did committed crime and must go to jail then it does not mean that whole neighborhood is guilty. Why to punish innocent people?
Why to punish innocent websites Malwarebytes? Change way of blocking and block exactly infected websites instead of IP addresses and IP ranges.
-
whilst downtownhost.com cleaned one of the files on the site housing the exploit, he didn't clean it properly, which left at least 2 other files still housing exploit code. He was sent another e-mail about this earlie
The last information that i have is that all the malware files are cleaned now. Can you confirm it and wonder when you gonna to release the blockade of IP address 91.215.158.80.
-
Here is evidence that you have never contacted Downtownhost (who is directly responsible for managing server related to IP address 91.215.158.80).:
---------------------------------------------------
Hello ...,
There is no issue with 91.215.158.80 and no other customer complaint about IP blockage yet.
Our data center have very restrict policy for abuse issues. If possible please tell them to send us "sheer volume of abuse logs" at support@downtownhost.com and we will take care of it.
Kind Regards,
Scott Pates
Downtownhost
-
So you are here blocking whole IP range 91.215.156.0 - 91.215.159.255. Such a way you are blocking many innocent website in whole range and i can believe it
that MB team do it in such a way.
But back to one IP address from the whole range 91.215.156.0 - 91.215.159.255, back to IP address 91.215.158.80
It looks as there is not anything wrong with IP address 91.215.158.80. If there is something wrong then show me any of the malicious site below (all using IP address 91.215.158.80) and if there is not anything wrong, then please unblock IP address 91.215.158.80.
I'm asking again and again and again to show me evidence what is wrong 91.215.158.80. Do not block 91.215.158.80 becasue of some other IP address in same IP range. You should never do it such a way. It is completely wrong.
If there is one killer who living in one city then it does not mean that all citizens in that city are killers. And logical from MB is that all citizen in that city are killers.
It is exactly what you are doint for IP ranges 91.215.156.0 - 91.215.159.255. Because of one or two or even 100 wrong IP addresses you are blocking 10.000.
List of website using 91.215.158.80
www.ibrowse-dev.net
www.wordpressthemespark.com
www.costdental.org
www.theartofslowtravel.com
www.paulsmithsuk.com
microshots.org
www.proxyserverprivacy.com
www.pangasinandentist.com
www.ip-address.org
atacsolutions.com
www.adentistfind.com
neurontin.org
itsmynortheast.com
spotceleb.com
picturenames.com
home-design-ideas.net
www.maorlevi.com
soccermust.com
www.tezeo.com
www.afhussey.co.uk
www.medcates.com
edhardypro.com
latest-business.com
medica-now.com
bopabikers.com
www.collectionbuddy.com
celebrityflux.com
www.frantroadclinic.co.uk
www.flowforums.com
fuji.drillspirits.net
unicoinvest.com
www.marasusa-apartments.com
heykessy.com
www.ant-comics.com
goalbite.com
mega-webhosting.net
indianbee.com
steltect.com
www.undercovershadows.co.uk
www.petaworld.com
www.metalcreationsuk.co.uk
www.kidviduk.com
www.xhtmltemplates.eu
www.latestdentalnews.com
www.b4lhost.com
www.youdownload.newdigest.com
www.picturenames.com
www.robertsandson.co.uk
www.hotel-penarth.com
nice-items.com
www.warpdt.co.uk
www.web2design.gr
luxusdesignideas.com
intothenightgames.com
rakebackfulltilt.net
www.somer-solvit.co.uk
www.happypaws.org.mt
blog.atacsolutions.com
www.restorick.co.uk
starmountaingems.com
www.dora-explorer.co.uk
thethird.dk
www.lazertraxx.com
www.textbookwarehouse.co.uk
luxurydecoratingideas.com
celebrity-hub.com
www.costablancawriters.com
furnitureinteriorideas.com
marckerstein.com
www.yesbluff.com
www.lazytown-mall.co.uk
www.miditracks.co.uk
www.blitzkrieg.biz
www.londoncognitivetherapy.co.uk
homefurnituredesignideas.com
lokovita.net
www.zariex.com
agniveer.org
www.airsender.com
tfroc.net
www.webio.ro
www.sunpoker.biz
gaff.tv
www.tank-engine-thomas.co.uk
www.unlockworks.com
ethnologe.com
www.800-number.net
www.worldcup2010store.info
emailfaxphone.net
popconreality.com
www.roadbangkok.com
www.heathfieldscaffolding.co.uk
joaoluis.eu
www.venteasperge-france.com
fingerspace.co.uk
ruta47.com
bawal.com
photoblog.robbysmets.be
mikehillier.com
davidecanali.com
imillardplumbingandheating.co.uk
www.bestnewspaper.info
www.meddling-kids.co.uk
pinballroulette.org.uk
simsgalerie.com
www.simcookie.com
www.paintedcakes.net
juxtaposing.com
www.freetv-home.co.uk
satori.juxtaposing.com
www.prcboardexamresultsph.com
dmr.juxtaposing.com
www.fuelbillslashed.com
www.rethymnonhotels.eu
blog.mikehillier.com
www.ink-cartridge-mall.co.uk
leadership-qualities.net
restarick.org
www.amigaf1.co.uk
siberian-larch.com
www.manilastars.com
www.forum-camioane.com
www.lovedogmusic.co.uk
www.charlie-lola.co.uk
www.simonatomarchio.net
www.senshinkai.net
www.hotels2mykonos.com
www.promeco.dk
www.shadowsradio.co.uk
drillspirits.net
www.stp.ee
uhl.juxtaposing.com
cd.juxtaposing.com
www.bestread.info
www.toll-free-numbers.org
www.informationaboutcaves.net
www.handheldgpsuk.co.cc
www.toys-4-tots.co.uk
www.deepfryershop.co.uk
www.rukino-blog.info
www.edgarcollection.com
www.yoga-mall.co.uk
www.coachhandbags.eu
www.silverprice24.info
jointproblemsdogs.com
www.cheapheadphonesuk.co.cc
www.olgartrujillo.com
comics-home.com
www.dominikfejer.com
forum.popconreality.com
applicationinterface.net
house-infrance-for-sale.com
www.indeicy-sewernoiameriki.info
some.randomhash.net
ucl.juxtaposing.com
premiumthemewordpress.net
www.getyourlogo.in
www.kontiki-bonaire.com
www.acetrategic.com
otakucy.com
pvrbugs.futaura.co.uk
www.wegdromen.be
homeluxurydesign.net
www.filmy-vam.info
photo.greenfox.ro
worldwidebarguide.com
allmovieplace.com
kero-pics.com
vpsforscrapebox.com
www.demerdzhi.info
farumkyokushin.dk
the6o.com
www.genrih-muller.info
-
I understand that
I am in touch with them, yes, and have re-sent some issues over (some have been dealt with, others haven't). I'm now collecting the issues together for them.
Not quite as simple as you'd like I'm afraid, given some of the people they're playing home to.
As mentioned, the block will be removed when the issues found, are resolved. This is also not the only case I'm working on, so isn't going to be unblocked in 5 minutes.
Thank you for reply but for myself in not clearly here why you block whole IP range?
It is IP range 91.215.156.0 - 91.215.159.255
So i have tried to access randomly chosen IP address between 91.215.156.0 - 91.215.159.255 and all of them are blocked.
You told in other thread that it is not true that you block whole range and it is hard to believe because range 91.215.156.0 - 91.215.159.255 is typical example that whole range has been blocked and there are probably 10.000 innocent website.
I'm asking again what is wrong with IP address 91.215.158.80? And if there is any malicious website then let me know which one and there will be directly action to isolate that IP address.
Isn;t that easy? But you tell every time "I am in touch with them". I can hard believe it that Downtownhost (known as excellent company) have received notice and have not do anything.
-
Malwarebytes is still blocking 91.215.158.80 It is unbelievable.
Have you contacted www.InfiniteTech.eu? Have you contacted Downtownhost (they did not have receive any note from you)?
What are doing guys here? You have not tell publicly what is issue with 91.215.158.80? And not only 91.215.158.80. There are many other IP addresses in same IP range blocked.
-
I'm drafting a follow-up to get a status report as I write this, so we can get this resolved and unblocked.
Excellent that this gonna to be resolved and unblocked.
btw
Whois Lookup show http://www.infinitetech.eu as owner of IP range. And they probably rent out dedicated server to downtownhost.com because they are directly behind server with IP address 91.215.158.80
http://www.ip-addres...er/ip-whois.php
Results for 91.215.158.80 :
Information related to '91.215.156.0 - 91.215.159.255'
inetnum: 91.215.156.0 - 91.215.159.255
netname: INFINITE-TECH-PI
descr: Infinite Technologies Internet Solutions Limited
remarks: Managed VPS, Cloud Computing & Dedicated Servers
country: NL
admin-c: IT1314-RIPE
tech-c: IT1314-RIPE
org: ORG-ITIS3-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: ITECH-MNT
mnt-domains: ITECH-MNT
mnt-routes: ITECH-MNT
remarks: =======================
remarks: www.InfiniteTech.eu
remarks: =======================
source: RIPE # Filtered
organisation: ORG-ITIS3-RIPE
org-name: Infinite Technologies Ltd
org-type: OTHER
address: www.InfiniteTech.eu
mnt-ref: ITECH-MNT
mnt-by: ITECH-MNT
source: RIPE # Filtered
role: Infinite Technologies
address: www.InfiniteTech.eu
remarks: =======================
remarks: abuse notifications to be sent only via email
abuse-mailbox: abuse@infinitetech.eu
remarks: phone, fax & email for technical support only
phone: +31 10-3400043
fax-no: +31 10-7131560
remarks: =======================
admin-c: IT1314-RIPE
tech-c: IT1314-RIPE
nic-hdl: IT1314-RIPE
mnt-by: ITECH-MNT
source: RIPE # Filtered
% Information related to '91.215.158.0/23AS16265'
route: 91.215.158.0/23
descr: Infinite Technologies
origin: AS16265
remarks: Infinite Technologies
mnt-by: OCOM-MNT
source: RIPE # Filtered
% Information related to '91.215.156.0/22AS16265'
route: 91.215.156.0/22
descr: Infinite Technologies
origin: AS16265
mnt-by: OCOM-MNT
source: RIPE # Filtered
-
The issues were reported on the same day they were found.
To WorldStream.nl (i guess) or to Downtownhost.com?
-
http://www.ip-address.org/tracer/ip-whois.php show that IP-address.org use as nameservers
Name Server:EU1.DOWNTOWNHOST.COM
Name Server:EU2.DOWNTOWNHOST.COM
I guess that you must know where is exactly abuse. (Web site that have been exploited on the server)
If you contact webhosting company DOWNTOWNHOST.COM - http://downtownhost.com/
then i'm sure that they will remove exploit directly.
If you do not have time let me know and i will contact them regarding exploit and issue with MB.
-
IP-address.org accidentally blocked for sure. Further investigation for IP address 91.215.158.80 show that this IP address is not listed on any website as suspicious IP Address.
So hopefully you will unblock this IP address soon.
-
The way of malicious website blocking with MB is wrong.
Instead of blocking single IP address MB block whole range. So anything within range will be blocked and there are sometime more than
10 thousand innocent website.
-
Just wonder why is 91.215.158.80 blocked. Actually whole range 91.215.158.0/23 seems to be blocked.
I use http://ww.ip-address.org every day and it looks as they have changed location their server (IP address of the site is now 91.215.158.8) and now surprisely this site is blocked becasue you are probably blocking whole range because of some another site.
According to http://www.ipaddresslocation.org they are other 180 website that use same IP address 91.215.158.80:
IP-Address.org is my favour IP tracking website and can someone clarify me what is wrong with IP range 91.215.158.0/23?
Why you can not filter out inoccent website from MB web scanner?
The way how MB works right now is not good at all.
-
I've just received positive answer from F-secure team that this is false positive.
Anyway i have attached this file for you so that you can investigate it and confirm that it is false positive.
cheers
-
It is old problem with Malwarebytes and big disadvantage of IP protection. Tha;s way i have disabled IP protection feature as it is more annoying than useful.
As you usually know on one IP address (server) are usually hosted a couple hundred web sites. If only one site from a couple hundred has been hacked of cracked or whatever program will block all other innocent site's.
-
Stagevu.com IP- 95.211.11.165
Got-talents.com IP- 64.202.189.170
You are not only one. If you make you frustrated then simple disable IP protection. I did it to.
-
If you would please, could you provide more info regarding the "Piradius range" and possibly its negative impact.
124.217.238.75 is Malaysian IP address and belong to Piradius net organization.
IP ranges are 124.217.224.0 - 124.217.255.255
According to Reverse IP lookup there is only one site that use Malaysian IP address 124.217.238.75 and it is chattchitto.com.
So if IP address 124.217.238.75 is not blocked then is whole IP range 124.217.224.0 - 124.217.255.255 blocked.
-
Just to add what exile360 stated:
It is a common practice for developers to make quick fixes due to demand from users as quick registry modifications like what the team in Malwarebytes did.
Sure. It is a common practice in first days after new release but it is difficult to understand why is quick fix given to us after a couple weeks? It was more than enough time for developers to implement such a option within program instead of giving us option to play it with registry?
All software developers that I deal with make these sorts of fixes. They are quick and most likely fix the issues at hand, and it allows them to come up with the fixes almost immediately. Then the fix comes out on the new release at a later time.anyway just my 2 cents worth.....
You have right Firefox but "the new release at a later time" seems to be very late here. Since implementing of IP protection there are two new builds of Malware's released.
-
@ deny
quote from AdvancedSetup:
Registry Switches for Controlling IP-Blocking in MBAM 1.41
Create the indicated registry value (labeled as key | value) with the indicated data and reboot to enforce the policies below. All of the values are of type DWORD. In order to create a registry value, open the Registry Editor (Start -> Run -> regedit), navigate to the key listed, and then right-click in the right-hand panel and choose New -> DWORD.
1) HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware | silentipmode
Description: With a DWORD value of 1, the protection module will block and log IPs silently.
2) HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware | startipdisabled
Description: With a DWORD value of 1, IP blocking will start disabled on reboot, although it can be enabled subsequently.
3) HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware | disableipblocking
Description: With a DWORD value of 1, IP blocking will be permanently disabled (cannot be toggled).
Thanks for help but...
Instead of giving us options with new version where you as developer can implement what i have asked, malwarebytes teams give us options to play self with registry.
It is difficult to understand such a behaviour for myself and probably many others.
-
If Malwarebytes pop-up prompt with Infection Detected: 88.214.226.32 (or with any other IP address) then any average user will scare and ask what's wrong here? Infection or not?
I think that giving such a warning with Infection Detected without providing any information;s is ridiculous. Probably most adequate will be possible threat from IP address xxx.xxx.xxx..xxx detected. IP address is on black list because of ... but Infection detected (in this situation false positive) does not make any sense.
After more than 1 month nothing has been changed at all. IP address 88.214.226.32 is still blocked.
It will be good that we have option to disable IP protection permanently. Right now is annoying that we must to disable IP protection each time by restarting system!?
I still do not like IP protection option and would like to disable it permanently. Please give us option for it.
-
The team is working on the IP blocking feature. As any new feature, the first release is always the one that gives most work.
The warning isn't ridiculous though, considered globally.
If Malwarebytes pop-up prompt with Infection Detected: 88.214.226.32 (or with any other IP address) then any average user will scare and ask what's wrong here? Infection or not?
I think that giving such a warning with Infection Detected without providing any information;s is ridiculous. Probably most adequate will be possible threat from IP address xxx.xxx.xxx..xxx detected. IP address is on black list because of ... but Infection detected (in this situation false positive) does not make any sense.
-
I have just found that 88.214.226.32 is related to seoquake.com legitimate add on to Firefox and i think that this warning is ridiculous.
-
It will be good to give description what is wrong with certain IP address and why. Right we have not any information;s.
91.215.158.62 false positive
in Website Blocking
Posted
I'm employee of IP-address.org. We have new unique IP address 91.215.158.62.
Domain: IP-address.org
IP Address: 91.215.158.62
IP Host: 91.215.158.62
I would like to request you to unblock IP address 91.215.158.62
Thanks